The Green Sheet Online Edition
February 23, 2015 • Issue 15:02:02
FTC preps for IoT opportunities, threats
The Internet of Things (IoT) is expanding, according to a Federal Trade Commission report released Jan. 27, 2015. The agency sees IoT as "devices or sensors – other than computers, smartphones, or tablets – that connect, store or transmit information with or between each other via the Internet." This poses a unique dilemma for security analysts. On one hand, these devices are a boon to consumers. On the other hand, they create millions of new points of entry for potential hackers.
In conjunction with the January report, the FTC published Careful Connections: Building Security in the Internet of Things with specific recommendations for implementing security best practices such as using point-to-point encryption and authentication technologies.
Steve Robb, Senior Vice President at Atlanta-based ControlScan sees raising the security bar as imperative. He said hackers have demonstrated the ability to gain entry through "a seemingly innocuous weak point – like an HVAC control system" to wreak havoc. "What the FTC has recommended are sound security best practices that the payments industry has been urged to adopt for years. In particular, it's critical that security be built into solutions and not just bolted on later," he added.
Payment technologies leverage IoT
The payments industry participates in the IoT's connected technologies to create thin, intelligent systems that bring real-time interactivity and complexity to commerce. Next-generation PIN pads and processing devices use radiofrequency identification, near field communication, bar codes, and quick response codes to communicate with consumers and other connected devices.
According to recent Forrester Research, U.S. mobile payments will to grow from $52 billion in 2014 to $142 billion by 2019. And Apple Pay, driving the trend toward wearable technology with Apple Watch, is expected to factor heavily into all mobile payment discussions in the coming year.
FTC urges business best practices
The FTC report raised concerns about privacy and security as the IoT grows. It used data from a workshop held on Nov. 19, 2013, in which technology executives, academics, industry trade representatives and consumer advocates brainstormed on how to protect consumers from the inherent security hazards of a hyper-connected world.
The FTC's recommended best practices include making security an integral part of the design of intelligent devices, fostering a culture of security within all participating organizations and limiting the sharing of consumer data. The agency suggested that consumer data aggregators don't always use data in consumers' best interests and may be tempting targets for hackers.
Mark Wayne, Executive Vice President at Detroit-based ANXeBusiness, said, "With new federal regulations on the horizon, the topic of security has escalated from an IT staff discussion to an executive boardroom concern." He added that it is more crucial than ever that companies create a plan to protect sensitive customer data from a breach, especially with the expansion of privacy concerns in the mobile and wireless spaces.
Smart strategies to adopt
Wayne recommended all supply chains adopt the following strategies:
- Protect the organization financially
- Physically secure the network
- Ensure compliance regulations are met
- Establish a proactive crisis management plan
The FTC would like to see improved transparency among companies that collect consumer data, by limiting the categories of data that are deemed acceptable to collect as well as by letting consumers choose how their information will be used. Current guidelines for best practice propose that companies have the option of collecting no data, only collecting data that falls into acceptable categories or "de-identifying" the data collected.
These guidelines are consistent with the FTC's 2012 Privacy Report, which stipulates the need for strong data security and breach notification, as the commission continues to explore preventive guidelines and best practices with many IoT stakeholders.
Other active FTC initiatives include the FTC Act, the Fair Credit Reporting Act and the Children's Online Privacy Protection Act; development of consumer education and business guidance; participation in efforts involving multiple stakeholders; and advocacy to other agencies at the federal, state and local level.
FTC Chairwoman Edith Ramirez voiced concern for American consumers' safety and well-being as they increasingly transact within the IoT's global footprint, currently estimated to include 25 billion connected devices.
"We believe that by adopting the best practices we've laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized," Ramirez said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.