Water Supplies, Smart Grids, Personal Privacy, and Elections As Targets: An IoT Governance Ecosystem Can Improve Security

By Lori Cameron
Published 10/16/2017
Share this on:

DDOS Attack written on keyboard

On October 21, 2016, numerous platforms and services—including Amazon, Twitter, Spotify, and the New York Times—were shut down by an overwhelming denial-of-service attack targeting Dyn, which is an internet performance, online infrastructure, and domain registration services company that serves users across Europe and North America.

The attack was executed using malware called Mirai, which converted numerous Internet-of-Things devices, such as cameras and wireless devices, into bots that flooded targets with traffic, essentially shutting them down.

While services were eventually restored, researchers have grown increasingly concerned about the potential for widespread attacks on even more highly sensitive targets such as water supplies, home devices, elections, and infrastructure systems, putting large segments of the population at risk.

Internet of Things (IoT) applications are increasingly being used in industries like “energy management systems, industrial automation, and in management of urban facilities, such as smart grids and smart traffic lights,” write researchers Virgilio A. F. Almeida of Harvard University’s Berkman Klein Center for Internet and Society, Benjamin Goh, and Danilo Doneda, a professor of civil law at the Law School of the Rio de Janeiro State University (UERJ). Their article is titled “A Principles-Based Approach to Govern the IoT Ecosystem,” (login may be required for full text) published in the July/August 2017 issue of IEEE Internet Computing.

Read IoT governance research here (login may be required for full text)

IoT poses serious cybersecurity risks “around privacy and security protections, especially when they’re used in mission-critical systems. In essence, IoT applications amplify vulnerabilities in existing software and hardware,” they add.

The authors propose the formulation of principles as a means to unify the multiple bodies and organizations involved in an IoT governance ecosystem:

  • The structure of the Internet governance ecosystem should ensure the meaningful and accountable participation of all stakeholders, including governments, the private sector, civil society, the technical community, the academic community, and users.
  • Global IoT governance ecosystem models should be open, participative, transparent, and consensus-driven.
  • Internet governance should be carried out through a distributed, decentralized, and multi-stakeholder ecosystem.

Many of these principles were developed from the NETmundial Multistakeholder Conference held in 2014. Any weaknesses in the governance model can be addressed through accountability, transparency, and “an open and participative dialogue for constructing the IoT governance ecosystem,” say the authors.

Related research on digital, computing, and internet governance

Login may be required for full text.




About Lori Cameron

Lori Cameron is a Senior Writer for the IEEE Computer Society and currently writes regular features for Computer magazine, Computing Edge, and the Computing Now and Magazine Roundup websites. Contact her at l.cameron@computer.org. Follow her on LinkedIn.