Cybersecurity threats have long served as a readily available source of inspiration for the film industry, envisioning alarming scenarios in which the misuse of technology and data endangers society, businesses, and governments. However, what has been portrayed as science fiction, is increasingly becoming reality.
We are witnessing how digital technologies have become part of our daily lives and economic systems, rising welfare and enhancing competitiveness. Nonetheless, the rapid emergence and adoption of new cutting-edge and interconnected technologies also pose significant threats to governments, companies, and society as a whole.
The growth of IoT and Edge devices
As every other revolution, the Fourth Industrial Revolution is characterized by key technological advances, being one of them the Internet of Things (IoT).
With IoT, everyday objects acquire a new dimension in the digital realm, transforming into smart objects capable of exchanging substantial data amongst themselves. Another way to explain this is that IoT enables the convergence of digital and physical worlds, allowing digital control of physical objects.
This technology has applications in both the consumer and industrial segments. On the consumer side, users can easily access information through voice assistants, remotely control and monitor smart home devices from personal devices –such as phones or smartwatches– and communicate with their surroundings to obtain updated data that enhances decision-making. On the industrial side, IoT has facilitated a shift from the traditional production model to a digital and connected transformation, resulting in reduced downtime, lower costs, and optimized resource utilization. These applications can be implemented on a small scale –such as in smart factories or buildings-, as well as on a larger scale, such as in smart cities.
The capabilities and optimizations provided by IoT in both consumer and industrial sectors have accelerated its adoption. As of 2020, there were 9.7 billion IoT devices deployed worldwide. Projections indicate that by 2030, the number of IoT devices is estimated to soar to 29 billion, that is practically a 200% increase. Given this significant growth, evaluating IoT cybersecurity is crucial.
Cybersecurity challenges
IoT bridges the gap between the physical and digital worlds. However, this opens the possibility of inflicting harm in the physical world, and potentially endangering human lives, which is what sets IoT apart from other technologies.
Some of the key challenges in the cybersecurity of IoT ecosystem are:
Complexity of IoT systems. Typically, IoT and edge devices are manufactured by various actors, each having their own cybersecurity standards.
High costs of cybersecurity systems. Underinvestment in device security is a common issue. Manufacturers often face cost constraints and may prioritize other aspects over comprehensive security testing.
Lack of regulatory harmonization. For the moment, there are no regulatory requirements to ensure that all IoT and edge devices produced or deployed to comply with a certain cybersecurity level. Similarly, there are no incentives to producers, via public procurement, certification, or labeling to encourage adherence to technical standards
Limited user awareness. Users often lack awareness of the cybersecurity risks associated with IoT devices. They may also be unfamiliar with best practices like regular software updates, strong passwords, and fail to recognize signs of a compromised device.
New technologies. AI-powered IoT devices are susceptible to cyberattacks and malfunctions due to vulnerable algorithms and the absence of human intervention in AI-enabled decisions. On the other hand, quantum computing could also present certain threats to cybersecurity as it has the capability to perform code-breaking calculations within minutes.
How can we advance in the security of the IoT ecosystem?
While IoT offers many conveniences, it also presents several risks. The interconnected nature of IoT devices means that if one device is compromised, it can provide hackers with a pathway to control other devices. This can result in unauthorized access to sensitive information, disruption of smart object functionality, or even damage to the devices and to the physical environment in which the device is actuating, which includes human lives in the most severe situations.
To reinforce IoT cybersecurity, it should be paid attention to four main aspects.
Promoting new market dynamics to incentivize investment and research in cybersecurity. Producers have greater incentives to minimize costs and time to market, rather than prioritizing the security of their devices. This market failure could be addressed by allocating funds to develop the cybersecurity capabilities of producers’ IoT and edge devices or by implementing a scoring system that rewards producers who prioritize cybersecurity.
Introducing security incentives for producers. Governments should incentivize the use of robust authentication mechanisms, monitoring tools, intrusion detection systems, and frequent software updates to patch vulnerabilities. Additionally, secure communication protocols should be implemented to exchange data between devices, especially with the presence of AI and quantum computing.
Raising users’ awareness and education. Awareness campaigns should be conducted to help people understand the consequences of cybersecurity attacks on their privacy and daily activities. Simultaneously, offering a diverse range of courses covering various aspects of cybersecurity would enhance the availability of professionals in the field.
Reinforcing international cooperation and develop international standards. Enhanced cooperation would lead to a better understanding of the cybersecurity challenges, establishing shared principles and standards. This would foster interoperability and a level playing field for all stakeholders involved.
This post offers a summary of an essay featured on the International Institute of Communications (IIC) website, which secured a top 10 position in the Future Leaders Competition 2023. You can find the complete essay and the link to the IIC website below.