Iran – yup, Iran – to the rescue to tackle Internet of Things security woes
Unfortunately also want controls over 5G and things like VoIP
It's no secret that people are getting increasingly jumpy about poor security within the Internet of Things.
No one likes it when a website is hit by a flood of junk traffic from thousands of compromised computers – but that's nothing compared to what may happen when billions of IoT devices embedded all over our homes and in our supply chains get compromised.
Stand up, Iran, which this week told the Secretary-General of the International Telecommunication Union (ITU) Houlin Zhao that the UN agency needs to start work on designing "appropriate regulations" for the Internet of Things.
"Currently, the ICT is facing new and challenging issues," noted the president of Iran's telecoms regulator, Aliasghar Amidian, "such as the Internet of Things (IoT), 5G, and OTTs which require appropriate regulations."
In and of itself, it's actually not a bad idea for the ITU to design security protocols for IoT. It is clear that a universal, global standard would be extremely useful in such an important but massively diverse eco-system. And the ITU does have 150 years of experience is doing just that.
The problem is where to draw the line - especially when Iran suggests that 5G mobile networks and "over-the-top" (OTT) services such as VoIP should be in the same bucket.
The ITU and certain, largely authoritarian governments have been fighting a decade-long battle with Western governments and internet organizations over who should design protocols and standards for the internet.
Very broadly, one side feels very strongly that the fact that governmental organizations have not been in charge of the internet's evolution thus far is a major reason why it has been as successful as it has been.
On the flip side, other governments and some organizations argue that the internet is becoming so meshed into our daily lives that the "running code" approach that has made the internet what it is today has limited usefulness when it comes to issues like security.
On the industry side, this September, a non-profit foundation, the IoTSF, was created by Intel, Vodafone, Siemens, and BT and more than 25 other companies that will be dedicated to improving IoT security.
It will be holding a conference this month in December and will draw up best practices and knowledge sharing. Which is great, but as standard developers know all too well, if you want a solid standard, you need somebody with a little more authority than an industry-funded non-profit. ®