A study conducted by researchers from the University of Illinois at Urbana-Champaign, Stanford University and Avast Software, analyzed the use of IoT devices in homes around the world. According to the findings of the study, the leading continents in IoT use are North America, Western Europe and Oceania (50% and more), then South America, East Asia (30%), Eastern Europe, Southeast Asia, (20%-25%), North Africa and the Middle East, Central Asia (17%-19%) and finally South Asia (less than 10%). The continents also differ in the popularity of various IoT devices. While in North American, Internet-connected television or streaming devices, are the most popular ones, in South Asia, most of the IoT devices are surveillance devices. Although in all regions the security of these devices is lacking, there is still a variance in the level of security between them. In North American and West Europe, the study revealed less security related issues, in comparison to Central Asia, South American and Sub-Saharan Africa. The researchers also discovered that most of the devices are manufactured by a handful of popular vendors in all regions. The full study will be presented at the upcoming Usenix Security Conference 2019.
General Electric (GE) Healthcare and the US department of Homeland security each issued advisories alerting healthcare organizations from security vulnerability discovered in GE anesthesia devices. This vulnerability could enable an attacker to remotely control and change the parameters of the anesthesia device. According to the recommended mitigation steps in the advisories, health organizations should only use secure terminal servers when connecting these devices to TCP/IP networks.
Unicef, Grameenphone and Telenor have signed a partnership agreement in Dhaka on 4 July, whereby through a project titled 'Strengthening and Scaling Child Online Protection in Bangladesh’ they plan to train over 1.2 million children on cyber safety. The program will also train 4,00,000 parents, teachers and caregivers on how to support in protecting children online and expects to reach up to 20 million people through integrated communication campaign and around 50,000 people in taking supportive action. The project also aims to come up with an action plan to mainstream child protection online initiative in Bangladesh.
The US Food and Drug Administration (FDA) issued a warning about cybersecurity risks affecting Medtronic insulin pumps. According to the warning, the vulnerabilities enable unauthorised persons to connect wirelessly to the pump and to alter the pump’s settings, leading to changes in blood sugar levels and possibly diabetic ketoacidosis. The company recalled the faulty pumps and provided alternative pumps to patients. So far, the FDA has not received any reports of patient harm related to the potential cybersecurity risks.
The World Economic Forum (WEF), in collaboration with the G20 presidency, announced its plan to establish universal norms and guidelines for implementing smart city technology. The collaboration which will be named the Global Smart Cities Alliance will bring together members from the G20, municipal and regional leaders, national governments, private sector partners and cities’ residents to deal with smart city technologies. The aim of the initiative will be to define a collective set of principles and standards for the responsible collection and use of data in urban environments. The Internet of Things, Robotics and Smart Cities team in WEF’s Centre for the Fourth Industrial Revolution Network will lead the process.
The US National Institute of Standards and Technology (NIST) published NISTIR 8228- Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The report provides guidance for federal agencies and other organisations on how to manage risks associated with IoT devices through their life cycles. The guide begins by addressing the magnitude of IoT devices used by organisations, highlighting the differences between connected and conventional IT devices concerning their impact, daily management, and their cybersecurity and privacy capabilities. It defines three possible risks organisations need to consider when using IoT devices: device security, data security, and individual privacy. It concludes with the following recommendations. (a) organisations need to consider the security and privacy risks when using IoT devices. (b) They need to adjust and customise policies and processes to address cybersecurity and privacy risks throughout the lifecycle of their IoT devices. (c) Companies need to implement the aforementioned updated mitigation practices. The publication is the first in a series of future NIST publications related to IoT.
US civil society organisation, the Electronic Privacy Information Center (EPIC), published a letter sent to the US Congress sub-committee on Manufacturing, Trade, and Consumer Protection, concerning privacy and security of Internet of things (IoT) devices. The letter was sent prior to a hearing of the Consumer Product Safety Commission, arguing that the commission must do more to protect consumers and ensure the security of IoT devices. The letter advised the commission to demand manufacturers, among others, to minimise data collection, to conduct privacy impact assessments, and to use privacy enhancing measures.
The Agency of Electronic Government and the Information and Knowledge Society of Uruguay (Agesic), signed an agreement with the Internet Society (ISOC) to promote co-operation concerning the challenges of Internet of things (IoT) security and to produce recommendations for developing a security proposal for IoT in Uruguay. In addition, the agreement will involve exchanging research and information and developing training materials. Agesic will lead the process while ISOC will provide operational, administrative, and technical guidance and support to the process. The co-operation will last one year and will be based on a multistakeholder model.
In a report, Barnardo, a UK based Children’s charity has raised concerns of the growing trend of internet addiction among children aged five and below owing to their early access to electronic devices. With children substituting more and more family time to be on social media is not only affecting their mental health but also resulting in failure to think creatively, interact with others socially and manage their own emotions.
Chief Executive Bernardo, Javed Khan shared “Although the internet offers incredible opportunities to learn and play, it also carries serious new risks from cyberbullying to online grooming….These risks can have a devastating impact on the lives of the UK’s most vulnerable children.”
Report of the UN Secretary-General’s High-level Panel on Digital Cooperation "The Age of Digital Interdependence” recommends the development of a Global Commitment on Digital Trust and Security “to shape a shared vision, identify attributes of digital stability, elucidate and strengthen the implementation of norms for responsible uses of technology, and propose priorities for action” (Recommendation 4). According to the Report, the Global Commitment could strengthen the implementation of voluntary norms agreed by the UN GGE in 2015, explore ways to adhere to stricter software development norms and achieve more transparency in the use of software and components. The Global Commitment could also play an important role in capacity development and awareness raising, in particular in cybersecurity and resilience against misinformation, strengthening authentication practices among private sector, and improving the digital hygiene of new users coming online. The Global Commitment should complement existing global processes.