Should regulation bodies oversee cyber security needs?

As the world moves toward an always on ecosystem of connected devices, aptly named the Internet of Things (IoT), questions around cyber security begin to arise. Having your devices always linked to the internet increases the chance of private information being stolen.

Personalized data is no longer a centralized thing. Gone are the days of just having a Google, Facebook, or even Geocities account. Now, pretty much everything from game consoles to watches want some of your private information and an internet connection. And if you’re the kind of person who re-uses a password over a multitude of accounts, then hackers can access as much as they want, even if there are just cat photos on your phone.

Can regulators improve smart devices for everyone?

Throughout most of the world, there’s no regulatory body that governs each and every device and how cyber security standards are handled. Creating a centralized organization would go a long way in creating a safer world for your IoT devices and personal information. An organization of this magnitude would not only be overseen by governments, but private entities that have experience in cyber security measures and would also benefit from such an establishment.

There’s a whole range of companies holding your personal information, and who lock away all of that data in different ways. For example, your favorite online shopping site may ask for your credit card info to complete your purchase, but that info is often housed by a third-party that sspecializesin such things.

Should governments be involved in cyber security?

Including governments in cyber security procedures not only allows for influence in local laws, but the holding of countries accountable as well. Though this does raise some concerns, one of which is the United States’ involvement in PRISM, which Edward Snowden revealed to the world in 2013.

During the leak, Snowden revealed that top-tier internet-based companies, such as Google and Facebook, were supplying the US intelligence agency, the NSA, with the personal information of users. Even Microsoft was implicated in the debacle, allowing for backdoors inside the Windows operating system. If you sent any private images over Skype in 2011, there’s a good chance the NSA has them.

In this instance, no single organization should be allowed full access to IoT devices or private information, but rather a collective that can police each other.

Some of the enforcements

There are, of course, a few ways in which a unified body could create a safer environment for an IoT world.

Firstly, devices should come with randomly generated passwords and logins. Not only does your home router include some very standard details, but a generic access address as well, which is either 192.168.1.1 or 10.0.0.2.

Recently, an IoT sex toy, one of the most private of devices, was found to include a universal address, username, and password. Considering it has a built-in camera for streaming, that’s quite a privacy concern. Giving these devices randomly generated access details would go a long way in negating information leaks and hacking.

Another way to protect IoT devices, though one that is contentious, is the use of automatic and forced firmware upgrades. This isn’t always feasible as many users don’t have access to an always-on internet connection.

Forced updates allow companies to make sure that users always have the latest security patches installed in order to protect them and their data from malicious attacks. Game consoles, such as the Xbox One and PlayStation 4, will not allow users to play multiplayer games until the device is up to date. Automatic updates also introduce other problems though, such as the ability to brick a console, rendering it completely useless.

Companies could also be held liable for security breaches with their devices, as seen with the 2011 Sony PlayStation Network hack. This method would require a number of lawsuits to take place and as seen with the example, can take years to complete.

What about Stuxnet?

The easiest way to not put your information and privacy at risk is to completely disconnect from the internet. However, as Stuxnet proved in 2010, this too is no longer a viable option.

Stuxnet is a malicious computer worm which managed to access Iran’s nuclear power program and bring it to a halt, something that wasn’t connected to the internet at all. It achieved this feat by hiding on USB drives, hopping from Windows PC to Windows PC until the program found its desired target.

It’s possible you won’t be targeted by a Stuxnet-like attack, but the potential is there. Since it was rumored to be created by governments, would you want them protecting your data?
If you are interested in automating your home, read our article. The piece outlines what smart home assistance is, how it is the future of living, and how you can protect your IoT home from cyber attacks.