IoT Regulation Still Catching Up to Industry
If you’ve ordered a pizza with Google Home, monitored your sleep patterns with your Fitbit or unlocked your bike lock with your smartphone, you are part of the IoT revolution changing how we interact with the world.
IoT, or ‘Internet of Things’, involves any 'thing' connected to the that allows the transfer of information without the need for personal computers. It’s considered the next industrial revolution and is expected to be worth tens of billions of dollars to the Australian economy over the coming decade.
Globally, there are currently about 5 billion items wirelessly connected to the internet, and millions more coming on line every day. In three years, that number is projected to grow to an extraordinary 50 billion internet-connected, data-producing devices.
Connecting data, devices, people, processes and things to the internet creates incredible opportunity for businesses and consumers alike. It helps to make the lives of consumers more efficient and easier, while allowing businesses to be more productive and make better, more informed decisions.
However, as David Morrison, GM of Governance Risk & Compliance at Loop Secure, describes, there is a downside. “With more devices connected to the Internet, malicious actors have a new world to exploit. With the ubiquity of connected ‘things’ surrounding our daily lives, regulation is failing to keep up.”
A number of international organisations and government departments are working on security and privacy issues related to IoT and at this stage, there is no single, coordinated approach to implement standards for IoT on a global scale.
Australia is in a similar spot. Agencies and government groups, such as the Australian Communications and Media Authority (ACMA) and IoT Alliance Australia (IoTAA), are collaborating to resolve the cybersecurity issues that the IoT industry presents. Still, a coordinated strategy is still lacking.
As Australia's regulator for broadcasting, the internet, radio communications and telecommunications, ACMA continues to work with industry groups and gather feedback to understand how to best regulate the industry. This could take the form of existing regulation to further facilitate and enable Australian businesses and citizens to benefit from IoT, or new regulation related to the connectivity of IoT devices, the data captured and the security standards of the devices themselves.
Supporting the Australian Government in developing regulation is the IoTAA, who is looking to develop a scheme to ensure that IoT devices meet minimum security levels.
While IoTAA seek to empower industry to grow Australia’s competitive advantage through IoT, their remit is to also promote enabling, evidence-based policy and regulation. To that end, the IoTAA remains vocal in addressing regulatory and policy enablers and inhibiters to ensure regulation keeps pace with the growth in IoT.
The IoTAA’s position on IoT security Australia can be found in their latest submission on the Strategic Plan to Strengthen IoT in Australia. Among their recommendations, they suggest an IoT product security certification program, and IoT supply-side security awareness and education programs for IoT developers, manufacturers and suppliers.
The Australian Strategic Policy Institute is also having their say. As the think tank that produces expert and timely advice for Australia’s strategic and defence leaders, they also hold the view that Australia’s current policy and regulatory settings are almost certainly sub-optimal. Admittedly, they sympathise with the Australian Government, who are faced with the difficult task of finding the right balance in regulating the industry.
This balancing act, Morrison says, refers to regulation that doesn’t stifle innovation.
“IoT is rapidly changing social and industry norms, and encourages innovation, entrepreneurship and productivity. On the other hand, privacy must also be taken into account. Therefore, carefully crafting the right regulation for this industry is critical.”
“Being overly restrictive with regulation, and pre-empting problems that may never come to fruition, could limit innovation and progress in the IoT industry.”
The longer it takes to embed regulation on the IoT industry, the more challenging it will become. More and more devices are coming online every day. IoT attacks will only become more sophisticated, and so far, security and regulation haven’t been able to keep pace. However, with groups like ACMA and the IoTAA working towards a fair approach with a common set of standards, we’re on our way to regulation and policy supporting the growth of Australia’s IoT industry.
To learn how to choose the right cyber security vendor to manage your IoT security requirements, download our guide and checklist here: