Published on the 22/11/2018 | Written by Jonathan Cotton

Security vendors will always find something to make us paranoid, but for IoT, some sort of policy framework is surely the order of the day…

There’s a growing chorus of voices warning that governments need to take a good, hard look at IoT’s future – and start taking regulatory action.

“Connected devices have a huge role to play in society, but this shouldn’t come at the cost of our privacy and personal information,” warns Santosh Devaraj, CEO of Secure Logic recently.

“The vast majority of people are not aware of the significant risks posed by unsecured IoT devices, and government and the cyber-security industry must work together to empower Australians to take more control of their data security.”

He does have a point.

From hackable cardiac devices to the TRENDnet webcam hack, hacked IoT-enabled Jeep SUVs to the Mirai, Reaper and Okiru DDoS attacks–- take your pick – it seems that currently IoT tech is rapidly outpacing our ability to control it.

“Central Government has many tools and methods through which it can promote the development of IoT.”

That goes double at the consumer level: The technology isn’t well understood by the average man on the street, so should we be taking steps to save people from their unwittingly internet-enabled selves?

Internationally, that’s what’s happening now. The UK government is keen for industry to take the lead, and in March laid out security guidelines for the consumer IoT space, directed at IoT device manufacturers, service providers, mobile app developers and retailers, and covering passwords, data, disclosure and a host of best-practice advice. The government says it will investigate enforcement of the policies if the safeguards it suggests are not widely adopted.

They’re just one of a host of nations looking more closely at the ramifications of the impending IoT age. China has recently set ambitious IoT targets for 2020 and last month California became the first US state to specifically regulate IoT devices, requiring manufacturers of said tech to include ‘reasonable’ security features, scheduled to come into force 2020. At the federal level, several bills have been introduced, and Senate has introduced the IoT Consumer Tips to Improve Personal Security Act, which would require the Federal Trade Commission to create security resources for consumer education and awareness around IoT devices.

So what’s happening right here, right now?

On both sides of the Tasman it’s very much a case of hurry up and wait. The Turnbull Government has launched a research project called ‘The Internet of Things: Maximising the benefit of deployment in Australia’ to consider ways to foster technological leadership while ensuring responsible deployment. A key focus of the report will be, among other things, governance requirements and technological standards. (The paper will be produced by the Australian Council of Learned Academies which will receive a little over AU$200,000 to examine the ‘opportunities, risks and consequences of the IoT’.)

Expect key findings to be delivered over the next 12 months.

In New Zealand things have been slower to get underway. The NZ Internet of Things Alliance was launched in 2017 by then-communications minister Simon Bridges, as a first step to developing a cohesive national policy. In August the group offered several IoT recommendations for government, including increased investment from local bodies to create the public infrastructure required for IoT use cases, suggestions that the government should become a ‘strategic customer of IoT technologies and solutions’, as well as recommendations that the government develop some sort of insight and information sharing policy to help the market understand the developing IoT landscape.

“Central Government has many tools and methods through which it can promote the development of IoT,” says the report. “At minimum, Government should collaborate with academia and industry to raise awareness of the benefits that IoT provides to both businesses and consumers.”

All good advice, and likely something we should do sooner rather than later. After all, according to the IDC G20 IoT Readiness Study, both Australia and New Zealand are well prepared to take advantage of the opportunities IoT brings, due to the ease of doing business, government effectiveness and yes, regulatory quality.

So let’s handle the security and regulatory issues now. It’s a bright IoT future, and very much ours to lose.