Internet of Things (IOT)-Related Hazards

Primary reference(s)

ITU, 2012. Recommendation Y.4000/Y.2060 (06/12). Series Y: Global Information Infrastructure, Internet Protocol Aspects and Next-Generation Networks: Next Generation Networks – Frameworks and functional architecture models. International Telecommunication Union (ITU). Accessed 3 October 2020

Additional scientific description

Device: With regard to the Internet of Things (IoT), a device is a piece of equipment with the mandatory capabilities of communication and the optional capabilities of sensing, actuation, data capture, data storage and data processing (ITU, 2012).

Thing: With regard to the IoT, a ‘thing’ is an object of the physical world (physical things) or the information world (virtual things), which is capable of being identified and integrated into communication networks (ITU, 2012).

Security: In the IoT, every ‘thing’ is connected which results in significant security threats, such as threats towards confidentiality, authenticity and integrity of both data and services. A critical example of security requirements is the need to integrate different security policies and techniques related to the variety of devices and user networks in the IoT (ITU, 2012).

Privacy protection: Privacy protection needs to be supported in the IoT. Many things have owners and users. Sensed data of things may contain private information concerning their owners or users. The IoT needs to support privacy protection during data transmission, aggregation, storage, mining and processing. Privacy protection should not set a barrier to data source authentication (ITU, 2012).

Metrics and numeric limits

Not found.

Examples of drivers, outcomes and risk management

Growth of the IoT and connected smart devices will continue to increase in numbers significantly and is forecast to reach into the billions over the next few years (Gartner, 2017). There is also an increasing dependency on information and communication technology infrastructures such as the IoT to support critical infrastructure operations such as health, banking, transportation, energy and many other systems including smart cities, businesses and homes (Pacheco and Hariri, 2016).

Attacks on IoT devices can cause data breaches or disrupt functioning services (Atac and Akleylek, 2019), for example:

A cyber attack is an attack on a computer and network system that compromises security (Chi et al., 2001). This can include (Raiyn, 2014): (i) a denial of service (DoS): this is performed by a single host by flooding the information and communication technology (ICT) networks with internet traffic requests and overloading the capability of the system to deny users resources such as computers, networks or websites; (ii) a distributed denial of service (DDoS): this is a DoS performed by multiple hosts, in this particular case IoT devices under a control of a malicious user; and malware: software that is created to harm computer networks, servers, IoT devices etc.

Insufficient authentication/ authorisation processes to confirm and verify the identity of an IoT entity i.e., embedded sensors, actuators, end points that needs access to the IoT infrastructure, as well as provide permission trusts (Li and Xu, 2017).

Lack of cryptographic techniques that ensure confidentiality, integrity, authenticity, non-repudiation in data transmission and storage. Cryptography ensures the confidentiality of the data exchanged and authentication of interacting devices (Hodgson, 2019).

Software/firmware related issues include regular security updates of both software and firmware for millions of IoT devices; firmware is a type of software programmed for an IoT device that allows it to communicate and function with other devices (Zanderg et al., 2019; Huichen and Bergmann, 2016).