According to an analyst firm, there will be 8.3 billion Internet of Things (IoT) devices in 2017, rapidly rising to 20.4 billion by 2020. When we think of IoT devices, our minds wander to consumer products: security cameras, alarm systems, smart light bulbs and the like. Indeed, this area is going to be the biggest, with 5.2 billion devices connecting this year. As big as consumer IoT devices are, that means there are three billion-odd business devices, and growing. Don’t think of this as just products installed in a corporate environment, but products used by a business. The future of IoT will be split down the middle, with many products likely to have an internet connection solely for the manufacturer’s purposes. For example, a washing machine may have a small microphone inside, transmitting data back to the manufacturer. Should any strange noises be detected, you could be contacted about needing a repair, pre-emptively fixing issues before they become a major (and expensive) issue. Data is also extremely valuable, and by monitoring their products, manufacturers may be able to develop better ones or tweak features based on how people actually use a product.
BLESSED IS THE PACEMAKER
There are other benefits, too. By being able to send firmware updates, manufacturers could improve products, or set them to detect problems. A recent example is a pacemaker manufacturer who discovered a flaw that could cause some models to stop working. Rather than having to perform invasive surgery on every person fitted with a potentially damaging pacemaker, the decision was taken to perform a firmware update instead. Should the error conditions be detected, the pacemaker would emit a beeping sound letting the owner know that they’d need a replacement before the unit stopped working. This type of update could easily be expanded to other products.
From a manufacturer’s perspective, these features are only useful if your device is connected to the internet. Relying on consumers to do the job for them via Wi-Fi won’t work. It’s simply too much hassle for consumers, with too little perceivable benefit. Instead, we’re likely to move to a situation where IoT devices have integrated mobile, talking via 5G (or other protocols) automatically to the manufacturer’s servers.
This introduces a new security dynamic and some other issues. If your IoT device was hacked, it would have no impact on your own home network and present no security implications for your data, but there are other risks. It’s possible that a tumble dryer could be hacked, turning on its heating element permanently, and causing damage or even a fire. Then there’s the possibility, that a manufacturer would get its back-end systems attacked, with the hackers threatening to brick all connected devices unless a ransom was paid. That would be a nightmare situation for all involved – imagine paying for a fridge only for it to turn itself off because of a cyber attack.
Clearly, the IoT opens up lots of exciting new possibilities, but it also opens up a new world of uncertainty. If your manufacturer was hacked and your fridge shuts down, does the warranty cover it? If your washing machine takes part in a denial of service attack, is it your responsibility? Should manufacturers even have the option to hook up your devices to the internet in the first place?
TAKE BACK CONTROL
The benefits that IoT can offer are outstanding, but we need manufacturers to take security seriously from day one. In the cases I’m talking about, you won’t have any control over security, so everything falls outside your power. That means when we buy products in future, we’ll no longer be just concerned with price and reliability, we’ll also want a secure device, too. In turn, this means that governments need to take security seriously and push firms to manufacture products that meet certain guidelines. After all, electrical products have to have the CE sticker on them that proves they’re electrically safe, so why not have a similar independent rating scheme for internet security?
For too long manufacturers, particularly the ones of cheaper goods, have sacrificed security to keep the price down, but that’s an impossible situation to maintain. We’ll also need legislation to sit behind all these products so that a product that breaks due to a cyber attack is covered by some kind of extended warranty. It’s similar to how manufacturers have to perform a security recall, regardless of age, should a serious fault be detected. If we get things right now and work with governments and manufacturers, then we can start to reap the benefits of the IoT at all levels in safety.