Governments have always used all methods available to protect the safety and interest of their citizens. ‘Spying’, with all of its ethical implications is just one of these methods. However, it is built largely on trust. Who has access to this data, what data is available and what will they do with it, are crucial questions. Additionally, our lives are now lived online. Our communication is via phones and email, our children and families grow via online photos. At no other point in history has so much data been created and stored outside the confines of users’ physical ownership. The trust required to access this data has been significantly eroded through recent revelations that intelligence agencies (not just the US) have moved from highly targeted campaigns against known or suspected threats, towards systematic, broad reaching mass surveillance touching everyone, including the people they are designed to protect – the citizens.
People have an incredible appetite for risk at an individual level. They give away huge amounts of data just for the right to access “free-to-play” games online. However consumers are increasingly aware of security and privacy, even if they are not completely abreast of all of the details. This means that while IoT “smart” features used to be a differentiator amongst the highly competitive consumer market, security and privacy is now the main differentiator. This places the emphasis on manufacturers to prove their devices are secure and consumers will vote with their wallets.
Organisations need to consider security/privacy as a top priority, from small businesses through to multinational enterprises. Companies that have embedded security into their DNA will have a strong understanding of their core information assets and their value. From there, decisions can be made in addition to process/people/technology reviews to protect these assets from spying through IoT devices. One way to do this is to standardise to a smaller set of approved IoT devices and run them through a qualified Testing and Validation lab, similar to Common Criteria, but focused on security risks such as surveillance (government or otherwise).
This is where a company like DarkMatter can assist in helping businesses establish a cyber security programme incorporating policies, procedures, and personnel, developing a cyber security strategy that will give them visibility into their environment and deploy defensive technologies and methodologies.
The region has always prided itself on developing centres of excellence and showcasing the future where ever possible. This includes demonstrating to citizens and consumers that IoT devices that surround their smart systems are safe and secure from undisclosed surveillance and are intended and capable of delivering on their promise of safer and smarter cities and lives. This includes settings standards then testing and validating across those standards. It also requires transparency into this process as well as strong educational campaigns to allow citizens, or their trusted advisors such as the media, to understand how these risks have been addressed and how to best protect themselves and their privacy in their daily lives.