IoT security and privacy: Three questions to consider
Home > Industries > IoT security and privacy: Three questions to consider
Security

IoT security and privacy: Three questions to consider

27th July 2018
Qorvo
Alex Lynn
0

There are many questions these days surrounding IoT security and privacy, as well as to the internet overall. When we ask ourselves whether it will all be secure, the honest answer might be ‘it depends’, in the same way that life and the internet are never really fully secure. The same thing goes with privacy.

By Cees Links, GM of Qorvo Wireless Connectivity BU

In a way, this is not a very satisfactory response, especially considering how much we expect from the IoT in the near future. So, let’s explore this further with three important questions regarding security, privacy and IoT products.

What is the cost/value perspective?

The typical scenario (and anyone who’s been in the security business will recognise this) is that everybody starts by wanting ‘the best’ security, but they change their minds quickly if it comes with a hefty price tag. In this way, security follows the usual economic laws: the higher the security, the higher the cost. And cost includes not only the security measures themselves, but also the convenience toll that comes with high end security measures, like multiple password entries, repeatedly requested, and quickly expiring.

The cost of the security should also be in balance with the value of the item that is to be secured, along with the risk of a security breach. Logically, the higher the value of something and/or the larger the risk of a security breach, the higher the price that someone should be willing to spend to secure it.

Unfortunately, it’s not quite that simple. How do you determine the value in an IoT scenario? It’s a simpler question when asked about something that can be replaced with a single trip to a store, but more difficult here. And what about evaluating the risk? Spend a few minutes reading about the continuing string of data security breaches and it quickly becomes clear that we easily underestimate the risk.

How can we prepare for ongoing technological progress?

The progress of technology is an important question, as something that’s secure today can be hacked tomorrow, and something that was out of reach in the past is probably solvable today.

Over the years, there has been a race between security and hackers. System complexity and the lack of absolute end-to-end oversight also play roles. Systems today are becoming so complex that holes in security are easily introduced, and when they’re identified, those holes need to be rapidly patched. Some suggest that this increasing complexity, and the costs associated with it, are the largest challenge to being able to build secure systems. 

In any case, the progress of technology at any given moment is an important factor in overall IoT security. So, we must always be aware of technology improvements, so that IoT devices can always be upgraded.

How do we deal with IoT and internet privacy?

People tend to misevaluate privacy issues when it comes to the growing number of devices that people have at home or carry with them. These phones, tablets and TVs with cameras and microphones that can hear and see everyone in the room, unnoticeably. We even buy microphones to place in the living room or on the kitchen counter. And we assume that it is not listening the all the time. Is that true?

Privacy is a clear tradeoff between the benefit of the application versus the impact of giving up some level of privacy, a bit like the cost/value parallel for security. The key thing here is making an informed decision about this tradeoff.

But privacy and privacy protection issues are becoming more legislative than technological. Nowadays, the internet (along with the things connected to it) is a new frontier. At the moment, it is probably comparable with the Wild West, with no law and order yet established. Under what circumstances can information be collected, how and where will it be stored, and how will it be used? What are the penalties for infringement? What are the requirements for safeguarding collected private information, and what are the penalties for failing to do so?

To address these questions, we might think of a code of conduct for the Internet. Key elements would include:

  1. Respect for the personal environment: Data collected by cameras, microphones, sensors and other devices connected to the internet will not be used for anything other than the intended purpose, unless specifically approved.
  2. Respect for personal interactions on the internet: Emails, electronic documents, spreadsheets, searches, and other online interactions will fall under privacy laws and be treated accordingly.
  3. With regard to targeted advertising: Manipulation should be avoided by providing a balance of information and purpose.

Conclusion

We don’t know what’s coming next and we can’t see the whole range of threats looming on the horizon. So how can we possibly know that we’re secure, and our data is private?
Despite how it may sound, let’s not be too negative about this. We all tend to make reasonable assessments of how to stay out of trouble. This applies to the IoT (and the internet) as well. And the changes happening today in technology also come with great new opportunities in the future. The IoT, and the internet in general, will enable us to collect more data, to know more about everything, and to make more qualified decisions faster. We believe that a connected world is a better world. But this better world does not come for free. This better world is something that we need to understand, believe in and fight to make right.

Product Spotlight

APV1111GVY

Panasonic

Panasonic PhotoMOS® Photovoltaic MOSFET High-Power Drivers

SKU:
Stock:3490
Cost:$3.95
Buy Now Learn More
1CH-A-04

Adam Tech

Adam-Tech Wire-to-Board Solutions

SKU:2057-1CH-A-04-ND
Stock:4445
Cost:$0.09
Buy Now Learn More
Tech Videos
Read more

Upcoming Events

GISEC Global
23rd April 2024
United Arab Emirates Halls 2-8 - Dubai World Trade Centre
The Magnetics Show US
22nd May 2024
United States of America The Pasadena Convention Center
2024 World Battery & Energy Storage Industry Expo (WBE)
8th August 2024
China 1st and 2nd Floor, Area A, China Import and Export Fair Complex
View all events

Further reading

A selection of Security articles for further reading

Read more
Security
16th April 2024
Nord vLEI becomes first European-based GLEIF qualified vLEI issuer
Security
10th April 2024
Perforce Report reveals embedded security is a rising concern
Security
5th April 2024
PSA Certified launches Level 4 and reports partner expansion
Security
5th April 2024
STMicroelectronics extends brand protection with NFC tags
Security
4th April 2024
Fingerprints enhance Gothenburg HQ security with S-Key biometrics
Security
26th March 2024
Microchip Technology expands TrustFLEX family
Security
19th March 2024
State of DevOps report reveals security is strengthened by platform engineering
Security
14th March 2024
Thistle Technologies integrates its technology with Infineon’s OPTIGA Trust M
Security
22nd February 2024
Fingerprints and Ansal collaborate on biometric access control
Security
20th February 2024
Next-gen digital signage solutions with Smart Technologies
Security
15th February 2024
Sensirion Connected Solutions ISO27001 certification
Security
8th February 2024
NEC face recognition first in NIST accuracy testing
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier