The European Commission announced during the Mobile World Congress that it will partner with Brazil to develop 5G technologies. Such partnerships have already been established in South Korea, china and Japan. The news was published in the Mobile World Daily of Wednesday 24 February, which further includes articles on the Internet of Things, the monetisation of data, mobile money, and many other topics.
In a report published recently, Gartner predicts the ‘top 10’ Internet of Things (IoT) technologies for 2017 and 2018: IoT security solutions; IoT analytics; IoT device management; low-power, short-range IoT networks; low-power, wide-area networks; IoT processors; IoT operating systems; event stream processing; IoT platforms; and IoT standards and ecosystems. According to Gartner, these IoT technologies will impact organisations more and more, having implications in areas such as business strategy, risk management, architecture, and network design.
The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'. Such devices both generate enormous amount of data and create new contexts in which data are used. IoT triggers a multitude of policy issues, from standardisation to protection of privacy.
When we say that Internet helps us to connect we also implicitly refer to the fact that some of our devices can be connected and transfer data among themselves. Primarily, we are thinking about computers, mobile phones, tablets, e-readers. But what if every device we use on a daily basis, such as transportation vehicles, home appliances, clothes, city infrastructure, medical and healthcare devices, can connect via the global network to a remote center or to other device? This gives the term ‘connected’ a different, broader meaning.
This is the general idea behind the IoT, a network of physical objects or ‘things’ connected via electronics, software, and sensors to exchange data with manufacturers, operators, or other connected device. The main objective is to achieve greater value or service. IoT devices use the present Internet structure, not a separate/different Internet.
The most common sensors currently used for IoT device communication are radio frequency identifiers, universal product codes, and electronic product codes. In addition, researchers are continuously exploring new modalities for connecting IoT devices, such light emitting diodes (LEDs).
Some of the most developed IoT industries include home automation, health monitoring, and transportation. Other industries where IoT is playing a prominent role important role are energy, infrastructure, agriculture, manufacturing, and consumer applications.
In general terms, the IoT in increasingly seen as having a significant development potential, that can contribute to achieving the sustainable development goals (as underlined in an ITU–Cisco Systems report from 2016, and at various sessions held at the IGF 2016 meeting).
Even if the size of a single piece of data generated by connected Iot devices could be quite small, the final sum is staggering due to the number of devices, estimated to reach between 20 and 100 billion by 2020. According to the International Data Corporation, by 2020 the ‘digital universe’ will reach 44 zettabytes (trillion gigabytes), and 10% of this amount would come from IoT devices.
The business sector is leading major IoT initiatives. While companies such as Intel and Cisco continuously develop their portfolios of IoT services, telecom operators have started to deploy IoT-dedicated networks on large scale, to encourage the use of IoT. Moreover, companies from different sectors are joining forces in alliances aimed at further contributing to developments in the field of IoT. Examples include the Open Connectivity Foundation, whose aim is to contribute to achieving interoperability among IoT devices, and the LoRa Alliance, which works in the field of IoT standardisation.
Governments are also becoming more and more aware of the opportunities brought by the IoT, and they are launching various types of initiatives in this area. The European Union, for example, has initiated the Horizon 2010 Work Programme 2016 -2017: Internet of Things Large Scale Pilots for testing and deployment, a funding programme aimed to encourage the take up of IoT in Europe. In the USA, the Department of Commerce has issued a Green Paper on Fostering the Advancement of the Internet of Things, and is exploring a potential role (and related benefits and challenges) for the government in supporting the evolution of the IoT field. The Chinese government, on the other hand, has created the Chengdu Internet of Things Technology Institute, through which it funds research in various IoT-related areas.
The IoT generates massive amounts of data, and this has triggered major concerns related to privacy and data protection. Some IoT devices can collect and transmit data that are of personal nature (e.g. the case of medical IoT devices), and there are concerns about how the devices themselves are protected (ensuring their security), as well as about how the data they collect is processed and analysed. While information transmitted by an IoT device might not cause privacy issues, when sets of data collected from multiple devices are put together, processed, and analysed, this may lead to sensitive information being disclosed.
IoT devices are increasingly used as tools in large cyber-attacks, bringing the security of such devices into sharper focus. One notable example is from October 2016, when a series of distributed denial of service (DDoS) attacks against Dyn Inc., a large Domain Name System hosting and DDoS‐response provider serving top online service providers, rendered many services – including Twitter, PayPal, Reddit, and Spotify – temporarily unavailable, and slowed down Internet traffic across the globe. In the context of ongoing debates on the responsibility that the private sector should take when it comes to IoT security, companies have started to launch initiatives in this area. In one such example, AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trustsonic have formed the IoT Cybersecurity Alliance, with the aim to ‘help customers address IoT cybersecurity challenges, demystify IoT security, and share best practices’. At the same time, standard-setting organisations are more carefully looking into developing IoT security standards. Despite such initiatives, there have been calls for governmental intervention, with security experts arguing that the private sector is not sufficiently motivated to appropriately address IoT security concerns, and that regulations and public policies are needed to cover issues related to security standards, interoperability, and software updates requirements.
Ongoing developments in the field of automated systems (i.e. self-driving cars, medical robots, etc.) bring into light an increasingly important interplay between IoT, artificial intelligence (AI), and big data. Artificial intelligence, a field that undergoes a very fast development, provides ‘thinking’ for IoT devices, making them ‘smart’. These devices, in turn, generate significant amounts of data – sometimes labeled as big data. This data is then analysed and used for the verification of initial AI algorithms and for the identification of new cognitive patterns that could be integrated into new AI algorithms.
While this interplay presents an enormous business potential, it also brings new challenges in areas such as the labour market, education, safety and security, privacy, ethics and accountability. For example, while AI systems can potentially lead to economic growth, they could also generate significant disruptions to the labour market. As AI systems involve judgements and decision‐making – replacing similar human processes – concerns have also been raised regarding ethics, fairness, justice, transparency, and accountability. The risk of discrimination and bias in decisions made by autonomous technologies is one such concern, very well illustrated in the debate that has surrounded Jigsaw’s Conversation AI tool. While potentially addressing problems related to misuse of the Internet public space, the software also raises a major ethical issue: How can machines determine what is and what is not appropriate language?
Such challenges have determined both governments and the private sector to take several steps. The US National Science and Technology Council outlined its strategy for promoting AI research and development, while the White House made recommendations on how to prepare the workforce for an AI‐driven economy. The UK Parliamentary Committee on Science and Technology asked the UK government to take proactive measures. In the European Parliament, the Committee on Legal Affairs proposed the adoption of an EU ‘legislative instrument’ to tackle legal questions related to the development of robotics and AI, as well as the introduction of ‘civil law rules on robotics’. In the private sector sphere, major Internet companies (IBM, Facebook, Google, Microsoft, Amazon, and DeepMind) have launched the Partnership on Artificial Intelligence initiative, aimed at addressing the privacy, security, and ethical challenges of AI, and initiating a broader societal dialogue on the ethical aspects of new digital developments.
The article describes several ‘tips’ that could help startups succeed in the Internet of Things market.
The report outlines data security threats and concerns in emerging cloud, big data and Internet of Things technologies. Based on the results of a global survey conducted among over 1100 senior security executives, the report identifies the following as the main data security concerns: security breaches/attacks, increased vulnerability from shared infrastructure, lack of control over the location of data, privacy violations from data originating in multiple countries, protecting sensitive data generated by IoT.
The latest edition of glossary, compiled by DiploFoundation, contains explanations of over 130 acronyms, initialisms, and abbreviations used in IG parlance. In addition to the complete term, most entries include a concise explanation and a link for further information.
The book, now in its sixth edition, provides a comprehensive overview of the main issues and actors in the field of Internet governance and digital policy through a practical framework for analysis, discussion, and resolution of significant issues. It has been translated into many languages.
The document provides an overview of Internet of Things (IoT) origins, drivers, applications, and communications models, and examines several IoT related challenges: security; privacy; interoperability and standards; legal, regulatory, and rights; and emerging economies and development.
The report outlines predictions of the development of the technology, media, and telecommunications sectors in 2017. It covers issues such as: biometric security, distributed denial of service attaches, self-driving vehicles, 5G networks, machine learning, and Internet of Things as a service.
The report, prepared by the Global Commission on Internet Governance, outlines a series of recommendations to policy makers, private industry, the technical community and other stakeholders on modalities for maintaining a ‘healthy Internet’. It tackles aspects such as: the promotion of a safe, open and secure Internet, human rights for digital citizens, the responsibilities of the private sector, safeguarding the stability and resiliency of the Internet’s core infrastructure, and improving multistakeholder Internet governance.
The report looks into how the Internet of Things is issues to address social, economic, and business challenges, discusses factors that accelerate the adoption of the technology, and points to IoT security and privacy related challenges. It also makes recommendations for how business and consumers can derive the most benefit from IoT in the following two years.
The report analyses the opportunities that homes equipped with Internet of Things connected devices offer to society, as well as at the security and privacy risks inherent to such devices. It also provides a series of recommendations on how to maximize the value of IoT home devices, while minimising concerns.
This report analyses threats, attack patterns, and common strategies used to attack Internet of Things technologies employed in the automotive industry.
The paper provides an overview of the mobile network ecosystem in 2015, and presents a series of projections and growth trends in the mobile data traffic. A continuously growing adoption of mobile technologies by end users is predicted, and it is expected that this will make the Internet of Everything more sustainable.
The report analyses the role that Internet of Things technologies can play in tackling global development challenges, and outlines several enabling policies that could facilitate IoT deployment.
The MISR has been published annually since 2009 and features key ICT data and benchmarking tools to measure the information society, including the ICT Development Index (IDI)
The recommendations, contained in 12 separate reports, cover Internet of Things (IoT) policy and standard issues such as: IoT applications, innovation ecosystems, IoT standards, policy issues, smart living environment for ageing well, smart farming and food safety IoT applications, wearables, smart cities, smart mobility, and smart manufacturing.
This report examines and documents evolutions and emerging opportunities and challenges in the digital economy. It provides a comprehensive overview of the digital economy, including matters of infrastructure, policy, net neutrality, development, privacy and security.
The report explores how Internet of Things applications (can) create value for companies, consumers, and economies, and discusses enablers and barriers in this regard, as well as new business models and a new tech market for IoT.
The report explores the emergence of the Internet of Things connected homes’, analyses consumers’ demand and adoption, and outlines several steps that the industry and the policy makes can take to ensure that IoT can realise its full potential in improving people’s lives.
The study explores current and future security challenges facing enterprise and government organisations in the Internet of Things market.
The report explores the transformative potential of the industrial Internet of things, and analyses opportunities and benefits deriving from IoT connected products, as well as risks and challenges associated with the evolution of the technology. It also outlines a number of recommendations aimed to accelerate the overall IoT development.
Mr Andy Bates, Executive Director, United Kingdom, Europe, Middle East & Africa, Global Cyber Alliance, introduced the Global Cyber Alliance, and then stated how cybercrime has overtaken normal crime in terms of economic value. Despite the increasing economic risk of cybercrime, he argued that ‘cybercrime is just crime’, pointing out that it is crime adapting to modern tools. In his opinion, the responses should not basically differ too much from the measures taken to address other forms of crime. He highlighted that cybercrime is usually serial in nature, with many criminals potentially using the same vulnerability and being repeat offenders. He discussed the human psychological aspect in the context of phishing and spoofing emails as well as structural issues with the Internet.
He presented a tool called DMARC, which enables individuals and companies to register domains that then establish a handshake between actors to monitor email trustworthiness. In addition, he presented the Internet Immune System, a blacklist given to top level Internet service providers (ISPs) to track pages which contain malware. He argued that ISPs should work towards cleaning up the internet for individuals.
Lastly Bates outlined future scenarios, focussing mostly on the importance of sharing of information across private and public sectors, together with measures that would seek to prevent duplication. In addition to this he mentioned how reporting about cybercrime could be centralised. As a concluding remark he pointed out that individuals need to use common sense and intelligence when addressing cybercrime.
Dr Gustav Lindstrom, Head of the Emerging Security Challenges Programme, Geneva Centre for Security Policy (GSCP), gave a presentation which focussed on the issues and trends for future consideration in the field of cybersecurity. Firstly, he stressed that raising awareness needs to be a constant process. Due to its constantly changing nature, cybercrime should be seen as an emerging threat.
Lindstrom’s second point focussed on the key aspects of evolving technology and services which remain beneficial for us but also pose security challenges. He discussed many developments such as cloud computing, as the cloud is an attractive target for attacks. He described how the cloud can be used to hide malware. In addition to cloud computing, he mentioned how big data, through injecting false data, poses security threats in addition to the privacy issues. He also discussed the issue of 3D printing which can be used to circumvent existing measures, while providing potentially dangerous tools. Circumventing existing measures is also a risk posed by distributed ledger technologies. As a final aspect of this, artificial intelligence and machine learning, despite their ground-breaking advantages, run the risk of being misused and compromised.
The Internet of Things (IoT) can provide benefits, but it also opens the door for many new potential threats. Lindstrom pointed out how the shift in states’ cyber defence and offence poses a challenge. He argued that an increasing number of countries have developed capabilities to move from defence to offence, with roughly 30 countries having dual capabilities, but this number is hazy as is the boundary between defence and offence. As such, Lindstrom suggested, offensive cyber operations will likely increase and cyber weapons might be updated at a fast pace, especially in terms of delivery mechanisms. As a final point, while there are differences in state capabilities, all countries will try to seek to utilise zero-day vulnerabilities to their advantage. He then concluded his presentation by pointing out the increasing role of the private sector in the field, which is not only due to financial aspects but also due to the proliferation of public-private partnerships.
The launch of the Geneva Digital Talks series – organised by the Canton of Geneva – gathered around 80 representatives from the technical, governmental, business, not-for-profit and academic communities. The speakers included representatives from the Canton of Geneva, the International Committee of the Red Cross (ICRC), the EPFL’s School of Computer and Communication Sciences, Deutor Cyber Security Solutions, the Federal Department of Foreign Affairs (FDFA), the University of Geneva, FONGIT (Geneva's high-tech start-up incubator), and the Geneva Internet Platform (GIP). The key messages of the launch event revolved around the need to understand cybersecurity in a multidisciplinary way.
At the start of the discussions, we were reminded that Geneva is, above all, a platform of dialogue and a place for finding sustainable solutions. Moreover, Geneva has a reputation as an ecosystem for stakeholder engagement, where the digital discussions can be people-focused.
Security is key to modern societies, but it was not originally built into the Internet. Addressing it now is comparable to repairing a plane while flying it. To understand the issue, the discussions followed the journey of an Internet data packet that crosses national borders, that is vital to digital economy and innovation, and is ultimately crucial in high-level negotiations impacting a number of sectors.
The interplay between the Silicon Valley as a place of technological development and social disruption, and Geneva as a constructive, human rights-oriented policy space, set the tone of the discussion. Recent calls from the private sector to advance discussions on a cyber treaty, brought forward the need to have a shared understanding of the vulnerabilities, issues and prospects of cyberspace. If a cyber incident amounts to a kinetic attack, international law applies, but for everything in between, there is a ‘grey zone’, just as there is for a distinction between ‘civilian’ and ‘military’ in digital terms. Previously, key conventions have been negotiated with the involvement of non-state actors in equally sensitive fields, such as the Biological and Toxin Weapons Convention or the Chemical Weapons Convention.
On its journey, the Internet data packet is first tested physically: the integrity and correctness of the code are essential, as there is no bug-free software or liability for software in place. While we are getting better at writing and verifying software in safety-critical applications, trust in the ability of others, who are unknown to us, to fix it is gradually eroding if we can no longer distinguish between good and bad intentions.
To diminish the risks of interference and misuse, the Internet data packet should be protected by a community that understands infrastructure, relevant technology and invests in security. Suggestions were made to eliminate the prevalent ignorance and complacency about security, also distinguishing between IT security and cybersecurity. The latter concerns a criminal network with a goal. Effective co-operation needs to include users (to notify about breaches) and providers (to react to vulnerabilities or breaches) working together. Regulation can also be used as a carrot to incentive and a stick to sanction those who do not comply, thus increasing the overall level of security.
When it comes to the framework for state action, different instruments are currently deployed. In addition to the guidelines provided by the UN Group of Governmental Experts in their 2015 report (11 voluntary norms), international law, and in particular the UN Charter, includes provisions on the use of force, the interference in the domestic affairs of states, the peaceful means to solving conflicts, but also, self-defense. International customary law covers state responsibility, even when using proxies, and due diligence for international wrongful acts that apply to digital space. In international humanitarian law, if the kinetic dimension is reached in cyberattacks, cyber means amount to armed conflict. Moreover, the human rights obligations of states apply online, as they do offline (e.g. freedom of expression). Confidence building measures, such as the ones put forward by the Organisation for Security and Cooperation in Europe (OSCE), represent additional means to strengthen collaboration at the global level. With this multi-layered framework in place, it is important to build awareness and strengthen the capacity of states to understand and apply it before new binding rules are discussed.
When discussing the attribution of risk and responsibility, there is a danger of substantive fragmentation: we have global technologies, but local laws and there is an overlap of regulations and sets of conflicting norms, that may be detrimental or counterproductive. The question here is whether we can move from the Geneva Digital Talks to policies, or even to the Geneva Digital Courts to address the needs of regulators. As the birthplace of international arbitration, Geneva has a unique role to play in the attempt to solve Internet-related disputes.
From a digital economy perspective, the Internet data packet has recently been carrying more and more sensitive records, including health and personal data, or social security information. With the advent of the Internet of Things (IoT), we will move from cyber to digital security in a much broader sense. Every second, 95 passwords are stolen around the world, showing that security by itself is no longer enough. There is a need to move from security by reaction to security by interaction. The Internet giants that operate most online services need to be brought into the conversation about norms, key responsibilities and regulation.
The Geneva Digital Talks will continue with a series of events in the build-up to the Internet Governance Forum. The focus of the GDT will be set on the following aspects, identifying key competencies available in Geneva: technological, legal, social and political.
More information on the GDT and online exchanges can be found here: https://www.giplatform.org/geneva-digital-talks.
The eleventh Symposium of the Future Networked Car took place on 9 March 2017, during the 87th edition of the Geneva International Motor Show. The Symposium was jointly organised by the International Telecommunication Union (ITU) and the United Nations Economic Commission for Europe (UNECE). The main objective of the event was to offer a platform for a fruitful discussion among different stakeholders – vehicle manufacturers, governments and Information and Communications Technology (ICT) industries – on the future of vehicle communication and automated driving.
The session started with opening remarks from Mr Malcolm Johnson, Vice Secretary-General at the ITU, who stressed the importance of bringing together multiple stakeholders in order to foster technological innovation. In particular, he underlined the crucial role of the ITU as a UN-mandated agency that has successfully brought together and facilitated the convergence between two communities: industry and ICT sectors. The Symposium has seen growing participation in the last years, and has attracted more than 170 participants in 2017.
Ms Eva Molnar, Director of the Sustainable Transport Division of UNECE, joined Mr Johnson in stressing the importance of co-operation, not only between different industry sectors, but also between different agencies – as is the case with the ITU and UNECE. In particular, her speech approached vehicle automation from a regulatory perspective: she reasoned on the relevance of the existing legal conventions vis-à-vis the latest technological changes and pushed for the development of harmonised regulations.
The event comprised five thematic panels, each discussing a specific aspect of vehicle automation.
The Executive Roundtable reflected on the advantages and challenges that automatic driving will bring to individuals and societies once such technology is spread on a larger scale. All speakers talked about the necessity of harmonising the standards regulating such technology among different countries.
In particular, Mr Anders Eugensson, Director of the Governmental Affairs Department at Volvo Car Group, analysed the benefits of automated driving for individuals in terms of costs, liability and accuracy of data. With the development of such technology, customers would purchase automated driving packages that would cost less than a car. Moreover, he considered that cars will operate autonomously, and, in case of accidents, the responsibility would not rely directly on customers. Finally, thanks to cloud connectivity technology, the data available to the car system will be more accurate.
The Second Panel reflected on the benefits of fifth generation mobile networks or wireless systems (5G) for the development of automated driving. The speakers agreed on the crucial role of 5G technology for automated vehicles, especially in terms of connectivity and communication among units. Mr Peter Vermaat, Chair of the Connected Vehicle Working Group at the Wireless World Research Forum, considered that as opposed to a cloud computing type of connectivity (i.e. storing and accessing data over the Internet), Peer-to-Peer (P2P) computing (interconnected communication among peers, i.e. automated vehicles) allows for increased safety and improved efficiency of communication, and reduces the need for infrastructures.
The Third Panel discussed how Artificial Intelligence (AI) will change current transport systems. All the speakers built their discussions on the benefits of automated driving discussed by the previous panellists. Furthermore, they focused mainly on the possible risks to individuals from the deployment of AI. They assessed such risks in terms of security (protection from cyber-attacks), personal data protection (privacy concerns) and social economic externalities (loss of jobs in the car industry or transportation sectors).
The Fourth Panel focused on the relationship between connected vehicles and automated driving. The panellists discussed the co-dependency of connectivity and automated driving: having accurate communication systems among vehicles is crucial for the development of automated driving systems on a larger scale. David Holecek, Director of the Connected Products and Services Division at Volvo Car Group, concluded that connectivity, autonomous driving and AI are the cornerstones that will develop the concept of fully autonomous cars rather than autonomous driving in the future.
The Fifth Panel concluded the session by focusing on the cybersecurity threats to automotive systems. The speakers discussed the consequences that connectivity has in terms of individuals’ security in particular. Based on an interconnected system, automated vehicles operate in a constantly-hostile environment, susceptible to hackers’ attacks, resulting in financial cyber ransom, car theft and loss of control over the vehicle.
The 47th WEF Annual Meeting, which took place in Davos-Klosters, Switzerland, on 17‒20 January, brought together leaders from across business, government, international organisations, academia, and civil society, to discuss several digital policy issues.
The future of the digital economy was an overarching theme for many sessions, exploring aspects such as the digital transformation of industries, the fourth industrial revolution and its implications (in areas such as gender equality and jobs), steps for shaping national digital strategies, the need for shared norms and rules for the digital economy, and trust-based collaboration among stakeholders. Security and crime in the digital era were part of the discussions, with a focus on multistakeholder approaches for tackling cybercrime, the cyber resilience of critical infrastructures, cyberwar and forms of manifestation, and terrorism in the digital age. During the meeting, WEF launched a report on Advancing Cyber Resilience: Principles and Tools for Boards. Prepared in collaboration with the Boston Consulting Group and Hewlett Packard Enterprises, the report outlines a series of principles and tools for companies to tackle cybersecurity risks and ensure the resilience of their information infrastructures.
The advancements in the field of Internet of Things (IoT) and artificial intelligence (AI) were also looked at during this year's WEF meeting, as participants explored policy implications and outlined the need for principles and standards to ensure that IoT and AI products bring benefits to society as a whole, while minimising the risks (in areas such as social inclusion, privacy, and security). Trustworthy online information, a topic that has attracted a lot of attention lately, was also discussed, with a focus on possible modalities for balancing freedom of expression with the need to educate users on how to differentiate between real and misinformation.
In addition to contributing thir views to these and many other discussion tracks, WEF participants used the meeting as an opportunity to launch new initiatives and agree on future actions. In one such example, major financial service providers (e.g. Mastercard, Visa, and Paypal), global IT and telecom companies (e.g. Ericsson and GSMA), and intergovernmental organisations (e.g. the United Nations Development Program and the United Nations High Commissioner for Refugees) agreed on six principles on public-private cooperation aimed at facilitating digital cash payments in crisis-affected populations.
As has been the case at many other high-level events recently, the Agenda for Sustainable Development also featured high in Davos. On a more general level, world leaders discussed the challenges of globalisation and the increasing anti-globalisation trends. Many of the debates revolved around the need to identify modalities for reforming the governance of globalisation processes, with a view to improving them and making them better suited to contribute to global growth and development.
The survey, which polled 9,000 individuals from nine countries (Australia, Brazil, Canada, France, Germany, India, Mexico, the United Kingdom, and the United States), offers insights into how end users see the evolution of smart homes, as well as into users’ concerns regarding the security and privacy risks associated with IoT connected home devices.
The guide explores risks and opportunities associated with the Internet of Things, and provides a framework with recommendations for securing the IoT.
The set of guidelines contain recommendations on how to mitigate security threats and weaknesses in Internet of Things services. It includes guidelines for service ecosystems, endpoint ecosystems, and network operators.
The document provides guidelines for public and private organisations when plannins and organising the selection and validation of smart city technologies. It describes the types of testing and assessments to consider in order to select the most secure vendors and technologies.
The document provides guidance for the secure implementation of Internet of Things (IoT)-based systems. It provides an overview of IoT security challenges threats to individuals and organisations, and outlines several security control mechanisms that could be used to mitigate such challenges and threats.