Chirag Pathak, Senior Solution Architect, Mobiliya
It was in 1999 that the term the “Internet of Things (IoT)” was first coined by Kevin Ashton in a presentation to Proctor & Gamble. Ashton, a co-founder of MIT’s Auto-ID Lab also pioneered the use of RFID in supply chain management. Ever since, the connected device technology literally took the world by storm. Since 2009, from just 10 years of its conception, the world has had more Internet-connected devices than the total human population. Tech companies have latched on to IoT at jet speed to create consumer and enterprise products and platforms. Consumers too have adopted the technology and have come to be more dependent on connected devices than ever before, then be it in the form of home automation, for work or for their daily commute. With producers and consumers already in sync, it has been the government, the final cog that completes the triangulate, that has been the one dragging its feet, first in adopting and then in finding the right strategy to regulate IoT.
However, for governments the world over, the time to act is now. According to a report formulated by the National Security Telecommunications Advisory Committee, the federal government and companies that operate critical infrastructure like power grids and telecommunications systems have a window of only 3-5 years to secure and regulate the IoT. According to the Committee, the IoT will continue its surge with the number of connected devices expected to be between a whopping 26 billion to 50 billion devices by 2020. As the devices grow, federal governments will have lesser opportunities to minimize the risks, making it even more vital for governments to act ASAP to create a formal strategy to handle this transformation.
Government as the Sole IoT Regulator: A Flawed Approach
The government, till date, has been largely responsible for executing tasks that are beyond the scope of single or a group of companies or commercial establishments. Typically, providing infrastructure like roads, railways, power, water, airways, bridges, canals, dams, telephone lines or gas connections are services that come under the purview of the government. However, with IoT, for the first time, the government will now be responsible for regulating something as intangible as data or information that flows between devices, sensors and networks, as it is the information that IoT provides that creates value. For different devices and sensors to be able to communicate and share data, it is necessary that they share common standards for data formats and communication protocols. It may seem logical to think that the best way for the government to regulate IoT would be to create these standards as a means to regulate the information that flows. However, considering that already, there are several industrial groups that are in the process of designing these standards, for the government to take it up again would be a little redundant or even counter-productive. It is only a matter of time before an industry-wide IoT standard is in place, much like the communication protocol standards like 4G and WiFi or device addressing standards like IPv6. The government may take up setting up of IoT guidelines for critical industries, especially with features like interoperability but the complete regulation of IoT standards may actually slow down innovation.
The biggest responsibility that governments have is to ensure data security and privacy as more and more devices and companies exchange data to gain greater and newer insights. However, the biggest problem is that IoT is an incredibly dynamic and rapidly proliferating technology with new systems, processes and uses, emerging almost every day. On the contrary, federal regulatory processes often take several months or sometimes even years to legislate and enact new rules, which can become redundant or irrelevant very soon. Also, as data travels beyond national boundaries that have different concepts of privacy and security, having a single federal regulatory system for IoT seems improbable.
The Way Ahead
The best starting point for the government to emerge as a regulator of IoT is in its dual role – that of an IoT user and that of the IoT infrastructure provider. Instead of trying to regulate a rapidly changing technology, the government can instead adopt a more layered approach and leverage its role of a user and infrastructure provider to become a major driver in developing, managing and securing IoT without compromising on user security and privacy.
1. Government as a User: As governments push for smart city objectives the world over, federal authorities and utility providers have emerged as the biggest users of IoT by proliferating a mesh of smart meters and devices driving the city’s electricity, water supply and transport facilities in order to better serve their citizens. By becoming the biggest users of IoT, governments can play a huge role in influencing IoT innovation and usage pattern. The government can become a “role model” by setting an example of how IoT must be used by setting responsible requirements and buying highly secure and robust IoT solutions.
2. Government as an Infrastructure Provider: With IoT, there are two safety concerns: devices which were not conceived as a connected device but are now connected, and devices that are designed to be connected devices. There are bigger safety concerns for the former—the government must target such devices through license regulation, based on compliance standards and criteria. The government can categorize IoT devices based on what they sense, what they use, what they actuate, who manufactures them, who owns them and who operates them.
Also, often the main reason for a product’s security to be compromised or to be vulnerable is because it is used in unanticipated ways or used in ways other than what it was originally built for. By providing a secure and stable infrastructure provider, the government can ensure that IoT products and solutions are used only for their target objectives. Any other unwarranted uses should be cracked down on thereby preventing any possibilities of security and privacy attacks.
The government must play a vital role in ensuring the safety of the devices and information shared by the users.
3. Ensure Transparency: One of the biggest problems currently haunting the IoT domain is the lack of transparency on the part of companies about how the data collected from millions of users is stored and how will it be used. The government can champion this cause by communicating clearly to the users the type of data collected from users and how the government plans to use it in the present and in the future. From the public safety perspective, it is important to understand: how information drives the system with connected devices, how this information-driven behaviour can be governed, how the system monitors and audits its operations and who is authorized to audit such a system. The government can come up with more regulations to control and manage the digital information producer, consumer and trust authorities. We see this happening already in the case of the European Union.
4. Common Criteria Certification: In order to ensure comprehensive security of IoT devices, federal governments can become a major enabler of Common Criteria Certification. Government-enabled criteria can be a good benchmark for accredited agencies to verify the security of the IOT devices and provide an authentic certificate to IoT device manufactures.
The government can play a vital role in shaping the future of IoT by becoming the most dominant user and provider of the technology. Also, instead of restricting the flow and exchange of information between devices or companies, the government can make it mandatory for companies to seek the consent of users while collecting data and limit the data usage to prevent the companies from using the data in any other way.
About the Author: Chirag Pathak, Senior Solution Architect, Mobiliya
Chirag is responsible for developing architecture for solutions in the domains of Security, IOT, Enterprise Cloud Services, Augmented Reality and Cloud based Additive Manufacturing. He has over 20 years of experience in embedded systems, telecommunication systems and software engineering. His research activities involve multi agent systems using block chain and artificial intelligence for managing IOT systems.
Founded in 2011, Mobiliya provides device-to-cloud software engineering and system integration services with specialization in Internet-of-Things, enterprise software, augmented reality, embedded systems, security and automotive. Mobiliya’s engineers take pride in delivering high quality end-to-end solutions for the world’s leading companies. Headquartered in Dallas, Texas, the company has global engineering and delivery centers based out of USA, Canada, India, China and South Korea. For more information, visit www.mobiliya.com.