Synopsis:
Security experts warned that IoT devices – be it a smart TV, fridge or a washing machine – would be much more vulnerable in a 5G context since devices with built-in software and processors like computers can serve as jump-off points for launching serious cyberattacks on individual consumers, institutional assets and even critical information infrastructure like e-governance systems.

KOLKATA: Imagine a hacker breaking into a consumer's smart TV, accessing confidential video recordings and blackmailing him. Or someone breaking into a smart device in a company and bombarding office computer networks with fake traffic, causing big disruptions and cybersecurity breaches in the firm's communication systems.

Such potential scenarios underline the vulnerability of consumers, companies and even government departments to cyberattacks as India moves towards 5G and the realm of connected smart IoT (internet of things) devices. A world where ordinary household gadgets such as TVs, washing machines, fridges, fitness trackers, connected watches and even the humble electric iron could be plugged onto high-speed 5G networks and used to launch deadly cyberattacks.

Cybersecurity experts believe a possible solution lies in framing 5G data security standards for the nextgen IoT devices and coaxing manufacturers of such products to build robust safeguards at the design stage. According to them, smart IoT products capable of riding high-speed 5G networks should be sold with insurance to protect consumers.

These issues are likely to figure at a digital meeting convened by the London-based Consumer International in August, when senior executives from India's telecom, tech and fast-moving consumer goods sectors, along with veteran consumer activists, will brainstorm on ways to secure private data and ward off cyberattacks once India goes 5G.

Suggestions on data security and privacy standards for IoT devices will be passed on to the Ministry of Electronics & Information Technology for policy formulation, even as the government mulls 5G network trials and auctioning of spectrum.

Hemant Upadhyay, advisor (telecom and IT) at Consumer Voice, a telecom consumers watchdog, said, "The upcoming meet will discuss standards and ways to embed data security safeguards into 5G-ready connected IoT devices at the design stage itself."

Framing uniform data security standards for disparate IoT devices won't be a cakewalk, though, according to experts. Smart IoT devices tend to be vulnerable to cyberattacks as most are created by startups which seldom share critical software updates once a product has been around for some time, they said.

Sunil Abraham, endowed professor (digital policy and design practices) at ArtEZ University in The Netherlands, said, "The real challenge is coming up with versatile data security standards (in India) that would work for diverse smart IoT devices."

A possible safeguard, he said, could be ensuring all smart IoT devices running on 5G networks are strictly sold with mandatory insurance to protect unsuspecting consumers. "Since the insurance company would be liable, it would have to conduct due diligences to ensure the IoT devices are safe, which would also lead to startups making safer products," said Abraham, who was previously founding executive director of the Centre for Internet & Society (CIS).

Security experts warned that IoT devices — be it a smart TV, fridge or a washing machine – would be much more vulnerable in a 5G context since devices with built-in software and processors like computers can serve as jump-off points for launching serious cyberattacks on individual consumers, institutional assets and even critical information infrastructure like e-governance systems. A 5G network can add to the speed, scale and impact of such attacks, they said.

Ram Narain, former deputy director general (security) in the Department of Telecommunications (DoT), said smart IoT devices can be made safer only by building in data security features into the products at the manufacturing stage itself, as opposed to deploying them as add-on features at a later stage.

"Data security elements will be a lot more comprehensive if integrated with the mother IoT device at the design stage itself, unlike latter-day add-on security layers that tend to be both costlier and ineffective," he said. This, he said, can only happen if the next wave of 5G-compatible IoT products are largely locally manufactured or, if imported, are subject to rigorous testing at local laboratories. Last month, the DoT announced plans to run mandatory safety checks on imported network gear from October 1 at local labs. The decision enthused local telecom gear makers, who said the move would help counter security threats posed by Chinese telecom gear, especially amid border hostilities between China and India.

(Originally published on Jul 31, 2020, 11:46 PM IST)