The visit was part of the campaign that the Ministry of Economic Affairs and Climate started, supported by the Ministry of Justice and Security, to raise consumer awareness about the cyber security risks of smart devices. Our cyber security experts presented a comprehensive appreciation of the current state of the smart device market.
Internet of Things
According to research firm Gartner there will be more than 20 billion smart devices online in 2020. This includes a wide range of devices, ranging from lamps, watches, cars, thermostats and solar panels, all of which have some form of connection to the Internet. This proliferation of devices, along with the growth in technologies such as Artificial Intelligence (AI) can offer limitless possibilities. We have seen, for example, the mobile phone develop from a modest communication device to a powerful portable computer and control system. Smart devices will also help us find solutions to problems in many areas of our daily life, from energy management to environmental issues, crime, healthcare and education. Indeed, we are already seeing innovative solutions in many of these areas.
The emergence of the Internet of Things has also brought problems. These smart devices are often not or poorly protected from malicious action by cyber criminals and hackers. The software running on the devices is often outdated and updates that should have been applied are often not, allowing unauthorised access. In 2016 we already saw a glimpse of the possible consequences of poorly secured devices. A so-called ‘Distributed Denial of Service’ attack (DDoS attack) ensured that a large part of the American internet on the east coast was shut down. The attack was carried out using poorly secured IP cameras and WiFi routers.
Criminal hackers can also access devices in our homes by using a poorly secured device to gain entry. Recent examples have included, for example, unknown caller talking to your child via a baby monitor, then uses your IP telephone to make a call. They might also access your private details and even photos and put them online. The question is not whether you will be hacked, but when and how often. It’s no surprise then that more and more organizations are pushing for better security for smart devices.
Roadmap for Digital Safe Hardware and Software
Together with the Ministry of Justice and Security, the Ministry of Economic Affairs and Climate launched the “Digital Safe Hardware and Software Roadmap” in April last year. The Roadmap offers a coherent package of measures to prevent the insecurities in hardware and software, to detect vulnerabilities and to reduce the consequences of a cyber attack. This includes measures such as standards and certification, but also introduces campaigns relating to liability and awareness. The plan is to take things further, introducing measures such as legal enforcement of standards.
As part of the Dutch Radio Equipment Directive, it is expected that minimum requirements will be set for the protection of smart devices, so that unsafe devices can be kept off the market and kept off the Internet. However, these measures will not be introduced until the end of 2020 at the earliest.
Eurofins Cyber Security strongly believes that the Government should provide financial incentives to consumers and smart device manufacturers to make or purchase safe smart devices. The focus is currently on innovation, functionality and time-to-market, with cyber security relegated to a minor position in the hierarchy. There is no doubt that making a device more secure increases the price, and can slow down the development cycles and higher priced devices will meet consumer resistance.
The IoT Test Lab
We are currently developing an IoT security test lab that focuses primarily on structural testing and investigation of the security of smart devices. The lab was set up in collaboration with partners and can, in the future, also be used by third parties and partly remotely (virtually). This can include people, test equipment and software. This test environment creates, as accurately as possible, a lab where both intrusive and non-intrusive testing are possible.
Tour of the Secretary of State through IoT test lab
During the visit we guided the State Secretary through the test lab. Mona was able to see how we are currently testing and investigating the security of all kinds of consumer electronics in collaboration with the Consumers’ Association, students from the Hogeschool van Amsterdam and Noorderpoortcollege. This research is partly possible thanks to a subsidy from the Province of Groningen. During the Secretary of State’s visit, lab staff and a number of graduate trainees showed the results of the tests and the risks of unsafe devices.
Mona was also shown a number of demonstrations. Jerry Romp demonstrated how easy it was to break into a commonly used router, giving him access to a home network. Jasper Nota showed how he takes control of a smart baby monitor. Finally, Willem Westerhof explained how, through vulnerabilities in solar panel inverters, you can unbalance the European power network.
During the visit tips were given showing how consumers can remove a number of risks themselves. These included regularly performing updates to device software and changing passwords from their default out-of-the-box ones. When purchasing smart devices, a consumer must also look at what At the end of November, the Netherlands Authority for Consumers & Markets urged consumers to be aware of information about future updates to the device prior to their purchase.
We are proud that we have been able to inform and inspire the Secretary of State for Economic Affairs, Mona Keijzer, during her visit. We can only applaud the Government campaign, which prompted the visit. We also believe that it is extremely important to create awareness among consumers about the safety of smart devices.