Internet of Things (IoT) also poses significant challenges for cybersecurity
The Internet of Things (IoT) is a network of connected devices that can collect, process, and exchange data over the internet. IoT devices can range from smart home appliances and wearable gadgets to industrial machines and healthcare equipment. IoT has the potential to transform various sectors and improve the quality of life for millions of people.
However, IoT also poses significant challenges for cybersecurity, as each device becomes a potential entry point for hackers and cybercriminals. With an estimated 14.4 billion IoT devices in use in India by the end of 2023, the attack surface for cyberattacks expands significantly. Moreover, IoT devices often lack adequate security measures, such as encryption, authentication, and updates, making them vulnerable to hacking, data theft, malware, denial-of-service attacks, and other threats.
The consequences of IoT security breaches can be severe, affecting not only the privacy and safety of individuals and organizations, but also the national security and critical infrastructure of the country. For example, hackers can compromise smart meters and cause power outages, hijack medical devices and endanger patients’ lives, or take control of smart cars and cause accidents. Therefore, it is imperative to ensure that IoT devices are secure by design and follow the best practices for cybersecurity.
The Government of India has taken several steps to address the IoT security challenges and promote the development of a secure and resilient IoT ecosystem in the country. Some of these steps are:
- The Telecommunication Engineering Centre (TEC), under the Department of Telecommunications (DoT), has issued a technical report on “Security by Design for IoT Device Manufacturers” in March 2023. The report provides guidelines and recommendations for implementing security principles and practices in the design, development, testing, deployment, and maintenance of IoT devices. The report also proposes the creation of a National Trust Centre (NTC) for the certification of IoT devices and applications.
- The Ministry of Electronics and Information Technology (MeitY) has established a Standardisation Testing and Quality Certification (STQC) Directorate for providing quality assurance services for IT and electronics products, including IoT devices. The STQC also conducts cybersecurity audits and assessments for various government and private entities.
- The Bureau of Indian Standards (BIS) has adopted several international standards on IT and IoT security, such as ISO/IEC 27000 series, ISO/IEC 29182 series, ISO/IEC 30141, etc. The BIS also participates in the development of new standards through its Technical Committee on IT Security Techniques (LITD 17).
- The Telecommunications Standards Development Society of India (TSDSI) has been working on developing standards for IoT security, interoperability, and scalability. The TSDSI also collaborates with other national and international standards bodies, such as ITU-T, ETSI, 3GPP, etc., to harmonize the IoT standards.
In addition to these initiatives, there is a need for more awareness and education among the stakeholders involved in the IoT value chain, such as device manufacturers, service providers, consumers, regulators, etc. They should be aware of the risks and benefits of IoT devices, as well as their roles and responsibilities in ensuring their security. They should also follow the best practices and guidelines issued by various authorities and experts on IoT security.
IoT is a promising technology that can bring many benefits to India’s economy and society. However, it also poses significant cybersecurity challenges that need to be addressed urgently. By adopting a security-by-design approach and following the best practices for cybersecurity, India can leverage the potential of IoT while minimizing its risks.