The emergence and adoption of new Internet of Things (IoT) technologies is increasing at an exponential rate. According to Gartner, 8.4 billion connected "things" will be in use in 2017, up 31 per cent from 2016, reaching 20.4 billion by 2020. The critical issue is that as more IoT devices enter the digital eco-system for government, business and personal use, they will become an increasingly common attack vector for cyber criminals to conduct DDoS attacks and penetrate networks, potentially causing widespread disruption.
One of the most commonly cited examples is the DDoS attack against the internet addressing provider Dyn last year, which resulted in temporary outages on popular sites including Twitter, Spotify and PayPal. The truth is, although the attack made headlines around the world, the actual disruption was short-lived and its overall impact was small. However as the systems leveraging IoT devices become increasingly important, such as cars, airplanes and especially healthcare devices, then there will start to become life threatening risks to such cyber-attacks.
Singapore’s Smart Nation and IoT
In Singapore specifically, IoT devices are a key enabler of the country’s Smart Nation initiative. Several of the main applications of the technology are expected to be in building management, healthcare, transport and logistics. Speaking about the plans, Dr Vivian Balakrishnan, Minister-In-Charge of the Smart Nation Initiative explained, “I have told IDA that in the next five years, I want them to create a national operating system for 100 million smart objects .… it will be (I hope) an open platform.”
Now the Singapore Government is not unaware of the associated risks of IoT. On its Smart Nation website it states: “Cybersecurity is a key enabler of our Smart Nation. The Government recognise the possible risks and has prioritised safeguarding relevant systems and networks that relates to security of citizens and privacy of data. The government, industry and public must all play their part and take measures to safeguard data, and ensure that critical control systems are protected even as we make them smart.”
One frequently discussed solution is to regulate the level of security for IoT devices. The problem there is that regulation stifles innovation, especially given how fast IoT technology is developing. It’s the same with security standards or specifications which as yet have not widely been agreed upon. Key vendors are developing their own standards and are trying to partner with the other vendors in the hope that their standards get widely adopted. This is creating fragmentation in the market and will likely make security management for IoT even more challenging in the near-term until a shared set of standards can be agreed upon.
Sign up for CIO Asia eNewsletters.