The need to regulate the Internet of things
Today, the State Duma of the Russian Federation in third reading passed a law banning bypass blocking through VPN and anonymizers. When to wait for bans and regulations on the Internet of things? And is there any sense in regulating anything there?
The Internet of things is no longer a new term, because more and more we hear mention of this technology everywhere. The Internet of things (IoT) is a network consisting of uniquely identifiable objects (“things”) that can interact with each other and with the external environment using embedded technologies and without human intervention.
As the number of things that can be connected to the Internet is growing in geometric sequence every year, the technology of the Internet of things will undoubtedly have a significant impact on the global economy. According to the International Data Cooperation (IDC) forecast, the growth of the Internet of things market will be 16.9%, which may require a clear regulatory intervention.
Another aspect requiring attention from government is security. Each thing connected to the Internet, in addition to the physical component, also has some kind of information online, so you need to remember about information security and possible cyber attacks that can disable or, on the contrary, trigger things connected to the Internet. Often, device manufacturers neglect security, which leads to an increase in the number of threats.
In 2015, Hewlett Packard analysts examined the security of IoT devices and found that 70% of IoT devices had security vulnerabilities in credentials, almost no data encryption was used, and access resolution problems were also observed. In 2016, almost three-quarters of users surveyed by Accenture said they knew about the possibilities of hacking IoT devices. The security issue in this area is extremely critical, since it is assumed that most of the devices that we connect to the Internet will serve us for more than 2-3 years. At the same time, today many manufacturers do not provide software updates for IoT devices, which can be fatal even in cases where security was provided in the original software.
According to experts, this situation can improve due to state regulation, which obliges manufacturers to provide the necessary level of protection and impose some restrictions on the development of the IoT market.
At the moment, no definition of a basic level of security and privacy is accepted for smart devices. There is also no final legal basis for trusting IoT devices and IoT services.
However, already in 2016 it became known that the European Commission plans to introduce mandatory certification or another similar procedure for devices connected to the Internet of things. Which was supported by some chip manufacturers such as Infineon, NXP, owned by Qualcomm, STMicroelectronics and the European Network and Information Security Agency (ENISA). They also came up with a proposal to develop and implement basic cybersecurity standards for connected devices.
Recently proposed Building a European data economy initiativealso contributes to the creation of a single European market for the Internet of things. This initiative provides policies and legal decisions regarding the free flow of data across national borders, as well as issues of responsibility in environments such as the Internet of Things. In addition to political initiatives, the EU has put forward specific research and innovation challenges in the ongoing Horizon 2020 funding program.
In Russia, the Federal Agency for Technical Regulation and Metrologyalso in 2016 announced the start of the formation of a technical committee on standardization “Cyber-physical systems”, which will standardize such areas as the Internet of things, “Smart cities”, “Big data” "(Big data) and" Smart manufacturing "(Smart manufacturing). As part of the work of this committee, national standards will be adopted that are consistent with the pending international ISO / IEC standards.
Also, members of the Russian Association of the Internet of Things introduced a draft NarrowBand Fidelity (NB-FI) narrow band radio broadcast standard for the Internet of Things. It is planned to bring this standard to the international level.
The Narrow Band Fidelity (NB-FI) standard allows IoT devices to exchange data at a distance of up to 10 km when the device is up to 10 years without recharging. For the standard to work, the Association intends to use a frequency of 868 MHz, which is not occupied by other technologies and does not require permissions to work. In addition, the Association agreed to expand the frequency of the “Internet of Things” with the Ministry of Defense, the FSO and the FSB.
It is still clearly not clear what such activities of the states will lead to, but from the experience of already organized attacks, such as Mirai, it is clear that the security of the Internet of things requires action both on the part of manufacturers and government authorities.