<?php echo html_escape(strip_tags($title)); ?>

Expansion in Digital Assaults

India Needs IoT Security Standards to Fight Against Rising Cyber- attacks

By Md Shoaib --
Wednesday, 25 Nov, 2020

Coronavirus has uncovered considerably greater security weaknesses in the Indian information infrastructure. As the internet turns out to be more pervasive, IoT devices are being put to use by practically all sectors. The Indian telecom industry is intensely reliant on the adoption of IoT to adapt 4G, and push forward 5G trials; the automotive sector is depending on IoT for connected vehicles. The oil and gas market, nuclear, manufacturing and chemical industries are quick to use IoT to manage supply chains, improve efficiency and reduce costs. Notwithstanding, a key challenge faced by different sectors is securing the internet of things. And, in this regard, no policy, standard or governance framework exists in India so far.

The Indian medical services environment is consistently moving towards smart medical devices, digital operation theatres and digital pharmacies, notwithstanding, there is no call for normalization from regulatory bodies, for example, NABH to safeguard Indian medical services industry from cyber-attacks. Despite the fact that the new, advanced, medical equipment deployed hospitals today are IoT enabled, and a majority of them are imported in India, sadly, there is no baseline criteria, labelling scheme available to test the security of these IoT-enabled medical devices.

The greater issue is the majority of the areas utilizing digital technologies or integrating emerging technologies do not have a digital risk element defined by the sectoral regulators till date.

An absence of National cyber strategy featuring the vital danger to these sectors is still awaiting cabinet nod. Subsequently, battling ransomware, advanced persistent threats and malware is becoming tough for the industry, which doesn't have a structure to depend upon to test or review their systems.

Prior this year, the European body, ETSI, released consumer IoT security standard. The standard determines high-level security and idata protection provisions for purchaser IoT devices which incorporates IoT gateways, base stations and hubs, smart cameras, TV, smart washing machines, wearables, health trackers, home automation systems, connected gateways, refrigerators, door lock and window sensors.

This standard gives a minimum baseline for securing devices and sets provisions for consumer IoT. It establishes the foundation for setting strong password control for IoT devices by stating all consumer IoT device passwords must be unique.

In India, and over the world, we see consumer IoT devices getting sold with general default usernames and passwords, (for example, "administrator, administrator"). The greatest danger, regarding IoT devices, is the utilization of general default passwords.

A best practice to fix this issue is to set up unique pre-installed passwords for every device. Singapore is a magnificent model in such manner. The Singapore market names various types of IoT devices in categories and defined controls for each device. Under this plan, every device entering the nation gets marked under a category and receives a unique code and defined guidelines to be followed to secure it. The scheme also sets a minimum baseline security standard for different kinds of IoT devices.

In a nation like India, where IoT devices are imported from China, Taiwan and South Korea, a marking plan like this could tackle the security risk and furthermore address issues with respect to privacy.

IoT, today, has bigger consequences for industry, and subsequently different government division organizations have been working on IoT Security. IISC Bangalore has been driving examination to build models to secure and manage data from IoT devices.

While many of the working groups under these ministries talk to each other through common committees such as BIS/ LITD, a common arrangement defining and allocating areas of responsibility and ownership is clearly missing.

These worries were discussed in an recent event organised by "India Future Foundation" in partnership with the office of India's National Cybersecurity Coordinator. A recommendation was to make a central working group under the office of National Cyber Security Coordinator Office, which could help these multiple departments collaborate on tackling IoT security threats.

Partners from MeITY, DoT, C-DoT, Smart city councilsalso delved on the need to address security and privacy consideration, given India is as of now moving to towards finishing the Data Protection Bill.

The government needs to create a national task force to handle arising safety and security risks in the field.

India Needs IoT Security Standards to Fight Against Rising Cyber- attacks . Coronavirus has uncovered considerably greater security weaknesses in the Indian information infrastructure. As the internet turns out to be more pervasive, IoT devices are being put to use by practically all sectors. The Indian telecom industry is intensely reliant on the adoption of IoT to adapt 4G, and push forward 5G trials; the automotive sector is depending on IoT for connected vehicles. The oil and gas market, nuclear, manufacturing and chemical industries are quick to use IoT to manage supply chains, improve efficiency and reduce costs. Notwithstanding, a key challenge faced by different sectors is securing the internet of things. And, in this regard, no policy, standard or governance framework exists in India so far.

The Indian medical services environment is consistently moving towards smart medical devices, digital operation theatres and digital pharmacies, notwithstanding, there is no call for normalization from regulatory bodies, for example, NABH to safeguard Indian medical services industry from cyber-attacks. Despite the fact that the new, advanced, medical equipment deployed hospitals today are IoT enabled, and a majority of them are imported in India, sadly, there is no baseline criteria, labelling scheme available to test the security of these IoT-enabled medical devices.

The greater issue is the majority of the areas utilizing digital technologies or integrating emerging technologies do not have a digital risk element defined by the sectoral regulators till date.

An absence of National cyber strategy featuring the vital danger to these sectors is still awaiting cabinet nod. Subsequently, battling ransomware, advanced persistent threats and malware is becoming tough for the industry, which doesn't have a structure to depend upon to test or review their systems.

Prior this year, the European body, ETSI, released consumer IoT security standard. The standard determines high-level security and idata protection provisions for purchaser IoT devices which incorporates IoT gateways, base stations and hubs, smart cameras, TV, smart washing machines, wearables, health trackers, home automation systems, connected gateways, refrigerators, door lock and window sensors.

This standard gives a minimum baseline for securing devices and sets provisions for consumer IoT. It establishes the foundation for setting strong password control for IoT devices by stating all consumer IoT device passwords must be unique.

In India, and over the world, we see consumer IoT devices getting sold with general default usernames and passwords, (for example, "administrator, administrator"). The greatest danger, regarding IoT devices, is the utilization of general default passwords.

A best practice to fix this issue is to set up unique pre-installed passwords  for every device. Singapore is a magnificent model in such manner. The Singapore market names various types of IoT devices in categories and defined controls for each device. Under this plan, every device entering the nation gets marked under a category and receives a unique code and defined guidelines to be followed to secure it. The scheme also sets a minimum baseline security standard for different kinds of IoT devices.

In a nation like India, where IoT devices are imported from China, Taiwan and South Korea, a marking plan like this could tackle the security risk and furthermore address issues with respect to privacy.

IoT, today, has bigger consequences for industry, and subsequently different government division organizations have been working on IoT Security. IISC Bangalore has been driving examination to build models to secure and manage data from IoT devices.

While many of the working groups under these ministries talk to each other through common committees such as BIS/ LITD, a common arrangement defining and allocating areas of responsibility and ownership is clearly missing.

These worries were discussed in an recent event organised by "India Future Foundation" in partnership with the office of India's National Cybersecurity Coordinator. A recommendation was to make a central working group under the office of National Cyber Security Coordinator Office, which could help these multiple departments collaborate on tackling IoT security threats.

Partners from MeITY, DoT, C-DoT, Smart city councilsalso delved on the need to address security and privacy consideration, given India is as of now moving to towards finishing the Data Protection Bill.

The government needs to create a national task force to handle arising safety and security risks in the field.