The World Is Recognizing the Threats Posed by IoT (Internet of
Things) Devices.
UK Introduces New Cybersecurity Legislation for IoT Devices
"The UK government has today introduced new legislation to Parliament
that aims to better protect consumers’ IoT devices from hackers."
The Product Security and Telecommunications Infrastructure (PSTI) Bill
The Product Security measures (Part 1 of
the Bill) will:
✓
ensure that consumer connectable products, such as smart TVs,
internet-connectable cameras and speakers, are more secure against cyber
attacks, protecting individual privacy and security;
✓
require manufacturers, importers and distributors to comply with
new security requirements relating to consumer connectable products; and
✓
create an enforcement regime with civil and criminal sanctions
aimed at preventing insecure products being made available on the UK
market.
Germany is proposing legislation in a similar
vein that will hold manufacurers legally liable for damage caused by
their unsecured devices. The coalition agreement of the new German
government announced
“manufacturers are liable for damage negligently caused by IT security
vulnerabilities in their products.” .
These proposed legslative steps come at a time
when attacks either launched by or on IoT devices have increased
tremendously over the last year. An increase in these attacks on
IoT devices have come as more professionals took their work home during
the pandemic.
One
researcher documented an increase of over 700% on attacks on IoT devices
during the pandemic. 553 different devices from 212 manufacturers
were identified as vulnerable to attack.
IoT devices comprise of many different types
of electronics, from set top cable boxes to smart watches, all Internet
connected. It was noteds that 65% of IoT attacks were against 3 common
product catgories:
1. set-top boxes (29 percent)
2. smart TVs (20 percent)
3. smartwatches (15 percent).
Frightening, but true: your cute little smart
watch could be responsible for an Internet connected heart monitor
somewhere to suddenly cease working. The insecure nature of IoT
devices is a real threat to security everywhere. These smart
devices are communicating with Command and Control Servers controlled by
hackers the world over. Researchers found that:
"The majority of compromised IoT devices, nearly 90 percent,
were observed sending data back to servers in one of three countries:
China (56 percent), the United States (19 percent), or India (14
percent). I think that is pretty much what hacking is
all about, no matter how it is accomplished.
Like the pandemic is a global problem that requires a global solution,
computer insecurity is also a global problem requiring a global
solution. Germany and the United Kingdom are to be commended for
tackling the problem of IoT device security seriously. I must
question, however, if the economies of Western Europe are large enough,
and thus have the clout, to force these manufacturers into building
better products. This is especially true in the case of the UK,
having backed out of the EU. And, like with Covid, 40% of the US
population will cry out something like this: "Keep your Gawd
dammed gubermint hands off my smart frig! The software in it is
how Gawd made it, and that's the way it's gonna stay!"
Gerald Reiff
|