IoB Insiders In her first column as an IoB Insider, Labour shadow minister Chi Onwurah says governments must do more to ensure IoT security.
The UK government’s refusal to take seriously the growing concerns over Internet of Things security is the latest example of their lack of vision for our digital future. This wave of innovation should be great news for industry and the jobs related to it – but not if the government continues to ignore the issue of cyber-security.
2015 was a record year for cyber-attacks and 2016 looks set to be even worse. Last month, Tesco’s online banking service saw the worst cyber-security breach in British banking history with fraudsters stealing a total of £2.5m from Tesco bank customers.
But it’s not just banks and big businesses that are vulnerable. As more and more everyday objects become connected to the Internet, the risk of a cyber-attack grows. In October, cyber-criminals brought down websites such as Twitter, Spotify and Reddit via families’ IoT devices. It is now said to be the largest DDoS (Distributed Denial of Services) attack of its kind in history.
This attack was targeted not at the websites themselves, but at Dyn, which acts as a sort of intermediary “phone book”, directing Internet users to websites. There are many digital businesses like these which are part of everyone’s shared web of infrastructure. We’re only as secure as the weakest link, so if the UK’s IoT devices are left vulnerable, whole systems are under threat.
The implications of incidents like these are huge. If websites and communications tools can be ground to a halt by hackers, our entire economy will cease to function. There could be scary implications for our homes, too. This time businesses were the target – but could cybergangs start hijacking baby monitors and TVs to attack us in our homes?
The Internet of Things provides thousands of opportunities for the UK. I am an Internet of Things believer. I’ve studied it, lived it, effectively built bits of it, I was the first MP to speak about it in the House of Commons in 2011. I believe in it, that it has the potential to transform our lives more than anything since electricity. There are huge economic and social benefits, as well as environmental benefits, from energy management to tracking endangered species. Every time I wait at a bus stop I look forward to the IoT enabled truly integrated public transport system able to reflect what citizens want at any particular time. Buses that stop when you want them to, where you want them to, but don’t stop if you are not there. That is a saving in terms of fuel, efficiency – and my time!
But the government has little idea of how to include digital in its industrial strategy. They’ve offered a half-baked Digital Economy Bill which does that old Yes Minister trick of putting the hard part in the title so they can ignore it in the rest of the document.
Government needs IoT security strategy
We desperately need a comprehensive strategy to protect business and the economy from cyber-crime – especially when so many will be working on or working with the Internet of Things. A 2016 survey by PwC estimates that 32 percent of companies had been affected by cyber-security breaches. Even worse, another 18 percent didn’t know whether they had or not. All it takes is one weak link in our digital infrastructure to put our economy – and even our national security – at risk. That week link could be our Internet-connected fridges. It’s clear that the Government has failed to grasp just how urgent an issue this is.
The Tories boast of investing tens of millions of pounds into cyber-security – but where is this going? They claim to be recruiting around 50 specialist cyber-crime investigators and technical specialists – but when every business and every household that is connected to the Internet is at risk, this is simply not enough.
I believe the Government is shirking its responsibilities when it comes to digital strategy. Simply advising businesses and individuals to protect themselves with measures such as strong passwords and regular software updates is not enough.
Much more needs to be done. Philip Hammond says he will spend £1.9 billion ($2.35 billion) on fighting cyber-crime – but this needs to go to local police forces, not only the intelligence services who are so far removed from the SMEs and individuals that we need to protect.
It is clear that the Government needs to show real leadership to protect SMEs from cybercrime. Their Cyber Essentials scheme is inaccessible and expensive. For SMEs who already lack adequate security out of reluctance to invest, this scheme is of very little use. It is no wonder that uptake has been incredibly slow.
They have no sense of how to ready the country for the next wave of technological change which is about to break all around us.
The Government must set out how it intends to protect ordinary peoples’ cameras, gaming consoles and baby monitors – to name just some of the devices hijacked – from such attacks in the future. Only by answering these questions can the country see a forward-looking industrial strategy. Labour’s vision is for an industrial strategy which rebalances the economy between sectors and regions of the UK, based on our values of empowerment and equality. Embracing, rather than ignoring, the growing need for cyber-security is a part of this.