Will ISPs Step Up to the IoT Challenge?
The Internet of Things is already upon us and promising to get much bigger. For all of its promise, and there is a ton, IoT is also set to deliver a world of confusion to many consumers. And that's something the telecom industry can address if it chooses.
The savvy folks are already nestled snugly in their smart homes, with their push-button door locks, perfectly timed lights and smart thermostats. Most of us aren't that savvy, however, and have likely not retrofitted our older homes with more than one of those things.
And as we are learning, even the savviest of consumers may not be as safe in their smart homes as thought: Home IoT devices are the latest warriors in the botnet armies that launch distributed denial of service (DDoS) attacks, according to recent reports. In addition to Level 3 Communications Inc. (NYSE: LVLT)'s news this week, there have been other reports this year, such as one from the Canadian security firm Sucuri, on the use of 25,000 closed-circuit TV cameras as botnets in massive DDoS attacks. (See Smartphone, IoT Security Threats Hit Hard.)
CCTV devices seem to be everywhere these days -- for security purposes, of course -- and they are networked for convenience. Smart home devices such as thermostats and door locks are also networked so that their users can access relevant data remotely. What is being done for safety (ironically) and efficiency may actually be making homes and their residents less safe.
Those network connections can make consumers vulnerable to hackers and be useful as botnets. So how are you supposed to know if your devices are unwitting tools of cyber criminals? Or if you are being hacked and potentially victimized?
Level 3 CSO Dale Drew says one way is to consult with your broadband ISP to look at your network usage and see if there are patterns that indicate your devices are in play -- such as network activity when there shouldn't be any. But he admits not all broadband service providers are able to provide that information to consumers. Most consumers won't know to ask for it.
Drew thinks device manufacturers are going to have to do a better job of providing security and of delivering security patches automatically. I would agree that we, as consumers, are unlikely to be searching for security patches for our webcams and DVRs on a regular basis, so any kind of automated patching would have to be done via the network. That would mean that at the time a device is connected, it is also registered to be part of an ongoing patch program.
There may also be enough concern growing that the industry creates a way of certifying the safety of gear -- or including warnings as to what hasn't been secured.
Drew believes broadband network operators themselves need to step up and take more responsibility for monitoring the traffic on their networks and proactively working to block or filter that which follows the patterns of botnets or other forms of cyber attacks or data breaches.
I think he's got a good point. The IoT trend is already underway and is only going to get bigger. Device manufacturers eager to cash in on the hype aren't going to be reliable sources of security -- and consumers may not wish to maintain an ongoing relationship with every company from whom they buy a sensor or camera.
But there is a relationship with the broadband service provider and that is ongoing. Many major telecom companies have geared up their security operations in recent years and their managed security services portfolios, but most of these seem aimed at businesses. IoT will be a very democratic trend, potentially affecting a much bigger audience.
Security could be one vital aspect of an IoT play on the broadband ISP side that helps monetize this service by delivering consumers something they'll value. Even if a broadband ISP chooses not to engage in this IoT support as a service they'll sell, the chances are good they are going to have consumers coming to them once problems arise, and security issues could be a big part of that, especially if current trends continue.
— Carol Wilson, Editor-at-Large, Light Reading