Yash Mehta, a globally recognized and influential expert on Big Data, machine-to-machine communications and IoT argues that user confidence in the security of Internet of Things applications can only be achieved by expanding open source installations for public and critical infrastructure.
Internet of Things: exciting and practical
IoT-enabled devices have proven to be very useful and interesting supporters in everyday life. Anyone who has once become accustomed to fitness trackers, voice assistants, networked surveillance, smart lighting and heat, or smart real estate technology would hardly want to do without them. Analysts estimate that the number of IoT end devices could increase fivefold to 75 billion by 2025.
IoT: risks included
But with the introduction of mobile digital assistants, it became clear to many users that the integration of this technology into everyday life could also entail certain risks. Unintentional product orders placed by children who were not actually capable of doing business via devices that were constantly connected to the Internet, which were exploited in the media, were perhaps still entertaining at first. Unauthorized recordings of private conversations, which were analyzed by call center employees on the providers’ overseas servers to determine whether they could be used for advertising purposes, caused mixed feelings among many people.
Ripple: Hundreds of millions of IoT devices unsecured
The exposure of the Ripple deficiencies has also clearly shown that the security problems for IoT could run much deeper than many may realize. Parts of the infrastructure on which the Internet of Things runs are based on a library that was developed as recently as the twentieth century. At least 19 vulnerabilities have been identified in it, which could not only provide possible points of attack. Analysts also assume that they will continue to be installed unpatched in the latest systems. Target applications for these predetermined breaking points are found not only in private modules, but also in very sensitive areas such as industry, the healthcare system and even in aircraft technology
This also reveals a fundamental problem with the IoT boom. In an effort to meet the growing demand for Internet of Things technology, manufacturers are bringing new devices to market at ever shorter intervals. Due to constant time and price pressures, mostly elaborate and cost-intensive security checks are being dispensed with, to the detriment of users. Technical laymen, which is likely to be the case for many end users, are not in a position to recognize possible security threats on their own.
Problem identified – problem solved?
This requires experienced and superordinate bodies to take care of the matter. In the Eu, Australia and the United States, regulations have been issued in recent years to help limit these risks. In Europe, all end devices that can process personal data have been made subject to the General Data Protection Regulation. In the USA, a number of Iot-specific security laws have been enacted, and in Australia efforts are being made to promote certification of this technology.
Government influence ineffective?
What is problematic about these regulations, however, is that they could undermine past successes in this segment and make future ones more difficult. Some developers and manufacturers are already complaining about an overbearing regulatory apparatus that has the potential to stifle further innovation. There is also always the possibility of subsequent changes to device settings, e.g., through updates, which is likely to torpedo pre-established security regulations. In addition, the nature of the IoT structure makes it difficult to sustainably enforce these legal requirements. An often unmanageable number of parties, both domestic and foreign, are involved in the production and distribution of these goods and services. In addition to sensor developers, hardware and software OEMs, mobile network providers are also on board, among others.
Open source as a way out
Yash Mehta is convinced that open source applications for public institutions and critical infrastructure can help resolve these tangles of sometimes divergent requirements. On the one hand, they can meet the growing demand of citizens and their societies for secure, transparent and cost-effective networked systems. On the other hand, they also offer companies the opportunity for new business fields in the maintenance, expansion and development of the facilities. This could help regain confidence in this technology from the early days, which were clouded by some proprietary solutions with unreliable support.
Users who have insight into the structures that they themselves use and can also improve are more willing to support technical evolutions. Governments and institutions that provide a clearly visible digital account of their decisions at all times gain internal and external support and can strengthen social cohesion. In addition, the constant verifiability of the publicly used codes by analysts can constantly minimize the risk of attacks on the system. According to the industry expert, the goal should be an open source society that reclaims the Internet from a few monopolists in order to shape it jointly and for the benefit of all.