2018 was the year of the Internet of Things (IoT) – massive attacks and various botnets, a leap in regulation and standards, and increased adoption of IoT devices by consumers and enterprises, despite the existence of security and privacy concerns. 2019 will continue these trends but at a faster pace.
IoT Attacks in 2018
Among the multiple IoT attacks in 2018, we saw Wicked, OMG Mirai , ADB.Miner, DoubleDoor, Hide ‘N Seek and even a Mirai-Variant IoT Botnet used to target the financial sector. Yet, the major attack of 2018 was definitely VPNFilter, hitting over half a million devices, mostly routers, from a wide range of known vendors. While such an attack is relatively massive, it is no longer uncommon or unexpected.
Regulatory Efforts Will Increase
Do the increased attacks mean the industry is becoming accustomed to IoT cyber attacks? The regulation around IoT security was this year’s signal that the answer is, fortunately, no. Multiple regulatory actions at different levels were taken.
The DCMS (Digital, Culture, Media & Sport) department of the United Kingdom government published the “Code of Practice for Consumer IoT Security” and the “Secure by Design: Improving the cyber security of consumer Internet of Things Report”, setting guidelines and recommendations for secure IoT devices.
The California government took it a step further and passed the “B-327 Information Privacy: Connected devices” bill, which is the first to focus on IoT devices requiring them to be secure and protect the user’s privacy. This bill demonstrates that governments can, and will, be involved in regulating IoT devices.
Upcoming government standardization efforts will continue to increase substantially in 2019. We foresee regulations expanding beyond authentication and data privacy, and into more detailed requirements of network security and visibility into device bills of materials. These actions will increase the requirements, from security recommendations to actual mandates, that vendors must comply with.