IoThreats

Based on identified challenges, potentials and threat scenarios, the IoThreats project has formulated short-, medium-, and long-term measures for the use and handling of the Internet of Things and Smart Environments. To this end, technical, legal and social aspects were pointed out, in order to show possibilities for the utilization of IoT. The measures define the essential areas of action, in which decision-makers can actively contribute to a safe smart-home for all residents.

Over the last couple of months, IoThreats has been working to build an important knowledge basis for decision-making and strategy development for police forces and other relevant stakeholders. The materials produced in the project can make a decisive contribution to this and can also be adapted for external stakeholders. Due to the high dynamics in current IoT security research and development, in addition to the added value created for the user, economic value creation can also be generated in the future by the project partners through orders and consulting activities.

The findings and results from IoThreats clearly show that Internet of Things (IoT) devices are more dangerous than traditional computers because they affect the world around us in a direct, physical way. Given the significant threat potential posed by new IoT technologies, there is a clear need for research and information from different stakeholders in operational policing.

The project has defined main areas of action in which decision-makers can actively contribute to a largely secure smart home for all residents. These can essentially be categorized on several levels:

• Advice and information measures: Initiatives, networks and other measures that raise the awareness and the ability of the actors involved (consumers, decision-makers) to act about the phenomenon.
• Operational measures: Optimization of the communication paths (“reporting path”), e.g., clear methods for consumers to determine who to contact in the event of a claim; Forwarding relevant information to device manufacturers, etc.
• Legal framework: Legal framework (e.g., “Cybersecurity Act”) which, among other things, prevents market access for vulnerable smart home systems

Information & Operative Measures

The need for information measures is based on the observation, that users oftentimes lack the knowledge about dangers posed by IoT devices. This can e.g., be observed in the still prevalent practice of using (easily hackable) standard passwords. Multiple measures can help to overcome this information gap, for instance, the preparation of tailored information material, lectures for sensitisation and awareness raising, awareness-raising campaigns and prevention projects.

Operative measure means to optimize the information flow between relevant actors, so to optimize the overall communication between actors. One specific measure is, for instance, the optimisation of the vulnerability reporting process.

Legal Framework

Legal measures in the field of IoT security have been established in recent years. Government regulation makes sense, especially in environments where users may not be aware of the dangers. In the USA, for example, the IoT Cybersecurity Act 373 was implemented in 2017, which is intended to establish stricter security guidelines in the area of IoT security. South Korea developed a master plan outlining the national IoT strategy back in 2014

The Staff Working Document “Advancing the Internet of Things in Europe” outlines the European Union’s access to the development of the Internet of Things in the coming years and places particular emphasis on the vision of a “people-centred” Internet of Things. Das The document is based on the vision of the digital single market and at the same time points the way for legal developments in the field of IoT security at European level.

The legal framework has been analysed in the project with support of the partner ALES, the Austrian Center for Law Enforcement Sciences. The need for better protection against unlawful intrusion into a computer system “hacking” was pointed out here, as well as the implementation of a vulnerability disclosure policy.

Links

Project website: https://www.iothreats.at/

Keywords

Smart Home, Threats, Hacking, Internet of Things, Cybercrime