IoT / M2M: Boom Time and Cyber Insecurity
INTERNATIONAL INSTITUTE OF COMMUNICATIONS
UK CHAPTER EVENT
10 february 2016 - 5.00 pm
HOSTED BY KPMG
20 GROSVENOR STREET, LONDON W1K 4QQ
IOT / M2M: BOOM TIME AND CYBER INSECURITY
Chaired by Aline Doussin of Squire Patton Boggs LLP, the IIC UK Chapter meeting on IoT and cybersecurity, looked at the questions arising from the rapid rise and success of IoT and machine to machine communications, many of which are around ‘cyber insecurity’ – a subject debated by the IIC UK membership over recent months.
The discussion was opened with brief presentations from the panel consisting of Robert MacDougall (Head of Enterprise Regulation, Vodafone), Jano Bermudes (Senior Manager, Security Architecture, KPMG) and Ian Smith, (Technical Lead Project Manager, GSMA).
The terms ‘Machine to Machine’ (M2M) and ‘Internet of Things’ (IoT) have been used interchangeably but it was pointed out that M2M forms a subset of IoT, being a bilateral interaction between machines without other intervention. IoT suggests a much broader set of interactions with input from use as well as communications between machines. The discussion ranged over the issues raised by IoT, with an especial focus on the policy issues. These ranged from a concern about privacy for individuals to business interruption to the damage that could be caused to a brand or business’s reputation.
A few key points were raised:
- That products which use IoT need to be built with privacy and security in mind.
- Security is not something that can be implemented once but has to be managed and kept updated as new challenges on that security are to be faced.
- Therefore security should be factored into the business model at the outset, which was not the case generally.
- That the Internet of Things is a cross-border issue and therefore straddles national regulatory policies; hence the importance of seeking harmonisation of policy at least in a broad sense.
- It was recognised that there is too much diversity in the way in which the products were put together in their life cycle from beginning to end to aim for complete harmonisation, but good practices should be shared and interoperability should be a goal.
- It was recognised however, that interoperability itself could be a weakness and the security aspect was only as strong as the weakest link in the chain.
- The importance of cross sector interoperability was raised a number of times, with different parts of the IoT value chain currently falling under different (and possibly competing) regulatory structures. This was something that needed to be addressed.
- That the issues raised by IoT need to be understood by consumers and they need to be made aware of the ways in which their data were used.
A number of industry initiatives were described to address the concerns of policy makers.
The discussion went on to consider the range of issues at stake, including some mentioned such as the valuation of cyber risk (such as hacking of devices) for specific types of M2M propositions, associated insurance aspects, all the way to the role and impact of a whole raft of regulations on the development of M2M propositions (from roaming, to E-Call regulations, data protection, privacy, numbering, net neutrality etc.).
It was suggested that Members of Parliament (both in the UK and in the European Parliament) be given access to the presentations which laid out the issues clearly. This was agreed.
- Monday, 14 September 2015