The $6trn importance of security standards and regulation in the IoT era

Digital encrypted Lock with data multilayers. Internet Security

We live in an era of digital transformation where more and more devices are connecting to bring new and innovative levels of service and efficiency. This transformation spans across all markets and the rate of progress is breath-taking, says David Maidment, director, secure device ecosystem at Arm.

This change brings huge benefits, but it also brings threats in the shape of an expanding cybercrime footprint. Every connected device is a hack potential. Rather than attacking traditional IT equipment, the cybercrime threats start to move to all aspects of our lives.

$6 trillion (€5.37 trillion) cybercrime

It is predicted that by 2021 there will already be US$6 trillion (€5.37 trillion) of cybercrime damage (Source: Cybersecurity Ventures Official Annual Cybercrime Report), which is a staggering number pinned against financial loss for businesses, without considering the damage to reputation and other harder-to-measure statistics.

When you pair this with an estimated average of 5,400 attacks on Internet of Things (IoT) devices every month (Symantec Internet Security Threat Report 2019) it’s clear to see why security standards have been rapidly evolving in the last 12 months. The cost of inaction is huge and ignoring security requirements isn’t an option. Governments, businesses and consumers across the world are starting to pay attention to this and look to the electronics industry for solutions.

As 5G connectivity expands, and we move towards a world of a trillion connected devices, government and industrial bodies are looking to implement preventative measures to protect against security vulnerabilities. It is now fundamental that every device is being designed securely from the outset and business processes have security in mind. Whether you have already embraced IoT, you’re exploring implementing it into your business, or you’re building the devices that will power this movement, there are crucial steps you should be taking to build assurance with customers, while also protecting your finances and brand.

 Security laws and standards

A number of governments have taken action to protect businesses and consumers, with laws and standards in place such as ETSI 303 645 (Cyber Security for Consumer Internet of Things)California State Law (SB-327) and NISTIR 8259 (Core Cybersecurity Feature Baseline for Securable IoT Devices). All of these provide guidance on how devices should be protected, from good password practice, all the way down to cryptography, audit logging and other security protocols.

This means that industries that have historically been unregulated are moving towards more self-regulation, which in turn is slowly becoming law. If you’re naive to these standards and are creating, or deploying, insecure devices into your business, you could find that the devices are pulled from operation hindering the way your business is running, but also cutting the revenue streams you depend on.

How can you protect your business?

With all this in mind, how can you successfully navigate the regulations that may impose rules for your business in the future? First and foremost, you should follow advice from a trusted source. All the regulations coming to market use different wording, have slightly different requirements and guidance. You’ll need an approach that is scalable and understandable, especially if you’re a worldwide business that works in multiple markets.

David Maidment

This is where many experts agree that a common framework of security best practice is really important, offering technical support to companies, but also a common language that everyone can understand and execute against. Independent schemes are already available and seeing fast adoption, such as PSA Certified which is being recommended by government guidelines, including the National Institute of Standards and Technology in the US.

It offers a framework to secure devices and an assurance scheme to check it’s being implemented correctly. A key element of what is offered is a mapping across key standards in various geographical locations. This gives you a checklist to implement security against if you’re creating devices, or to be looking out for when you’re procuring devices for your company.

Adopt a security framework

Whatever your approach, it’s critical that a framework for security best practice is adopted in your business and that security is never forgotten. Security isn’t a ‘one-and-done’ endeavour and companies must stay vigilant as the threat landscape continues to change. It’s positive to see security standards and regulations already in place, but for the IoT to really take off, we need to combat the lack of security validation of IoT devices and ensure trust is built in at the heart.

The author is David Maidment, director, secure device ecosystem at Arm.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Global industry accelerating IoT adoption in response to Covid-19, new Inmarsat research reveals

Posted on: September 22, 2021

New research by Inmarsat, the provider of global mobile satellite communications, reveals a rapid increase in the maturity level of organisations adopting the industrial Internet of Things (IoT) since the start of the Covid-19 pandemic. Respondents drawn from multiple industries also reported that Covid-19 has demonstrated the importance of IoT to their businesses, with many accelerating

Read more

Nutanix cloud platform breaks down silos in hybrid multicloud operations

Posted on: September 22, 2021

Nutanix, a provider of hybrid multicloud computing, announced new features in the Nutanix Cloud Platform, including the launch of AOS version 6 software, to help enterprises build modern, software-defined data centres and speed their hybrid multicloud deployments.

Read more