Balancing Innovation and Regulation in IoT: Ensuring Security, Privacy, and Sustainability
* What role should government regulations play in IoT infrastructure development to balance innovation, security, privacy, public safety, and sustainability?
* How can regulators strike a balance between setting standards that ensure security and privacy without stifling innovation in the IoT sector?
@IoT Cloud @PCB & Analog
13 Replies
First ig they should Mandate some level of encryption , in order to deny third party access to the iot system
Any idea on the encryption type and how it can be incorporated
asper nsit - ascon is the leading tech in lightweight cryptography - https://ascon.iaik.tugraz.at/
Ascon – Authenticated Encryption and Hashing
Ascon - A Family of Authenticated Encryption Algorithms
Yes based on the outline the course would help you get well grounded on atmega32 chip
okay got it , thanks a lot
@Joseph Ogbonna here are the benchmarks for basic dev boards like esp32 , arduino and stm
Ascon – Implementations
Ascon - A Family of Authenticated Encryption Algorithms
What's your thoughts on this @LMtx
From an European perspective, I think it is good to ensure some kind of protection for the end user - it is too easy to cut costs and ignore security and supportability.
Unfortunately, having created devices under that concept, the implementation is managed by pen-pushers who don’t actually understand the problem and so it turns into a box ticking exercise.
I spent a load of time doing security hardening on a system only to be told it was pointless because the guidelines didn’t say the system had to actually be secure, they just needed to have had a risk assessment!
🤔 hmm, can you elaborate little on the risk assessment and the system not having need to be secured. Doesn't this make the device to be vulnerable ?
It was not that the device didn’t need security, it was more that the guidelines seemed to have written by people who didn’t actually understand security. The tick box was along the lines of “have you done a risk assessment?”
It made no comment about actually finding any issues and fixing them.
My (non-procedural view) was that I could have answered, “yes, I have done a risk assessment and we found a whole load of issues - but so what, we followed the procedure. “ I will admit to be a little cynical as I have had to deal with paperwork and procedures written by non-techies for too many years.
My (non-procedural view) was that I could have answered, “yes, I have done a risk assessment and we found a whole load of issues - but so what, we followed the procedure. “ I will admit to be a little cynical as I have had to deal with paperwork and procedures written by non-techies for too many years.
I would say that the governing body and regulators should seek expert advice before putting in policies in place, because it might hinder upcoming innovations.
Iot firms can be deliberate. This can be done by having a joint alliance. For example in blockchain security in the web3 space, major auditing companies came together to develop standards , best practices, etc that conforms to current industry trends
Government policies and regulations can outrightly affect the space, so they should be advised accordingly.