[Read more session reports and updates from the 14th Internet Governance Forum]
With representatives from the Internet Society (ISOC), the Internet Corporation for Assigned Names and Numbers (ICANN), the Réseaux IP Européens Network Coordination Centre (RIPE NCC), Google, and other organisations, this session discussed possible solutions for the accountability and security of the Internet of Things (IoT) devices. The session was a part of the Dynamic Coalition on Internet of Things (DC IoT) discussion.
Efforts to create safe IoT devices should be driven by the responsible behaviour of all stakeholders, from device manufacturers, software development communities, and governments, to network operators and Internet service providers.
The circle of responsibility starts with the manufacturers, where strong embedded security should be deployed on all levels. Device manufacturers need to impose security measures that are now considered default, such as encrypted communication, strong non-default passwords, and the ability to have appropriate security updates. But this is just the first step. Once a device is purchased by the consumer, several other requirements are needed.
Firstly, labels and instruction manuals should inform users on the level of privacy and security threats regarding a particular device. No ambiguity should be allowed. If users do not understand what they are buying, sales and innovation might be stifled. The use of IoT devices by people with disabilities should be carefully regarded to enable easy handling.
Secondly, it is important where the device will be used. There is a crucial difference if a device is used at home or in a hospital as a medical device. Clear connectivity options should exist, enabling users to disconnect a device if needed. This is important for both regular updates and mitigating possible attacks and cyber-threats. An important proposition is to use the Internet Protocol version 6 (IPv6) as it is designed with security in mind.
Some people will not refer to IoT as the Internet. As mentioned by Mr Olivier Crépin-Leblond (Chair, Dynamic Coalition) there are serious risks in the Internet infrastructure, particularly on the side of badly configured devices. IoT devices with poor DNS configurations can pose threats and be used for amplified attacks, as was stressed by Ms Merike Kaeo (Security and Stability Advisory Committee, ICANN).
By Arvin Kamberi