Ensuring a secure Internet of Things

Senior Vice President, Global Public Policy, AT&T

The rapid rise of a new generation of connected, intelligent devices—collectively known as the Internet of Things, or IoT—is more than just the latest digital enabler to impact organisations of all sizes. The IoT presents vast opportunities for governments and businesses to improve internal efficiencies, serve their customers or constituents better, and enter new markets or provide new services. Such services will transform the way we work and live every day. As the IoT develops, it is essential that security-by-design be a core feature of the connected device ecosystem.

You can see promising innovation in the automotive, shipping, industrial, healthcare, home security and smart city sectors, just to name a few. Take, for example, a wristband fitness tracker or health monitor. Such an item can be a purely personal device for tracking one’s daily exercise; or it can be used for medical purposes to determine a diabetic’s insulin demand. In either case, appropriate security practices are vital. And each member of the ecosystem as well as government has a role to play in ensuring effective security protections that take a holistic view of the threat management environment. Effective threat management involves many interrelated efforts.

First, the device itself must be secure–especially if the device is used to track sensitive medical information like insulin demand, rather than just the number of steps taken in a day. To ensure device security, it is essential that security issues be considered from the very beginning of device design, and should not be an afterthought or bolt-on solution. Furthermore, this design must permit security to be ensured over its complete lifecycle. Although device security is often achieved using hardware based solutions, it may also be implemented through commercial arrangements that involve co-operation with network operators or applications providers.

Second, the device’s operating and applications software must be secure against unauthorised attempts to reprogramme or disable it. Possible solutions include the use of encryption or code signing. And because one may never know all future security threats, it is vital that device and applications providers be able to securely update the software on the device to patch vulnerabilities and security gaps as they evolve. Otherwise, older devices could become unacceptably insecure. Further, since IoT devices are commonly deployed in remote locations, update capabilities such as Firmware-Over-The-Air will be crucial. User data stored on-device needs to be secured, too–perhaps via on-device data encryption so even if the device is breached, the data stored on it remains secure.

Security in networks over which IoT devices communicate is also vital. It does not matter whether these networks are wired, or wireless wi-fi or mobile cellular, customers will demand that they be secure to ensure that data passes reliably between the device and its applications provider. One way this may be achieved is through a secure transmission service such as AT&T NetBond® to link devices to their cloud-based applications servers without exposing their traffic to congestion or online threats like DDoS (Distributed Denial of Service) attacks that exist on the public Internet.

Finally, the computer server managing the device’s application must not be a weak link in protecting the integrity of the service. Regardless of whether this server is the application provider’s own machine or one located “in the cloud,” it must be secured using robust intrusion detection and prevention systems, and firewalls to prevent unauthorised access.

With security being one of the biggest priorities for IoT deployment, effective government partnership with the private sector will be key. This may take several forms. One is that government agencies may convene industry groups to develop cross-sectoral (e.g., device, network, applications) practices and expectations for IoT security. Furthermore, government may assist by providing clear interpretations and advance guidance as to what its general security laws and regulations require for IoT systems and ensuring these requirements are consistent across all units of government and ecosystem participants.

Finally, governments will themselves be deploying IoT solutions for initiatives such as smart cities, smart transportation or effective health care. Given the pervasiveness of these applications, governments will need to collaborate closely with IoT providers to understand security risks associated with their applications and create a framework for shared knowledge. Working together, government and industry can accelerate innovation in IoT and in IoT security.

The IoT is growing exponentially and the need to secure its ecosystem end-to-end is an absolute necessity. This requires a bottom-up holistic approach to security design and implementation in which each ecosystem participant does its part. Continuing close partnership between the public and private sectors is also important to ensure that IoT security innovation continues and solutions are shared across industry and IoT system users. By following this path, the most valuable years of the Internet will always lie ahead of us.

Visit www.ATT.com

©OECD Observer June 2016

Economic data


Stay up-to-date with the latest news from the OECD by signing up for our e-newsletter :

Twitter feed

Suscribe now

<b>Subscribe now!</b>

To receive your exclusive print editions delivered to you directly

Online edition
Previous editions

Don't miss

  • Africa's cities at the forefront of progress: Africa is urbanising at a historically rapid pace coupled with an unprecedented demographic boom. By 2050, about 56% of Africans are expected to live in cities. This poses major policy challenges, but make no mistake: Africa’s cities and towns are engines of progress that, if harnessed correctly, can fuel the entire continent’s sustainable development.
  • “Nizip” refugee camp visit
    July 2016: OECD Secretary-General Angel Gurría visits the “Nizip” refugee camp, situated between Gaziantep and the Turkish-Syrian border, accompanied by Turkey’s Deputy Prime Minister Mehmet Şimşek. The camp accommodates a small number of the 2.75 million Syrians currently registered in Turkey, mostly outside the camps. In his tour of the camp, Mr Gurría visits a school, speaks with refugees and gives a short interview.
  • OECD Observer i-Sheet Series: OECD Observer i-Sheets are smart contents pages on major issues and events. Use them to find current or recent articles, video, books and working papers. To browse on paper and read on line, or simply download.
  • Queen Maxima of the Netherlands gives a speech next to Mexico's President Enrique Pena Nieto (not pictured) during the International Forum of Financial Inclusion at the National Palace in Mexico City, Mexico June 21, 2016.
  • How sustainable is the ocean as a source of economic development? The Ocean Economy in 2030 examines the risks and uncertainties surrounding the future development of ocean industries, the innovations required in science and technology to support their progress, their potential contribution to green growth and some of the implications for ocean management.
  • OECD Environment Director Simon Upton presented a talk at Imperial College London on 21 April 2016. With the world awash in surplus oil and prices languishing around US$40 per barrel, how can governments step up efforts to transform the world’s energy systems in line with the Paris Agreement?
  • Happy 10th birthday to Twitter. This 2008 OECD Observer interview with Henry Copeland said you’d do well.
  • The OECD Gender Initiative examines existing barriers to gender equality in education, employment, and entrepreneurship. The gender portal monitors the progress made by governments to promote gender equality in both OECD and non-OECD countries and provides good practices based on analytical tools and reliable data.
  • Once migrants reach Europe, countries face integration challenge: OECD's Thomas Liebig speaks to NPR's Audie Cornish.

  • Message from the International Space Station to COP21

  • The carbon clock is ticking: OECD’s Gurría on CNBC

  • If we want to reach zero net emissions by the end of the century, we must align our policies for a low-carbon economy, put a price on carbon everywhere, spend less subsidising fossil fuels and invest more in clean energy. OECD at #COP21 – OECD statement for #COP21
  • They are green and local --It’s a new generation of entrepreneurs in Kenya with big dreams of sustainable energy and the drive to see their innovative technologies throughout Africa. blogs.worldbank.org
  • Pole to Paris Project
  • In order to face global warming, Asia needs at least $40 billion per year, derived from both the public and private sector. Read how to bridge the climate financing gap on the Asian Bank of Development's website.
  • How can cities fight climate change?
    Discover projects in Denmark, Canada, Australia, Japan and Mexico.
  • Climate: What's changed, what hasn't, what we can do about it.
    Lecture by OECD Secretary-General Angel Gurría, hosted by the London School of Economics and Aviva Investors in association with ClimateWise, London, UK, 3 July 2015.
  • Is technological progress slowing down? Is it speeding up? At the OECD, we believe the research from our Future of ‪Productivity‬ project helps to resolve this paradox.
  • Is inequality bad for growth? That redistribution boosts economies is not established by the evidence says FT economics editor Chris Giles. Read more on www.ft.com.
  • Interested in a career in Paris at the OECD? The OECD is a major international organisation, with a mission to build better policies for better lives. With our hub based in one of the world's global cities and offices across continents, find out more at www.oecd.org/careers .

Most Popular Articles


What issue are you most concerned about in 2016?

Euro crisis
International conflict
Global warming

OECD Insights Blog

NOTE: All signed articles in the OECD Observer express the opinions of the authors
and do not necessarily represent the official views of OECD member countries.

All rights reserved. OECD 2016