skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

Potential security concerns regarding the deployment of an ever-increasing number of Internet of Things (IoT) devices are well documented. However, such concerns routinely focus on the potential vulnerabilities of individual solutions rather than recognizing the implicit dangers in a global system that is only "as strong as its weakest link."

The Dyn DDOS event is a wake-up call

The recent Dyn distributed denial-of-service (DDoS) attack has caused consternation in the technical communities intimately concerned with the "plumbing" of the Internet. While the debate as to who, what, and why the attack took place remains the subject of detailed sleuthing, a security paradigm shift has occurred that is going to challenge governments worldwide.

The attack used a large botnet of low-grade, poorly secured Internet devices – it's possible that your fridge, your neighbor's router, or my TV was involved. As the number of devices connected to the net increases exponentially, there is a significant aggregated risk to overall network integrity from millions of low-cost, poorly-designed, never-patched, unmanaged devices coming online.

Where cost is the prime determinant of low-end, no-brand devices' security is an afterthought, if it is even thought of at all. Products with no password, default passwords, no encryption, open insecure ports, known vulnerabilities, and an inability to patch flaws even if they are detected abound at the cheap commodity end of IoT. While an initial response is often "buyer beware," unfortunately, in aggregate, these devices have the capability to wreak havoc on the wider population.

Regulation may be a dirty word, but when products have the potential to cause significant harm, society expects government to mandate standards and regulate to ensure they are adopted. Motor cars must be built to safety standards, and manufacturers are held responsible when they are not – as Toyota found with its faulty accelerator issues. Samsung's recall of the Note 7 due to the potential fire hazard is similarly well known. In both cases, well-respected companies recalled their product due to consumer and government pressure.

In the IoT space, the greatest risk is generally not from the well-known products, which tend to be designed with security considered from the outset and are promptly remediated when flaws are detected. The biggest concern is with low-end generic or unbranded devices from smaller manufacturers.

Addressing the challenges posed by these products will require administrations to consider a model like electrical goods or children's toys, where, regardless of price point, minimum standards must be maintained and local safety regulations complied with. Furthermore, manufacturers and their local distributors are held liable for loss or damage resulting from substandard design.

Identifying what those minimum standards should be will be challenging, not least to ensure that the system isn't gamed by vested interests to reduce competition, but the Dyn event highlights the frightening potential from continuing with an "anything goes" approach to network device connectivity.

Just as the new-model virtual businesses, such as Uber and Airbnb, are requiring governments to rapidly develop new-model regulations, pervasive IoT will necessitate legislators walking a fine line that protects the "Internet commons," without stifling technical innovation.

Appendix

Further reading

"Security vulnerabilities are like the common cold," IT0007-000873 (February 2016)

"New-model virtual businesses are driving a need for new-model regulations," IT0007-000842 (October 2015)

Author

Al Blake, Principal Analyst, Public Sector

al.blake@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Internet of Things

    IoT Viewpoints 2018

    IoT Viewpoints explore the IoT opportunity in 2018 and beyond. Download our latest e-book to get our newest collection of thought leadership articles on the emerging IoT trends, technologies and opportunities.

    Topics IoT

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now