Recently, US lawmakers introduced the Internet of Things Cybersecurity Improvement Act of 2017. The new legislation aims to introduce minimum cybersecurity requirements for IoT devices. Even though the specific focus is on public IoT devices, eventually, this could lead to better security for all IoT devices.
The lack of IoT cybersecurity in its present state is not the result of failing engineering, it’s a market failure. In other words, investing in IoT security simply hasn’t made sense from an economic standpoint. However, at this time, product stakeholders are starting to recognise that improper security is too much of a risk to their brands.
Not many people know this, but greater cybersecurity, at least when it comes to connected devices, can actually have a negative impact on user friendliness and convenience. This can quickly become apparent in the following areas:
– User experience: authentication and encryption introduces additional steps the users may find frustrating.
– Product cost: complex cryptographic systems may increase the cost of silicon.
– Cost of development: even though these types of devices are rather simple to produce, implementing the proper cybersecurity measures can significantly increase the costs.
In essence, building cybersecurity into IoT devices always comes as a trade-off, but the costs can be minimized by a good decision-making process in the early phases of the design cycle. In order to achieve this, the business stakeholders and design team need to work closely together to map the technical implications of cybersecurity to potential business risks.