Security and privacy of Internet of Things including security certification aspects
The potential benefits of IoT in stimulating innovation across a range of different industry sectors are widely recognized. The opportunities to improve existing processes and to develop new solutions are compelling but there are many challenges and potential barriers for the adoption of these new technologies. Open markets offer opportunities for new businesses to bring new products and services to market, contributing to complex, integrated IoT systems.
A fundamental issue is the need to establish trust in IoT across different technologies and markets. Trust in IoT devices and applications can be promoted in different ways and by using different approaches (including security certification, security by design, best developer practices,etc…) by demonstrating appropriate behaviors, but ultimately what is required is that people and businesses have a clear understanding of, and confidence in the new approaches being proposed. Without this, the risks of adoption will be perceived as too great.
Stakeholders including end users, developers, device manufacturers, system integrators and service providers, which need to be confident that all technical components behave in predictable and desirable ways, both individually and as part of complex systems.
The IoT context is particularly challenging for security and privacy aspects because of the dynamic environment, where IoT devices must operate, the low profit margins, which negatively impact the economics of security, the low computing power and capabilities of IoT devices.
These challenges should be addressed using a multi-dimension approach, which can be based on different techniques and solutions, including :
- best practices for secure development and deployment
- efficient and effective security certification processes and tools
- post deployment monitoring of IoT devices and systems
- incresed awareness to users and consumers on the risk associated to security threats thus mitigating the economics of security issue
- processes and tools to provide a level of trust of the IoT device to users and other parties in the complex IoT system. A potential approach is based on the IoT Trust label concept