Iran Is Challenging IoT Security

This post is also available in: עברית (Hebrew)

As we have previously reported, the Internet of Things (IoT) may be on the brink of changing our lives – but before that happens there are some hurdles to be passed. One of them is pretty big: security. Everything from watches to medical devices is going digital and always online. Unfortunately, a lot of these devices were not designed with security in mind. This leaves them vulnerable to attacks. And when your pacemaker is subject to a ransomware attack, it’s going to make a compromised email account look like child’s play.

Iran is now tackling this issue. Last week, Iran told the Secretary General of the International Telecommunication Union (ITU) Houlin Zhao that the UN agency has so design “appropriate regulations” for IoT.

“Currently, the ICT [Iran’s Ministry of Information and Communications Technology] is facing new and challenging issues,” said Aliasghar Amidian, head of Iran’s telecoms regulator, “such as the Internet of Things (IoT), 5G, and OTTs which require appropriate regulations.”

The ITU has been in existence since 1865, and as one of the world’s leading bodies setting standards seems an appropriate task for it. The issue, and quarrel between governments and industry, stems from the question of what responsibilities to delegate to governing bodies, and what industry refuses to let go of.

Iran would want, we can imagine, for the strictest governmental control over the internet. The ITU itself would be happy to bolster its own prestige and powers by exercising such control. But, industry experts argue that it is the wild-west atmosphere of the internet that has made it the massive, life-changing success that it has become. Stifling the innovative spirit of the internet, they argue, could only do it harm.

Moreover, what precisely should come under the jurisdiction of the ITU – or any other agency – is in itself an open question. Do VoIP technologies count, or infrastructural technologies such as 5G?

To forestall moves by intra-governmental regulatory bodies, Intel, Siemens, and over 25 other companies have founded the IoT Security Foundation (IOTSF) this September, with the goal of improving IoT security and standards. Let us hope they can get the ball rolling in the security direction quick enough, before the risks become all too evident.