According to FBI Director Christopher A. Wray’s speech on cyber-security in Boston College this month, the threat of digital warfare is “coming at us from all sides”. Wray’s statement is no revelation but it’s only now that we see concrete moves done to improve this sad predicament. A new Charter of Trust has been signed last month between big names like IBM, Siemens and Airbus– calling for binding rules and standards to ensure greater digital security and integrity in both the public and private sectors. It’s a symbolic move that will hopefully encourage other companies to follow suit and treat Wray’s concerns with the appropriate attention they deserve. It’s also a sign of insufficient regulation, despite efforts made in the past couple of years.
The root of the problem is that cyber security is often treated as an afterthought in IoT related sectors. With digitization and IoT slowly penetrating the market, we can no longer afford it to be. Wifi enabled cameras, smart home appliances and automated cars are only part of the estimated 30 billion IoT connected devices, we’re set to have in two years. As convenient as these technological developments might be, connectivity is a prime opportunity for hackers to attain information and get into private systems. Such potentially hostile digital environment forces us to be more suspicious of incoming emails, strange links, insecure websites and pop-ups, forcing private users to develop a sensitivity to cyber-security, encryption and software issues they haven’t needed before.
The private user, however, isn’t the problem- it’s companies and manufacturers that really need to be careful. Being directly tied to local economies their security holes are a national concern which inevitably attracts government attention and a new set of regulations. The EU, for example, is now enforcing General Data Protection Regulations (GDPR) to force companies to protect user information and sensitive data. British smart device manufacturers are now required to install tougher security protocols into their products by the government, meant to reassure consumers of their safety much like other products (such as food or furniture) are expected to. In light of almost half of the country’s small businesses suffering from cyber-crimes in the past year, the London Digital Security Centre (LDSC) has even announced a pilot of cyber security certification course for businesses, backed by the police and the mayor’s office.
Active management of risks is also advocated in the US, where malicious cyber activity against government and industry cost between $57 billion and $109 billion (2016). The National Institute of Standards and Technology recently released an interagency report on cybersecurity for IoT devices. The Report recommends consumer components (used mostly in smart devices) to have strong and readily updatable firmware and better authentication practices to avoid possible attacks on sensitive personal information. Guidelines on attack disclosure released by the Securities and Exchange Commission (SEC) last month are another government attempt to force companies to strengthen their cyber-security. Along with breach notification laws employed in 48 states and cyber-security assessments required in places such as New York, the US is slowly catching up to the significance of the issue in the public sector, much like Europe.