• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • CO16143 | Pitfalls of the “Internet-of-Things”
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO16143 | Pitfalls of the “Internet-of-Things”
    Tan Teck Boon

    13 June 2016

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    The global network of Internet-enabled sensors, devices and systems called the “Internet-of-Things” promises many upsides. But many IoT products are vulnerable to hacking. In the IoT age, it is vital to strike a balance between the risks and rewards.

    Commentary

    THE “INTERNET-OF-THINGS” (IoT) is a catchall phrase for the global network of Internet-enabled sensors, devices and systems that collects and shares a vast amount of personal data. Wildly diverse and growing fast, the billions of IoT products out there right now include fitness trackers, medical devices, household appliances, mobile gadgets and even Barbie dolls. According to IT research company, Juniper Research, there are now more than 13.4 billion IoT products in use and by 2020, the figure will hit 38.5 billion.

    Proponents contend that once we are fully immersed in IoT, the technology will engender myriad benefits. They claim that energy-saving IoT products will enhance our situational awareness and quality of life too through automation. For example, when a sleep tracker is connected to a smart air-conditioner and coffeemaker, the wearer not only wakes up to a freshly-brewed cup of coffee but also feeling totally refreshed because the temperature in his bedroom is synced to his sleeping pattern. So not only does the wearer of the sleep tracker know the quality of his sleep, he is also doing his part for the environment by letting the smart air-conditioner adjust the temperature accordingly throughout the night. As appealing as this high-tech option may sound, it is unfortunately clouded by serious cybersecurity concerns.

    The Downsides of IoT

    The biggest fear right now is that a large number of IoT products are susceptible to hacking. Indeed, many IoT products are resource-constrained, meaning that they do not come with firewalls, encryption/authentication and antivirus capabilities built-in. We install security protection into our smartphones, PCs and tablets; but doing so with the smart toothbrush or kettle may not be possible because they have limited computing power. Even if it were possible to patch IoT products with security upgrades after they had left the factory, it would be a logistical nightmare given their sheer numbers out there.

    According to estimates from Hewlett Packard, a staggering 70% of IoT products currently in use are vulnerable. In a sign of things to come, penetration tests (or “pen-testing”) designed to uncover security vulnerabilities in IoT products have shown that it is possible to breach home Wi-Fi networks via IoT appliances. So hackers could in theory exploit weaknesses in everyday IoT products and work their way into corporate or government networks as employees bring their infected gadgets to work.

    Sounds incredible but in 2013, we inched closer to this dystopian nightmare when hackers breached the database of Target and stole the credit card numbers of 40 million customers apparently by hacking the US retailer’s Internet-enabled heating and air-conditioning system.

    Implications of a Cyber Takedown

    In the worst case, hackers could take over or shut down major infrastructure networks throwing critical sectors like banking, transportation and telecommunications into chaos. The consequences would be catastrophic. Or they might attempt to retrieve sensitive information stored in these networks. Bear in mind, IoT products collect a vast amount of personal data. Not just plain information like names, birth dates and contact details but revealing information like energy consumption patterns, geo-location data and lifestyle habits. To the untrained eye, this kind of information means nothing but in the hands of sophisticated criminals, it can be used to make scams more elaborate and convincing.

    The reality is that IoT is a “double-edged sword”. Indeed, having an IoT security cam that lets you see what is happening in your house via your smartphone might make a lot of sense when you are away but it also means that cyber criminals could watch you in your own home if the system had been compromised. Likewise, owning a smart TV that is voice-activated might seem like a nifty idea except that your privacy would vanish if hackers were able to listen in on your private conversations.

    Common sense tells us that we should never share anything online that we do not want others to know about. But with the advent of IoT, the datafication of our most intimate personal information is unavoidable; more importantly, we will not have a choice about it. So if you are concerned about your online data privacy, then you should definitely be very worried about IoT.

    It’s Not All Bad – And besides Do We have a Choice?

    Shunning IoT products completely would be unrealistic since they do bring important benefits. Furthermore, as existing electronic products get phased out, users have no choice but to replace them with IoT ones. Try buying a rear-projection TV today or apply for a job without a smartphone and you will see the impracticality of snubbing the latest technology. If turning our backs on IoT products is not feasible, then what we need is prepare for its inevitable arrival.

    For major organisations, this would mean integrating IoT products in a step-by-step fashion – taking the time to evaluate the technology with great care. The government can certainly help by assessing every IoT product for potential risks. If an IoT product is deemed too much of a cybersecurity risk then it should definitely not be integrated into a broader network.

    The government also needs to set industry standards to ensure that IoT product manufacturers do not cut corners on their products since building in added security features will eat into their bottom-line. Apart from tightening security in the cyber domain, the government also needs to put tough data protection measures in place to limit abuses of personal information collected by IoT products. Lastly, consumers play a crucial role too; besides ensuring that their IoT products are secure, they must also be responsible enough to avoid those that are not.

    When all is said and done, we need to recognise that at the moment no software-based product is really “hacker proof” and sooner or later, some IoT products will be breached by hackers. So some loss of online data privacy is to be expected as we enter the IoT age. The key then is finding that balance between risks and rewards – that sweet spot which allows us to enjoy the upside while keeping the pitfalls to a level that is tolerable.

    About the Author

    Tan Teck Boon is a Research Fellow with the National Security Studies Programme in the Office of the Executive Deputy Chairman, S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore. An earlier version appeared in TODAY.

    Categories: Commentaries / Cybersecurity, Biosecurity and Nuclear Safety / Non-Traditional Security / Singapore and Homeland Security / Global / Southeast Asia and ASEAN

    Last updated on 21/03/2018

    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    The global network of Internet-enabled sensors, devices and systems called the “Internet-of-Things” promises many upsides. But many IoT products are vulnerable to hacking. In the IoT age, it is vital to strike a balance between the risks and rewards.

    Commentary

    THE “INTERNET-OF-THINGS” (IoT) is a catchall phrase for the global network of Internet-enabled sensors, devices and systems that collects and shares a vast amount of personal data. Wildly diverse and growing fast, the billions of IoT products out there right now include fitness trackers, medical devices, household appliances, mobile gadgets and even Barbie dolls. According to IT research company, Juniper Research, there are now more than 13.4 billion IoT products in use and by 2020, the figure will hit 38.5 billion.

    Proponents contend that once we are fully immersed in IoT, the technology will engender myriad benefits. They claim that energy-saving IoT products will enhance our situational awareness and quality of life too through automation. For example, when a sleep tracker is connected to a smart air-conditioner and coffeemaker, the wearer not only wakes up to a freshly-brewed cup of coffee but also feeling totally refreshed because the temperature in his bedroom is synced to his sleeping pattern. So not only does the wearer of the sleep tracker know the quality of his sleep, he is also doing his part for the environment by letting the smart air-conditioner adjust the temperature accordingly throughout the night. As appealing as this high-tech option may sound, it is unfortunately clouded by serious cybersecurity concerns.

    The Downsides of IoT

    The biggest fear right now is that a large number of IoT products are susceptible to hacking. Indeed, many IoT products are resource-constrained, meaning that they do not come with firewalls, encryption/authentication and antivirus capabilities built-in. We install security protection into our smartphones, PCs and tablets; but doing so with the smart toothbrush or kettle may not be possible because they have limited computing power. Even if it were possible to patch IoT products with security upgrades after they had left the factory, it would be a logistical nightmare given their sheer numbers out there.

    According to estimates from Hewlett Packard, a staggering 70% of IoT products currently in use are vulnerable. In a sign of things to come, penetration tests (or “pen-testing”) designed to uncover security vulnerabilities in IoT products have shown that it is possible to breach home Wi-Fi networks via IoT appliances. So hackers could in theory exploit weaknesses in everyday IoT products and work their way into corporate or government networks as employees bring their infected gadgets to work.

    Sounds incredible but in 2013, we inched closer to this dystopian nightmare when hackers breached the database of Target and stole the credit card numbers of 40 million customers apparently by hacking the US retailer’s Internet-enabled heating and air-conditioning system.

    Implications of a Cyber Takedown

    In the worst case, hackers could take over or shut down major infrastructure networks throwing critical sectors like banking, transportation and telecommunications into chaos. The consequences would be catastrophic. Or they might attempt to retrieve sensitive information stored in these networks. Bear in mind, IoT products collect a vast amount of personal data. Not just plain information like names, birth dates and contact details but revealing information like energy consumption patterns, geo-location data and lifestyle habits. To the untrained eye, this kind of information means nothing but in the hands of sophisticated criminals, it can be used to make scams more elaborate and convincing.

    The reality is that IoT is a “double-edged sword”. Indeed, having an IoT security cam that lets you see what is happening in your house via your smartphone might make a lot of sense when you are away but it also means that cyber criminals could watch you in your own home if the system had been compromised. Likewise, owning a smart TV that is voice-activated might seem like a nifty idea except that your privacy would vanish if hackers were able to listen in on your private conversations.

    Common sense tells us that we should never share anything online that we do not want others to know about. But with the advent of IoT, the datafication of our most intimate personal information is unavoidable; more importantly, we will not have a choice about it. So if you are concerned about your online data privacy, then you should definitely be very worried about IoT.

    It’s Not All Bad – And besides Do We have a Choice?

    Shunning IoT products completely would be unrealistic since they do bring important benefits. Furthermore, as existing electronic products get phased out, users have no choice but to replace them with IoT ones. Try buying a rear-projection TV today or apply for a job without a smartphone and you will see the impracticality of snubbing the latest technology. If turning our backs on IoT products is not feasible, then what we need is prepare for its inevitable arrival.

    For major organisations, this would mean integrating IoT products in a step-by-step fashion – taking the time to evaluate the technology with great care. The government can certainly help by assessing every IoT product for potential risks. If an IoT product is deemed too much of a cybersecurity risk then it should definitely not be integrated into a broader network.

    The government also needs to set industry standards to ensure that IoT product manufacturers do not cut corners on their products since building in added security features will eat into their bottom-line. Apart from tightening security in the cyber domain, the government also needs to put tough data protection measures in place to limit abuses of personal information collected by IoT products. Lastly, consumers play a crucial role too; besides ensuring that their IoT products are secure, they must also be responsible enough to avoid those that are not.

    When all is said and done, we need to recognise that at the moment no software-based product is really “hacker proof” and sooner or later, some IoT products will be breached by hackers. So some loss of online data privacy is to be expected as we enter the IoT age. The key then is finding that balance between risks and rewards – that sweet spot which allows us to enjoy the upside while keeping the pitfalls to a level that is tolerable.

    About the Author

    Tan Teck Boon is a Research Fellow with the National Security Studies Programme in the Office of the Executive Deputy Chairman, S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore. An earlier version appeared in TODAY.

    Categories: Commentaries / Cybersecurity, Biosecurity and Nuclear Safety / Non-Traditional Security / Singapore and Homeland Security

    Last updated on 21/03/2018

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    CO16143 | Pitfalls of the “Internet-of-Things”

    Synopsis

    The global network of Internet-enabled sensors, devices and systems called the “Internet-of-Things” promises many upsides. But many IoT products are vu ...
    more info