How the Internet of Things is changing the way internet security must be handled.
The Internet of Things is growing and has vast security implications for governments, businesses, and individual users. The Internet of Things (IoT) is full of devices that are not properly secured and can be taken advantage of by hackers. Policy makers must decide how to deal with this phenomenon. The term “Internet of Things” was coined by Kevin Ashton in 1999. At that point, widespread individual use of GPS by the public was not allowed. Now, GPS is being used to develop self-driving cars.  As this sort of technology proliferates, the issues it presents become more and more pressing.
The Internet of Things is a vast network of various electronic devices connected to the internet. Usually, when people think of devices that are connected to the internet, the first things that come to their minds are devices like laptops and cell phones. However, the number of electronic devices that can connect to the internet spans far beyond those typical categories. Now, almost anything with an on/off switch can be connected to the internet: coffee makers, alarm clocks, cars.  It includes an incredible number of devices, including routers, watches, and cars. It’s projected that the number of these devices will exceed eleven billion by the end of this year.  The size of the IoT is already massive.
Both the IoT market and the IoT security market are rapidly expanding. Already, the overall market consists of over $130 billion and a study done by research firm GlobalData projects that the market will triple over the next five years.  Along with the IoT market, the IoT security market is also growing due to a realization that security of IoT devices is an important factor. It is estimated that the IoT security market will grow to $9.88 billion by 2025.  By 2020, the number of IoT devices will likely exceed 50 billion.  Along with this comes some serious implications for the intelligence community. As more and more homes have these devices in them, the potential of them being used to gather intelligence also becomes a factor. In 2016, then Director of National Intelligence, James Clapper, stated to the Senate that utilizing IoT devices for surveillance is a possibility. 
Many devices in the IoT do not have adequate security protections. This fact is demonstrated by a Kaspersky study done on hospitals. Researchers found over 27,716 entry points that were vulnerable to attacks. The vulnerability was often due to out of date software.  Infrequent updating of software is a huge concern for the IoT. If users do not apply security patches that these updates provide, the devices become incredibly vulnerable to attacks. It’s no longer enough to only update laptops and desktops; now businesses and individuals must update everything that is connected to the internet, ranging from security cameras to fridges.  This same vulnerability caused Waymo to decide to only allow their self-driving cars to connect to the internet when they have to. This came on the heels of an experiment in which researchers demonstrated that hackers were able to disable the brakes of a internet-connected car while the driver was at the wheel.  The prospect of a mass hacking of IoT devices is highly sobering. Cars could be purposely crashed, smart kitchens could set houses on fire, and medical devices could become dysfunctional. An enemy could potentially wreak havoc on the United States if they were able to harness this power.
Hackers are able to exploit these security vulnerabilities for Ransomware attacks, DDos attacks, and theft. An example of this is the DDoS attack in 2016 which took down a large portion of the internet in the Eastern U.S. It was accomplished by conducting a botnet attack on IoT devices. These IoT devices were first taken over by hackers and then used to overwhelm internet traffic on certain servers, thus causing the outage.  Thieves have also been able to utilize the IoT to their advantage. The highroller database of the Mandalay Bay Casino was stolen by means of hacking a fish tank. This allowed the hackers to enter the network and then find the database.  Without any security improvements, hacks like these will continue to take place and could potentially be used to take down infrastructure or even larger portions of the internet. This would cause serious problems for communication and intelligence and military operations, as well as the day-to-day life of society.
There are a variety of efforts being made by the U.S. Government to regulate the IoT. Various bills are being considered in both the House and the Senate that attempt to deal with the security concerns that the IoT presents. Some of the bills in the house, such as the DIGIT Act and the SMART IoT act, emphasize Congressional reporting and studies on the IoT. A bill that was introduced in the Senate is the Cyber Shield Act, which would allow the Secretary of Commerce to create a Cyber Shield Advisory Committee. This committee would grade products based on their security in order to inform consumers.  Other bills call for more resources on the IoT to be made available for the general public, while some would impose minimum cyber security standards that radio frequency equipment and any devices purchased by the government must meet. 
Policymakers must proactively address the IoT and the issues that come along with it. The IoT is already impacting the majority of individuals’ daily lives. This may be slightly concerning considering all of the risks that come along with it. The U.S. Government should ensure that information is provided to the public about the risks of unsecure IoT devices. It should also pass the Cyber Shield Act in order to further inform potential consumers of which IoT devices are more secure. Finally, it should ensure that clear standards are set for all IoT devices that are purchased for government use. Taking these steps will help to ensure that the IoT is not compromised.
- Arik Gabbai, “Kevin Ashton Describes ‘the Internet of Things,’” Smithsonian Magazine, January 2015, https:// www.smithsonianmag.com/innovation/ kevin-ashton-describes-the-internet-ofthings-180953749/
- Jacob Morgan, “A Simple Explanation Of ‘The Internet Of Things,’” Forbes, May 13, 2014, https://www.forbes.com/sites/ jacobmorgan/2014/05/13/simpleexplanation-internet-things-that-anyonecan-understand/
- Bernard Marr, “The Internet Of Things (IOT) Will Be Massive In 2018: Here Are The 4 Predictions From IBM,” Forbes, January 4, 2018, https://www.forbes.com/sites/ bernardmarr/2018/01/04/the-internet-ofthings-iot-will-be-massive-in-2018-here-are -the-4-predictions-from-ibm/ #105b8062edd3
- Charlie Taylor, “Global Internet of Things market set to reach $318bn by 2023,” The Irish Times, November 22, 2018, https:// www.irishtimes.com/business/technology/ global-internet-of-things-market-set-toreach-318bn-by-2023-1.3705819? mode=amp&fbclid=IwAR3VPfYtO8YcSyHu S9i1BLv-
- “Global Internet of Things (IoT) Security Market 2015-2018 & 2025 – Surging Demand for Enhanced Privacy is Driving the Market,” Market Watch, November 16, 2018, https://www.marketwatch.com/pressrelease/global-internet-of-things-iot-security -market-2015-2018-2025—surging-demand -for-enhanced-privacy-is-driving-the-market -2018-11-16
- Vala Afshar, “Cisco: Enterprises Are Leading The Internet of Things Innovation,” Huffington Post, August 28, 2017, https:// www.huffingtonpost.com/entry/ciscoenterprises-are-leading-the-internet-ofthings_us_59a41fcee4b0a62d0987b0c6
- Alfred NG, “IoT attacks are getting worse — and no one’s listening,” Cnet, March 15, 2018, https://www.cnet.com/news/iotattacks-hacker-kaspersky-are-gettingworse-and-no-one-is-listening/
- Young Entrepreneur Council, “10 Big Security Concerns About IoT For Business (And How To Protect Yourself),” Forbes, July 31, 2018, https://www.forbes.com/ sites/theyec/2018/07/31/10-big-securityconcerns-about-iot-for-business-and-howto-protect-yourself/#2592ce767416
- Jamie Condliffe, “Why Some Autonomous Cars Are Going to Avoid the Internet,” MIT Technology Review, January 10, 2017, https://www.technologyreview.com/ s/603339/why-some-autonomous-cars-aregoing-to-avoid-the-internet/.
- Lily Hay Newman, “WHAT WE KNOW ABOUT FRIDAY’S MASSIVE EAST COAST INTERNET OUTAGE,” Wired, October 21, 2016, https:// www.wired.com/2016/10/internet-outageddos-dns-dyn/.
- Oscar Williams-Grut, “Hackers once stole a casino’s high-roller database through a thermometer in the lobby fish tank,” Business Insider, April 15, 2018, https://www.businessinsider.com/hackersstole-a-casinos-database-through-athermometer-in-the-lobby-fish-tank-2018-4
- Ed Markey, “S.2020 – Cyber Shield Act of 2017,” Congress.gov, October 26, 2017, https://www.congress.gov/bill/115thcongress/senate-bill/2020/text
13.J.C. Boggs, “Regulating the Internet of Things,” RFID Journal, November 18, 2018, https://www.rfidjournal.com/articles/ view?18038