As part of Sandvine’s ongoing commitment to advocate for technically sound Internet policy globally, we continue to take an active role with the Broadband Internet Technical Advisory Group (BITAG). BITAG is a non-profit, multistakeholder organization focused on bringing together engineers and technologists in a Technical Working Group (TWG) to develop consensus on broadband network management practices and other related technical issues that can affect users’ Internet experience. In so doing, BITAG hopes to better inform policy discussions globally.
Sandvine’s CTO, Don Bowman, recently contributed to a BITAG TWG report entitled, Internet of Things (IoT) Security and Privacy Recommendations.
Several recent reports have shown that some IoT devices do not abide by rudimentary security and privacy best practices. In some cases, devices have been compromised and allowed unauthorized users to perform surveillance and monitoring, gain access or control as part of massive attacks, induce device or system failures, and disturb or harass authorized users or device owners.
The BITAG report identifies several potential issues contributing to the lack of IoT security and privacy best practices, including:
- Lack of IoT supply chain experience with security and privacy;
- Lack of incentives to develop and deploy updates after the initial sale;
- Difficulty of secure over-the-network software updates;
- Devices with constrained or limited hardware resources (precluding certain basic or “common-sense” security measures);
- Devices with constrained or limited user-interfaces (which if present, may have only minimal functionality); and
- Devices with malware inserted during the manufacturing process.
In the report, BITAG makes ten recommendations to address these challenges.
In its own Global Internet Phenomena Spotlight, Sandvine has explored “Inside the Connected Home,” which provides insight on the growing number of devices that are being actively used within North American households to better understand how they impact Internet usage.
Sandvine also helps communications service providers (CSPs) understand how a complete IoT solution includes more than security. It also gives CSPs access and insight into related device performance metrics, usage and trends, and enables CSPs to launch usage- and time-based plans that more closely align with the unique needs of devices in the IoT space.