Smart devices that connect with each other and the Internet thanks to networks of sensors are changing our society. However, the speed at which these smart devices or IoT devices are being developed comes at a price: in terms of cybersecurity, they are often unsafe. As such, they pose "a major risk to society."
So writes Radiocommunications Agency in its annual report 'Safety in times of change'.
Smart devices are popular in the Netherlands. According to calculations by Statistics Netherlands (CBS), three-quarters of Dutch people have at least one smart device in their home. Products such as smart speakers and smart thermostats are sought-after products in Dutch households. This is true to a lesser extent of smart lighting, smoke detectors and security cameras. It is estimated that there are currently about 35 billion smart devices in circulation worldwide. By 2025, it is estimated that there will be more than 75 billion.
Not for nothing does the Radiocommunications Agency devote an entire chapter to these so-called Internet of Things (IoT) products or smart devices. According to the regulator, these devices have the capacity to change our society for the better. They exchange information with each other and facilitate or enrich our daily activities. Consequently, the number of IoT devices is growing rapidly, both for home and business use.
This growth is not entirely without risk. According to Telecom Agency, new IoT products are being developed at such a rapid pace that they may be insecure. For example, the default password is weak or easily found in the digital manual on the Internet. This makes these products "a major risk to society." "For the user, the privacy aspects are of great importance, but infected devices can also be used for DDoS attacks," the regulator's annual report reads.
But there is hope. From August 2024, new and stricter European laws and regulations for IoT devices will take effect. Manufacturers who want to sell smart devices in Europe will then have to comply with the so-called Radio Devices Directive. This stipulates, among other things, the cybersecurity requirements these devices must meet. Furthermore, they must be tested for security breaches, shield stored personal and financial information, and allow consumers and organizations to manage and protect this data.
Agency Telecom is going to actively engage in this. Earlier this month, the regulator was officially named the National Cybersecurity Certification Authority (NCCA). To take on this role, the agency has set up an IoT Test Lab. There, smart devices are tested for their cybersecurity. Researchers look at password policies, software updates, communications, protection of personal data and misuse by infection, among other things.
"Digitalization is a necessity and condition for our economic growth. But it also brings new issues, for example in the field of security and integrity," said Director-Chief Inspector Angeline van Dijk.
She advocates intensive cooperation between various parties. "The breadth, speed and importance of current digitalization mean that we must address such questions integrally and with priority. This is a new and joint social task. It is important not to divide the issue into parts, but to approach it integrally. This is only possible from a cross-domain cooperation of citizens, business, knowledge institutes and governments."
Former Minister of Economic Affairs and Climate Stef Blok said late last year that cybersecurity is a catch-all issue for manufacturers of IoT products. "We see that insecure products are an ideal entry door for criminals to capture personal or banking data. Or to take over controls, allowing a device to be used for a hacking attack on other consumers or businesses. Therefore, it is essential that the IoT is secure and can be used with confidence." Basic security requirements for smart devices are therefore, in his view, "a first step."
