From the Internet of Everything to the Security of Everything

smart home iotConnected devices flooded the market, offering a gadget for almost anything you can think of, even your lightbulbs. Per Deloitte, “US households have an average of 11 connected devices, including seven smart screens to view content.” Alexa, Google Home, Ring Doorbell, Nest thermostat, security cameras, baby monitors, smartwatches, and TVs, the list goes on. Smart devices offer convenience and, in some cases, the opportunity to cut costs.

Some years ago, Cisco had the following vision: “The Internet of Everything (IoE) brings together people, process, data, and things to make networked connections more relevant and valuable than ever before — turning information into actions that create new capabilities, richer experiences.” This vision now holds true more than ever – most everything is connected to the internet, and household items are getting smarter.  To better serve the users, connected devices are gathering and transmitting huge amounts of data. With convenience and opportunities come questions of privacy and the growing issue of security. 

Covid-19 put an additional spin on the relevance of security. An increased number of people work from home. This means companies are now connected to the home’s internet and connected to several smart devices. The question is – what are homeowners unintentionally sharing about themselves and their employers with their home devices?

Connected devices collect an array of personal data: demographics of the household, hours of when you are at home, details of shopping orders, preference in terms of temperature setting, music, and TV purchasing history, search activity, health metrics, and the list goes on.  VPN has been an industry standard to protect company data when employees connect to the network off-premises. Connected home devices that have a microphone are now listening in.  With work-related conversations happening at the house these days, unsecured devices could be eavesdropping on sensitive topics of M&A, compensation data, new customers, and contract negotiations. Company IT departments now have another threat on their radar.

Tackling the Internet of Everything security will take three parties’ combined efforts: consumers, manufacturers, and the government. 

  • The government has been addressing the issue by bringing more awareness. October’s theme of the National Cyber Security month was “Do Your Part. #BeCyberSmart.”

The efforts encouraged individuals and organizations “to own their role in protecting their part of cyberspace, stressing personal accountability, and the importance of taking proactive steps to enhance cybersecurity.”

The government has also been helpful in terms of legislation. SB 327 was introduced in California in 2018 and became effective as of January 1, 2020. Under the new law, manufacturers are required to equip devices with a reasonable security feature. Similar legislation was also introduced in Oregon.

Reasonable security feature covers the following:

  • The preprogrammed password is unique to each device manufactured; or
  • The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time. The law is important as it ensures that all smart devices from a manufacturer do not have the same preprogrammed default password, making it vulnerable to hacking attacks. 
  • Manufacturers can contribute in several ways to mitigate security risks.

One is to continue monitoring for cybersecurity development and continuously issue new software patches targeted at vulnerabilities. Another area is standardized product labeling for security and privacy levels. Consumers are far from being security experts, clearly understandable labeling would be a substantial differentiator between the devices. Manufacturers would be able to upcharge for more secure devices as well.

Based on the research done by Carnegie Mellon University Scholars, some of the information that could go on the label: 

  • Privacy rating for the device from an independent privacy assessment organization
  • Security rating for the device from an independent security assessment organization 
  • The date until which security updates will be provided 
  • Type of data that is being collected 
  • Type of sensor(s) on the device 
  • Whether or not the device is getting cryptographically signed and critical automatic security updates

Consumers’ contribution to privacy and security might be the most impactful in the short term as they are in charge of their home networks. A few quick and easy steps can go a long way. Steve Symanovich of NortonLifeLock suggests revisiting the router set up by giving it a unique name, utilizing encryption method for Wi-Fi, dividing the network into a work and guest network, using strong passwords, and checking settings on connected devices.

The topic of privacy and security related to household connected devices will continue to be vital and laying the ground for several other areas of the Internet of Everything: Internet of medical things (IoMT) and connected cars (autonomous vehicles). There is no easy way to fix the problem, but it requires attention as if we are not careful, the potential consequences of a hacker attack or misuse of information could be in the range of life and death. Continuous education of the consumer and steady progress on the side of manufactures are vital.

Read More Big Thinks

Big Thinks November 2020 Connectedness and Continuity of Economic Space Evelina Roseman

Planetary Economic Space: It’s All Connected

Globalization has entered the phase of a single continuous space of economic activity that includes dry land, ocean’s water, aerial atmosphere, and open space well beyond our planet’s surface. And it’s all connected!

Read More »
Big Thinks November 2020 AIoT of Agriculture by Michelle Galvanni

Agriculture: Connecting People, Planet and Profit

The Agriculture and the farming industry is going through a significant transformation. Abandoning traditional farming practices, the agricultural industry is embracing digital connectedness and data. Increasingly, they are building an ecosystem of smart farms.

Read More »