In Things, Do We Trust?

By Loic Bonvarlet

Why the future of the Internet of Things needs baked-in security.

Connected Internet of Things (IoT) devices have quickly become a cornerstone of business and personal lives. In the past couple of years, the global pandemic turned the remote management of critical business processes, remote working and data from the IoT into key business success metrics for resiliency and growth. With this comes the increased risk of how data from IoT devices is and should be secured to keep people and businesses safe.

That was evident at this year's MWC'22 in Barcelona, where dialogue on security was one of the most prominent themes. The telecom industry has a strong responsibility to support businesses on how to leverage IoT technologies, as well as the growing integration of artificial intelligence and 5G, to safeguard their investments and, ultimately, users with security.

It has been long in the making, but it feels like a new era of IoT is finally here. IoT devices and data are no longer in use only for the purposes of a single outcome but as an integral part of multiple supply chains, logistics, or the remote management of fleets or servicing global markets. Scale is key to ensuring the IoT moves out of its sandbox from research labs to the field, where its true potential can benefit users.

Take, for example, the field of healthcare—specifically, the ability for devices to supply socially distanced medical information at a time when personal space and health insight are needed most. As a result, there has been an astronomical rise in Internet-connected medical devices. In this instance, the IoT provides irreplaceable tools to doctors, practitioners and caregivers who can gather, store and use data to develop better outcomes for individuals, as well as the overall population.

Personal medical care and health data interoperability were already major hot topics in medicine before the pandemic, and now they are only growing with the expansion of medical connected devices. This is evident as a greater awareness and acceptance of newer technologies and higher spending on healthcare services is expected to see medical connected devices grow to $260 billion by 2027.

However, a study into existing Internet-connected hospital devices found that more than 80 percent of medical imaging devices run on outdated operating systems. If such devices are not diligently updated with the latest version of their operating system, or if they are running an unsupported operating system, hackers can exploit vulnerabilities to steal data, infiltrate a hospital network and disrupt care.

At this juncture, it is important to take the learnings from the Internet and ensure we design an IoT with security best practices in mind. Encouragingly, there are several national initiatives in policy and regulation that address this issue with guidance on security to which manufacturers and service providers must adhere. But without an international effort that combines the best of these, we stand to under-serve consumers in markets where such national approaches vary or do not exist.

With this in mind, more than 400 organizations and players across the semiconductor, technology and applications ecosystem convened under the World Economic Forum's Council on the Connected World. Leaders from Consumers International, the Cybersecurity Tech Accord and I Am the Cavalry designed a simple approach to "security must-haves" for Internet-connected devices. These five basic security provisions are easy to implement and adopt worldwide. They are:

  • No universal default passwords
  • Implementing a vulnerability disclosure policy
  • Keeping software updated
  • Securely communicating
  • Ensuring that personal data is secure

A further element in consideration of security and safeguarding is that of the user. With the IoT, everything (both living and non-living things) will have a virtual identity on the Internet, which would be readable, addressable and locatable. Although this empowers users with 24-7 connectivity around the world, unknowingly they would also be providing permission for others to peep into their personal world, which can generate risks.

This is where collaboration is needed to bring together the strengths of device security and the learnings from the Internet and mobile connected apps to encryption and network security. Actions now could ease the path for developers and device manufacturers while assuring and empowering users responsible for driving the adoption of trusted IoT services. For this to happen, the industry must respond together with collaboration and cooperation across parts of the IoT ecosystem which do not generally work directly together.

We'll be sharing more about what this looks like and how it eases compliance toward fast-maturing regulations within the European Union (and beyond) in a joint security panel as a key topic ahead of World IoT Day (which will be observed on Apr. 9, 2022). We believe the power should be in the user's control, and your voice is important in helping shape this. Kigen and its partners, ZARIOT and The@Company, will explore this in a webinar on Apr. 8. For a longer read on how security is flipping the Internet of Things, download this white paper.

Loic Bonvarlet oversees product management and marketing for Kigen, helping to facilitate adoption and scalability of a secure, integrated and cost-effective cellular IoT. He drives the entire Kigen portfolio, from embedded solutions to services. Loic has more than 20 years of experience in telecoms, wireless, security and IoT in development, support, technical sales and product marketing. Prior to joining Kigen, he worked at Arm as its product marketing director for secure identity, notably to develop and promote Kigen's portfolio and first iSIM projects. As a pioneer of integrated security and a global leader in SIM technology, Kigen's ecosystem is securing the IoT to better the connected future. Find out more at the company's website.