The Union Ministry of Communication and Information Technology is sitting on the draft Internet of Things (IoT) policy. There are still no regulations in place to deal with the threats posed by IoT.
According to experts, IoT renders people and businesses and other institutions vulnerable to a lot of threats and manufacturers have been negligent in solving these vulnerabilities that can potentially put the digital and physical safety of people in grave danger.
The Department of Electronics and Information Technology (DEITY) had released a revised draft of Internet of Things policy for comments in April 2015. But, the policy is still in the draft stage. An official part of the policy drafting body told this newspaper, “The threats are very real. One of the primary issues is that several manufacturers venture from software to hardware space or hardware to software space, having no considerable experience in the newer venture. Now, what is happening is that these manufacturers are integrating internet networking capabilities in their devices. In doing so, they are embedding software and code without acquiring the sufficient experience and the knowledge to provide the best solutions.”
When asked about the delay on the policy, the official said, “It is taking time because deliberations are complicated. An expert committee has been formed, their report is yet to submit.” Speaking on the variety of threats, the official said: “We associate internet and internet threats to devices like desktops, laptops, smart-phones. That’s a normal threat perception we had till a few years ago. But technology moves faster than us. Your smart appliances can be used to cause a fire in your house. Internet connected surveillance cameras in your homes can be used on you. Most of these equipments are manufactured in countries like China, Brazil, Taiwan etc. There are hurdles in working out these legalities.”
Christopher Poulin, research strategist, IBM X-Force Threat Intelligence, stressed that the “prime focus is on security in the Internet of Things space. The main issue we are trying to address is how to make available end-point integrity, firmware updates and threat detections.” Poulin, a network-security veteran who has also advised the US Air Force in earlier stages of his career, has argued for several years that appliance manufacturers who don’t acquire sufficient skills to integrate safe and robust network capabilities in their smart IoT devices leave the end-user vulnerable.
According to a recent Gartner report, the world IOT economy will grow to $300 billion by 2020 and India will have at least 5-6% share of this pie. Devices on the IoT are being used as entry points for attacks by cyber criminals with users unaware of the threat entry point.
Over the last few months, researchers have recommended that the IoT threats can be tackled by collectively using a well-established Operating System with a trusted firmware. But, that will take collective will. Emails sent to the ministry seeking official response on the delay of the policy went unanswered.