![](https://csdnimg.cn/release/download_crawler_static/87525520/bg9.jpg)
5
ATLANTIC COUNCIL
SECURITY IN THE BILLIONS: TOWARD A MULTINATIONAL STRATEGY TO BETTER SECURE THE IOT ECOSYSTEM
#ACcyber
the compromised devices’ DNS settings to redirect victims
to phishing pages for major websites, such as banks and
retailers.
15
IoT Products, Industry Segments,
and Their Insecurity
The IoT, on its face, may appear to be a simple concept,
but scoping it and understanding the number of systems
the IoT touches is more complex. For example, some
devices like routers could be “part of” or “separate from”
the IoT. There are also questions on the “if, and how” the
IoT includes the networks, devices, and products touching
it—like IoT sensors linked to outside cloud services to
process data, connect to a company’s network to enable
administrative oversight and control, and connect to the
public internet to communicate with application program-
ming interfaces (APIs). For government and industry
policies to be eective, scopes must clearly define the
products and services they do and do not include.
For instance, EN 303 645 guidance—ETSI’s key stan-
dard document for IoT security—defines a “consumer IoT
device” as a “network-connected (and network-connect-
able) device that has relationships to associated services
and are used by the consumer typically in the home or
as electronic wearables.”
16
The US National Institute of
Standards and Technology (NIST), meanwhile, defines
the IoT in NIST SP 1800-16C as “user or industrial devices
that are connected to the internet” including “sensors,
controllers, and household appliances.”
17
This report
focuses primarily on the IoT products themselves, and in
15 Pascal Geenens, “IoT Hackers Trick Brazilian Bank Customers into Providing Sensitive Information,” Radware (blog),
August 10, 2018, https://blog.radware.com/security/2018/08/iot-hackers-trick-brazilian-bank-customers/.
16 ETSI EN 303 645 – “Cyber Security for Consumer Internet of Things: Baseline Requirements,” European Telecommunications Standards Institute (ETSI),
(Sophia Antipolis Cedex, France: June 2020), 10, https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.00_30/en_303645v020100v.pdf.
17 “Internet of Things (IoT),” National Institute of Standards and Technology (NIST), accessed August 17, 2022, https://csrc.
nist.gov/glossary/term/internet_of_things_IoT; Mehwish Akram, et al., “NIST Special Publication 1800-16: Securing Web
Transactions,” NIST, June 2020, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-16.pdf.
18 Apple Developer, “Developing apps and accessories for the home,” Apple, accessed August 25, 2022, https://developer.apple.com/apple-home/.
19 “All Smart Home Products,” Resideo, accessed August 25, 2022, https://www.resideo.com/us/en/products/;
“Resideo Pro,” Residio, accessed August 25, 2022, https://www.resideo.com/us/en/pro/.
20 “Philips Hue, Smart Home Lighting Made Brilliant,” Philips, accessed August 25, 2022, https://www.philips-hue.com/en-
sg; “Ring Video Doorbell,” Wink, accessed August 25, 2022, https://www.wink.com/products/ring-video-doorbell/.
21 “Device Management,” Tuya, accessed August 25, 2022, https://www.tuya.com/product/device-management/device-management.
part the services directly dependent on IoT products or on
which IoT products directly depend (e.g., a cloud software
program for managing an IoT device network).
The IoT constitutes a massive technology ecosystem with
clusters of IoT product design and deployment models,
each of which present dierentiated cybersecurity risks.
Several key examples of industry IoT product segments
and some of their security challenges are detailed here,
based on their wide deployment, impact on consumers,
and touchpoints into other parts of the digital world,
whether home Wi-Fi networks or hospital medical
systems.
• Smart Homes: Numerous companies sell IoT products
to serve as thermostats, doorbell cameras, window
locks, speakers, and other components of so-called
smart homes. Apple oers HomeKit integration, a soft-
ware framework for configuring, communicating with,
and controlling smart home appliances.
18
Resideo
oers a number of smart home-style products, for
both consumer environments—such as thermostats,
humidifiers, security systems, and programmable
light switch timers—as well as professional environ-
ments—such as UV treatment systems and fire and
burglary alarms.
19
Philips sells smart lighting products,
and Wink sells smart doorbells.
20
On the software
side, companies like Tuya offer IoT management
services to automatically control robotic vacuums,
smart cameras, smart locks, and other IoT products
in the home.
21
Google and Amazon both manufac-
ture and sell smart home IoT products, from home