Can legislation save IoT security?

Introduction: The state of IoT security

As noted in a Gemalto report on the State of IoT Security, it was found that almost half of companies couldn’t tell if their IoT devices had been hacked. The statistics on cybersecurity threats and incidents with IoT in the chain at some point makes depressing reading.

And it’s not like we haven’t had plenty of time to get our ducks in a row. The modern concept of the IoT has been in the mass marketplace for at least six years. The idea of a connected device goes back to at least 1999, when Electrolux announced the Screenfridge, an “Internet refrigerator.”

One thing that jumps out of the Gemalto report is that over three-quarters of organizations want governments to wade in with legislation on IoT security.

To this end, governments are beginning to wake up and connect the Internet dots. Legislation is afoot. Here, we look at two recent exercises in legislating for IoT security.

The UK and IoT security

Ofcom, a UK industry watchdog, performed a study in 2018 into the Internet-connected habits of UK residents. They found that 42 percent of households had a smart TV and 20 percent used IoT wearables. However, the UK industry body techUK showed a dark cloud forming over the IoT marketplace in the UK. TechUK’s consumer survey showed that cybersecurity and privacy concerns related to IoT devices were stifling IoT device purchase decisions.

The UK government has responded with the “Department for Digital, Culture, Media & Sport” (DDCMS), releasing a consultation paper for IoT security legislation on May 1st. Prior to the paper, the DDCMS and the National Cyber Security Centre (NCSC) created a Code of Practice for Consumer IoT Security.  The practice guidelines set out a list of 13 best practices in IoT (Read more...)