The recent events of connected cars remotely hacked led to considerable discussions about the potential weaknesses of security systems of Internet of Things (IoT) technologies, whose growth cannot be stopped though.  But how can we find the right balance? 

You cannot stop the change!

A famous quote from Winston Churchill is

To improve is to change; to be perfect is to change often

Any technological revolution has brought some disruption and inevitably some mistakes.  However, this is not the reason for stopping progress.  I have spent long days and nights talking to friends, clients and colleagues about the potentials of the Internet of Things and the first response has been in some instances that they don’t understand it and like things the way they are…

Well, I believe that the over 80% of the companies which increased their revenues by investing in the Internet of Things according to a study from Tata Consulting Services might have a different view.  And since according to the data published by Juniper Research, the number of Internet of Things connected devices will almost triple to 38 billion units by 2020, people willing to keep the “status quo” shall quickly change their mind!

Security and the Internet of Things need to live together

The recent events of connected cars remotely hacked created the impression that security risks are underestimated by manufacturers of Internet of Things devices.  And some US senators requested investigations on whether such risks are common to other vehicles also calling for a security act aimed at establishing federal safety and privacy standards and even a rating system on how car makers protect their vehicles from hackers.

But, it is not that all of a sudden hackers decided to target cars!  We have already discussed about the potential cybercrime risks that can arise through the usage of Internet of Things technologies.  There is no doubt that the evolution of connected devices will require considerable investments in terms of terms of cybersecurity.

However, as I mentioned in a recent post,

Security is a business issue, not a technical issue

It is not only a question of requiring investments in terms of security by manufacturers of Internet of Things devices since unfortunately it is likely that hackers will always be ahead of their victims in terms of technological development.  Also the required security investments cannot be excessively burdensome as otherwise they will hinder technological development.  What has to change is the whole manufacturing process of Internet of Things devices and of any other technological device that shall be restructured in order to ensure privacy and security compliance.

We need a cultural shift?

Security and privacy have often been seen as an uncomfortable cost for companies.  But, the increase of the fines for privacy breaches to 2/5 % of the global turnover of the breaching entity due to the coming into force of new EU Privacy Regulation and the massive costs paid for the recall of vehicles involved in the recent hacking attack will be an effective reminder for a number of CEOs that are likely to put privacy and security (which includes privacy security) on the top of their priorities list!

There is no magic formula!

Companies and regulators need to find the best way for minimizing disruptions caused by security and privacy breaches in IoT technologies.  And the best tools are in my view:

  • the adoption of a privacy by design approach that would work as a shield against both privacy and security claims from users and authorities and
  • the validation by authorities of security standards which would increase the level of certainty in the sector avoiding potential damages deriving from events like the one mentioned above.

This is certainly on the agenda of the Italian privacy regulator in its current consultation on the Internet of Things and we will see whether Italy will be on the forefront in leading the sector towards the right way for both the industry and consumers.