IT security company Gemalto says governments need to regulate to boost the level of security in IoT devices. The call comes in the wake of a survey undertaken by Gemalto that, it said, revealed the widespread support for government intervention.
“This is the right time for intervention,” Gemalto said in a statement. “If governments can set regulations then faith can be restored and built into the security of the IoT ecosystem. After all, which other revolutionary technologies are left unregulated?”
Gemalto commissioned Vanson Bourne to survey 1,050 IT and business decision makers and 10,500 consumers across more than a dozen countries, including Australia: 96 percent of these businesses and 90 percent of the consumers said there should be IoT security regulation.
Sixty-one percent of businesses said IoT regulations should specify who is responsible for securing IoT data at each stage of its journey. Also 79 percent of IT decision makers and 72 percent of consumers said government intervention was important to IoT security.
“On the whole, guidelines and regulations would be welcomed into the IoT ecosystem,” Gemalto said. “If consumer confidence in IoT security can be improved through regulations, then this will continue to drive IoT adoption and offer a huge opportunity to organisations.”
IoT Hub reported in August that, in the US, legislation is been proposed that would require IoT devices purchased by the US government to be secure, and that Australia’s IoT industry body, the IoT Alliance Australia (IoTAA) is looking to develop a scheme to indicate that IoT devices meet minimum security levels.
In mid-October Dan Tehan, the Minister Assisting the Prime Minister on Cyber Security, told Fairfax Media that the government was prepared to pass new laws cracking down on vulnerabilities in web-enabled devices if the industry did not come up with a suitable scheme, described as “a ‘cyber kangaroo’ logo giving a tick of approval or a star system similar to the health stars on some packaged food, and energy stars on electrical appliances.”
Also an IoT working group comprising Commonwealth officials, the Australian National University’s National Security College Amazon, Google and Microsoft has been working on the introduction of an IoT voluntary minimum standards and consumer rating system.
Commenting on these initiatives on the Lexology web site, Maddocks lawyer Rafael Perez said that until any such voluntary or mandatory regime was put in place there were a number of steps organisations should take:
- If your organisation supplies services through IoT devices, what steps have you put in place to ensure your customers, or members of the public, are sufficiently protected?
- If your organisation supplies IoT devices, are those devices suitably secure? Are you placing your users, and yourself, at legal risk?
- If your organisation is supplied services through IoT devices, or has IoT devices on its business premises, has a proper security and privacy risk assessment been conducted? What contractual rights do you have recourse to prevent, or mitigate loss from, a data breach?