2 min read

eIDAS and Trusting the Internet of Things

eIDAS and Trusting the Internet of Things

The Internet of Things (IoT) is a broad term for the billions of connected physical devices, including vehicles, appliances, and other electronics that can communicate and exchange data with each other. These devices are everywhere; by 2020, there are likely to be anywhere from 3 to 7 connected devices for every living person!

IoT devices are not just restricted to personal use, this category includes infrastructure services such as power plants, railways, streetlights, and even some military vehicles. This makes the IoT perhaps the most useful as well as the most vulnerable asset of modern civilizations. Increasingly, this vulnerability is being taken advantage of by state actors or criminal elements for their own benefit.

The criticality of the threat to us, as a result of IoT, perhaps gets enhanced due to the fact that it can affect the physical world rather than impact digital data or records. A bad actor can hack into a car and cause it to lose control or hack into a power grid and cause an outage. All of this has put a new emphasis on closing loopholes and erecting barriers against potential breaches.

 

The need to bring “trust” to the Internet of Things

The vulnerabilities of the IoT and its criticality mean that certain improvements need to happen immediately. The eIDAS regulation ensures trust in digital services and is also required for IoT platforms.

The primary way in which a standardized regulatory framework can make the IoT ecosystem more secure is by providing “Proof of Identity”. This is the first and most important step in securing access to the dozens of connected devices we use daily.  As our dependence on such devices increases, so does the need for a common framework like eIDAS, which can provide a minimum guaranteed level of security based on standard procedures and protocols across jurisdictions. There is an important need to provide secure and trustworthy electronic identification, authentication, and authorization for IoT devices. Without this, the system will be vulnerable, and the potential for abuse will keep rising with time.

Another way in which regulations like eIDAS can help is the legal and liability framework. eIDAS ensures the legal compliance of services that are provided using its framework. Something similar is needed for the Internet of Things - a universally accepted framework that defines the legal requirements for compliance and then ensures compliance with that legal framework. It needs to address the issues of cross-jurisdiction disputes and set the standard for regulatory/ legal compliance in the IoT world.

 

Conclusion

eIDAS and other such regulations will go a long way to ensure that digital transactions are secure, and users are protected. However, this same level of security and trust needs to be extended to the other network, the Internet of Things. The IoT requires a strong framework that ensures the user’s identity, provides privacy and strong authentication capabilities, and a rock-solid legal and liability framework to protect users.  

 

 

Download white paper

 

 

References and Further Reading

Image: Microsoft Azure Sphere OS (Linux kernel) #iot, courtesy of medithIT, Flickr (CC BY 2.0)