One of the fastest growing technologies is the Internet of Things (IoT). Gartner research estimates there will be over 20 billion “connected devices” by the year 2020 and defines IoT as “the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment”. In simpler terms, IoT may b e thought of as literally connecting things or devices over the Internet. Consumer IoT applications include smart home devices, connected cars, and wearables. IIoT (Industrial Internet of Things) is a subset of the broader category of IoT devices and focuses specifically on industrial applications such as manufacturing, transportation, agriculture and healthcare.
There are other closely related technologies that benefit from IoT including:
IoT, and these closely related technologies, are all based on the collection, use, analysis and storage of data.
The IoT Privacy & Cybersecurity Challenge
IoT, while providing many benefits, also creates new opportunities for huge amounts of data to be compromised. More data being is being shared among many more participants. And more sensitive data is being shared. Consumers continue to face privacy and data security risks with traditional technology systems like computers and mobile devices. IoT devices also pose a risk for unauthorized persons to access and exploit personal information collected and transmitted from these devices. Each IoT sensor or device may potentially be the weak link in a consumer’s Internet network. IIoT benefits include reduced costs and increased productivity and efficiency. However, having complex business and government infrastructures connected to Internet also means these systems are potentially vulnerable to cyber attacks.
These risks require proactive technology and policy strategies to identify the specific privacy and cyber security risks for IoT each system, and to develop effective methodologies and controls needed to mitigate those risks. Each business, whether focused on consumer IoT or industrial IIoT (or both), must develop strategies to manage these risks to consumers and critical infrastructures.
Develop Proactive Strategies
Understand Your Regulatory Environment
It is critically important to understand the privacy and cybersecurity laws and regulations applicable to your business. These regulations will vary depending upon your jurisdiction, location, business type and the type of data your business collects, stores and processes. The analysis of applicable laws should include the legal requirements, for example breach notification regulations, and government agency promoted guidelines and recommendations. Understanding and complying with these guidelines may help to demonstrate that your business is making good faith efforts to provide reasonable security measures.
Follow the Data
Data collection, use, analysis and storage are the primary drivers of IoT cybersecurity concerns. This also applies to the closely related growth technologies: cloud computing, Big Data, and AI. It important to know what type of data your business is collecting and processing. Is it personal data? Is it sensitive data? Is the data important to critical infrastructure protection? Your business must also know where the data is located while it is processed and stored, or shared with other parties for authorized processing. A “follow the data” analysis provides the foundation to develop effective privacy and cybersecurity risk mitigation strategies.
A proactive methodology should be employed early in product development to enable optimized solutions to be efficiently designed in. A proactive approach provides an opportunity to identify privacy and cybersecurity risks, and develop effective risk-based strategies to mitigate those risks, before critical product development decision have been made. Last minute privacy or cybersecurity assessments, begun after product development is well underway, may lead to product delays and unnecessary expenses that might have been avoided if the analysis had been done earlier in the product development cycle. Many government agencies’ IoT privacy and cybersecurity guidelines promote proactive risk assessment and risk mitigation. A proactive strategy provides the best opportunity to move your business toward compliance and to demonstrate good faith efforts to implement reasonable privacy and cybersecurity protection.
Security is also an Opportunity
Consumer trust in technology is critical for successful implementation and adoption of new technologies. IoT depends on sensors and devices that collect and process information. If consumers don’t trust these devices (or the use of their data) they may refuse to use them. Developing proactive privacy and cybersecurity strategies provides the best opportunity to demonstrate protecting consumer data is a priority for your business.
John E. Kincaide, Attorney at Law
Kincaide Law PLLC