Over 50 billion devices is anticipated to be connected by the end of this decade. Consider that there are almost 7.5 billion people on Earth. 25% of this population is under the age of 15, which typically do not carry (their own) wireless device –in the sense of generating direct revenue for wireless providers-. Therefore, 50 billion of connected devices simply means 9 connected devices per adult. Again, this shows the benefit of the Internet of Things solutions to wireless service providers, which extends the usage of wireless and mobile connections beyond human subscribers. Wireless providers will receive revenue if the service requires connection, or otherwise, they may generate revenue by acquiring and selling the (developers’) solutions to their (already) high number of subscribers.
One of the biggest challenges to the implementation and wide commercialization of IoT solutions is mobile security, and data privacy. Data is collected from people and things, about people’s daily lives, habits, families, friends, patterns, private interactions, finances and much more. People and things may each have a unique identifier, through which they can be searched and located, and their information can be accessed and used in many different ways including to control and manage them. It is obvious that the opportunity is not such that hackers, cyber criminals, and of course terrorists can easily overlook. A Linux worm emerged as early as November 2013, which is believed to have targeted the Internet of Things, specifically. Rate of mobile malware infection was as high as 40% in countries like Russia and China in 2014. Therefore, educating the end-users as well as securing the infrastructure is becoming increasingly essential to the successful implementation and utilization of IoT services. This is why there are initiatives to standardize and implement mobile security, including an initiative at CTIA.
CTIA represents carriers and other players in wireless telecommunication, and has over 100 members, including carrier, supplier and associate members. CTIA advocates on behalf of them at all levels of government, and coordinates the industry efforts, guidelines and programs to promote mobile devices and is most active in North America. Similar to GSMA (discussed in my previous blog post), CTIA has IoT initiatives, with cyber security as one of the most important ones.
Security is required in different levels, including on the connected module itself, the application, the (wireless) connection, as well as the cloud of data itself. Cyber security initiative covers the end-to-end security of the infrastructure. In fact, many of the same practices that were initially developed for M2M and mobile security, have been used as the basis for the development of the cyber security solutions for the Internet of Things. Items such as security audits, VPN, encryption, multiple air interface security, enhanced security features, software update distributions and immutable root of trust are some of the security solutions and technologies to be leveraged and developed by CTIA cyber security working group.
In addition, governmental data security laws and policies have been in place and enforced for several years now. But now these policies and regulations need to be revisited to ensure they are applicable to and sufficient for M2M and IoT solutions and infrastructures. To name some of these policies and regulations, we can mention FCC’s Customer Proprietary Network Information (CPNI) Rules, Children’s Online Privacy Protection Act (COPPA), Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), and the Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule).
Conclusion:
The magnitude of impact on our daily lives and different industries have been obvious. So is the fact that without the right privacy and security regulations, standards and implementation, convenience and benefit come at the very high expense of security and safety, and will leave us extremely vulnerable to issues such as identity theft, financial fraud, attacks and a lot more. Therefore, there is opportunity for advanced cyber security solution providers and educators including wireless providers, network suppliers, infrastructure providers, wireless device and chip manufacturers in a rather complex and interconnected value chain.