Vint Cerf, brought up escrow arrangements as a way to ensure the credibility and safety of IoT devices and defines the IoT broadly as “anything that’s programmable, and perhaps something that also has communication capability.”
This extends beyond appliances in your house, your office, in your car, or on your person. It’s any “communicating software that takes in real-world information and has an effect on the real world.”
While the IoT certainly has applicability for consumers with smart homes and autonomous vehicles, B2B applications will be even more widespread. The IoT will enable digital transformation in manufacturing, healthcare, agriculture, energy, and other industries. Bain predicts B2B IoT segments will generate more than $300 billion annually by 2020, while consumer applications will generate $150 billion by 2020.
Cerf explains, “People are rushing to build products that have these characteristics – communication, computation, and programmability. But, they’re not paying as much attention to access control, security, privacy, safety, and autonomy.” As a result, the rush to IoT could be compromising safety and security.
It’s critical to put security and privacy measures in place from the outset because cybercriminals see the opportunity for profit with the IoT, just as legitimate businesses do. As witnessed with the Dyn cyberattack in 2016, a botnet can be built from hacked IoT devices – such as home routers and DVRs – exploiting the fact that default passwords were never changed.
We’ve also seen massive data breaches in 2017 including Equifax, Blue Cross/Blue Shield, FAFSA, the SEC, Deloitte, Hyatt hotels, Uber, eBay, and other corporate giants. Organizations must be acutely aware of security and privacy issues as their connected devices share our financial and confidential personal information. Often, IoT data is uploaded into the cloud and shared between devices, which means a greater loss of control, and even more vulnerability. That’s why on the B2B side, protecting proprietary data and intellectual property is viewed as one of the greatest challenges enterprises must meet in terms of smart, connected products.
As reported in this Forbes article, market research firm Forrester outlines the following challenges to achieving a secure IoT:
One of the issues is that at present, no one is held responsible. This IoT Agenda article asks, “Who is incentivized to secure IoT? Should the companies producing connected chips be responsible for enabling secure devices? Should responsibility fall to the manufacturer of the devices, like the folks who make thermostats or cars? Or do we need government regulation to set the baseline for what is acceptable?”
Vint Cerf discusses the potential for IoT regulation, incentives for doing the right thing, and the role government should play. As people increasingly rely on devices full of software, Cerf points out the need for a Cyber-Underwriters Laboratory (which, in fact, is in the works as outlined in this Network World article).
Cerf offers a possible solution: “Suppose you couldn’t sell a product unless you agree to reveal the source code to some party who agrees to keep it private but still has the credibility to have said we ran it through a series of tests, we did analyses, and we believe it to be safe.”
The third party that Cerf refers to could be an escrow agent. Today, we rely on technology escrow agents, such as NCC Group, to safeguard source code so that both the buyer and seller of the technology can rely on a private, safe version of that technology in case it is ever needed in the event of bankruptcy, business failure, or other lack of support.
Cerf brings this situation up in terms of IoT devices. “There are serious supply chain questions that worry me,” he comments. “An example is someone building a device, throwing in a random piece of source operating system code and not caring whether it will ever be maintained or not, [because they] just want to sell the devices.” The vendor may not have a commitment to maintaining the IoT device over a period of time, although the people who buy them have the expectation that they’re going to work for a decade or more. He continues, “What if the company goes out of business within six months because it wasn’t a popular product, yet you want to keep it and use it? Maybe there are escrow arrangements concerning the source code. I think there’s room for quite a bit of domestic and possibly international exploration of agreements.”
With over 30 years experience in technology escrow industry - we know it is a proven solution to safeguard source code, data, and intellectual property. As technology evolves, it is interesting to see how this tried and true solution may take on a new wrinkle protecting the IoT.
If you have any questions, feel free to contact us.
Our experts are here to help you.