The need to regulate the Internet of things

Today, in the third reading, the State Duma of the Russian Federation adopted a law banning the circumvention of locks through VPN and anonymizers. When to wait for bans and regulation in the field of Internet of things? And is there any sense at all to regulate there?

The Internet of Things is no longer a new term, because increasingly we hear mention of this technology everywhere. The Internet of Things (IoT) is a network consisting of uniquely identifiable objects (“things”) that can interact with each other and with the external environment using embedded technologies and without human intervention.
')
Since the number of things that can be connected to the Internet is growing in a geometrical sequence every year, the technologies of the Internet of things will undoubtedly have a significant impact on the global economy. According to the forecast of International Data Cooperation (IDC), the growth of the Internet of Things market will be 16.9%, which may require clear regulatory intervention.



Another aspect requiring attention from government is security. Every thing connected to the Internet, in addition to the physical component, also has any information online, so you need to remember about information security and possible cyber attacks that can disable or, on the contrary, put things connected to the Internet into action. Often, device manufacturers neglect security, which leads to an increase in the number of threats.



In 2015, analysts at Hewlett Packard investigated the security of IoT devices and found out that 70% of IoT devices had security vulnerabilities in credentials, almost no data encryption was used, there were also problems with access resolution. In 2016, almost three-quarters of users surveyed by Accenture said they knew about the possibilities for hacking IoT devices. The issue of security in this area is extremely critical, since it is assumed that most of the devices that we connect to the Internet will serve us much more than 2-3 years. At the same time, today, many manufacturers do not provide software updates for IoT devices, which can be detrimental even in cases where security was provided in the original software.

According to experts, this situation may improve due to state regulation, which obliges manufacturers to provide the necessary level of protection and impose some restrictions on the development of the IoT market.

At the moment, no definition of a basic level of security and privacy has been adopted for smart devices. There is also no definitive legal basis for trusting IoT devices and IoT services.

However, in 2016, it became known that the European Commission plans to introduce mandatory certification or another similar procedure for devices connected to the Internet of Things. That was supported by some chip manufacturers, such as Infineon, NXP, owned by Qualcomm, STMicroelectronics and the European Network and Information Security Agency (ENISA). They also made a proposal to develop and implement basic cybersecurity standards for connected devices.



The recently proposed initiative Building a European data economy also contributes to the creation of a single European market for the Internet of Things. This initiative includes policies and legal decisions regarding the free flow of data across national borders, as well as issues of responsibility in environments such as the Internet of Things. In addition to political initiatives, the EU put forward specific research and innovation challenges in the ongoing funding program Horizon 2020.

In Russia, the Federal Agency for Technical Regulation and Metrology also in 2016 announced the beginning of the formation of a technical committee on standardization “Cyber-physical systems”, which will deal with the standardization of such areas as “Internet of things”, “Smart cities ”(Smart cities),“ Big data ”(Big data) and“ Smart manufacturing ”(Smart manufacturing). In the framework of the activities of this committee, national standards will be adopted that meet the pending ISO / IEC international standards.

Also, members of the Russian Association of the Internet of Things introduced a draft narrow-band radio broadcast NarrowBand Fidelity (NB-FI) for the Internet of Things. It is planned to bring this standard to the international level.



The Narrow Band Fidelity (NB-FI) standard allows IoT devices to exchange data at a distance of up to 10 km when the device is operated for up to 10 years without recharging. For the work of the standard, the Association intends to use the frequency of 868 MHz, which is not occupied by other technologies and does not require permits to work. In addition, the Association has agreed to expand the frequencies of the “Internet of Things” with the Ministry of Defense, the Federal Security Service and the Federal Security Service.

It is still clearly not clear where such activities of states will lead, but from the experience of already organized attacks, such as Mirai, it is clearly seen that the security of the Internet of Things requires actions both from manufacturers and from government bodies.