The phenomenal growth of the Internet of Things (IoT), widely hailed in 2015, has been greater than originally forecast. Gartner, Inc. estimates a 30 percent increase in IoT devices connected to the Internet in 2016, which equates to 6.4 billion devices, and forecasts that more than 20 billion devices will be connected to the Internet before 2020. On average, 5.5 million new devices are connected to the Internet each day. As the IoT becomes part of the everyday lexicon, there remains a need to examine the myriad risks associated with this explosive growth across multiple industry sectors to address the inevitable weaknesses with software and security that will be part of the foreseeable future of the IoT. In turn, these vulnerabilities can and will lead to property damage, bodily injuries and deaths. Internet attacks leading to physical damage date back to the 2010 cyberattack on the Iranian nuclear energy plant in Natanz that destroyed or disabled centrifuges. Later, in 2014, a German steel foundry was the target of a cyberattack leading to the destruction of a blast furnace.
Continue Reading The Internet of Things: The Cyber Vulnerability Landscape Emerges
The Internet of Things and the Inevitable Collision with Product Liability PART 5: Security and the Industrial Internet Consortium
The rapid emergence of the Internet of Things (IoT) led to the establishment of the Industrial Internet Consortium (IIC) in the spring of 2014 by five primary stakeholders: AT&T, Cisco, General Electric, IBM and Intel. IIC now claims a membership of 211 in more than 26 countries. Each of the five founding members, like many other companies, is undergoing significant transformations within their core business platforms to take advantage of the immense growth opportunities with IoT.
On November 3, 2015, the IIC held its initial Industrial Internet Security Forum at IBM’s New York City headquarters. Not surprisingly, security, security and more security was the theme du jour.
The Internet of Things and the Inevitable Collision with Product Liability PART 4: Government Oversight
The exponential growth of the Internet of Things (IoT) is far outpacing the ability of stakeholders to address safety standards and security concerns. This is not unusual as rapidly developing technology often challenges regulators and standards organizations to develop a framework for consensus governance. However, because the IoT transcends so many industries, there will be unprecedented difficulties with respect to harmonization of standards that will apply from one industry sector to another.
The efforts to develop and implement safety standards and government regulations have been taking place globally, albeit in fits and starts and not necessarily in synchronization among the developed countries. Nonetheless, as governments take note of the IoT, the number of threats identified continues to multiply.
Red Flags for Datamining
On September 10, 2015, the Federal Bureau of Investigation (FBI) posted online a public service announcement warning of IoT risks for cybercrime, which include vulnerabilities to individuals’ and businesses’ personal data as well as the potential for “compromising the IoT device to cause physical harm.” [Emphasis added.] Universal Plug and Play (UPnP) protocol used to access many IoT devices was identified as being especially vulnerable to exploitation.
The Internet of Things and the Inevitable Collision with Products Liability PART 3: Initial Contact
This is the third in a series of blogs examining the rapid development of the Internet of Things (IoT) and its consequential impact on product liability risk. The development of the IoT has been so rapid and the applications so ubiquitous across every imaginable industry and commercial enterprise that there has been a failure by many businesses to recognize that with interconnectivity of so many products and services, security is only as strong as the weakest link within the chain of interconnected products.
This structural weakness became all too evident when Fiat Chrysler announced on July 24, 2015, the recall of 1.4 million vehicles due to a cyber security flaw disclosed by technology journal Wired. Hackers were able to remotely commandeer a Jeep’s controls through the vehicle’s Internet communications systems. (See “Hackers Remotely Kill a Jeep on the Highway – With Me in It,” Wired, July 2015.) Along those same lines, the vulnerability of most current-model automobiles was identified and publicized recently by two separate government investigations. (See FTC report and Senator Markey’s report.)
The Internet of Things and the Inevitable Collision with Products Liability PART 2: One Step Closer
The Internet of Things and the Inevitable Collision with Products Liability, published in February 2015, identified a number of factors leading to the emergence and phenomenal growth of the Internet of Things (IoT). It also identified issues relating to potential product liability exposures and the impact that IoT-connected devices could have on risk assessment and risk transfer due to the consequences of foreseeable vulnerabilities and failures with IoT-connected products.
This second article addresses in more detail the emerging liability risks for the stakeholders at the forefront of the development and implementation of these technologies who, in turn, will be forced to confront those liabilities whether or not they are prepared to do so.