On June 18, Jerome Hamel, head of Cybersecurity Technical Governance at Bureau Veritas Consumer Products Services (CPS), addressed the vulnerabilities of internet of things (IoT) consumer products at the ‘IoT Cybersecurity Seminar‘ hosted by ICTK, a South Korean security design firm. Hamel identified IoT devices as the weakest link in cybersecurity.
Hamel emphasized the fragmented nature of current IoT device regulations and the necessity for global standards. He suggested essential measures, such as enforcing strong passwords, disabling unused features before release, and mandatory device patching. According to Hamel, the lack of security considerations during the design phase—often because the designers are not cybersecurity experts—contributes to inadequate security measures. He predicted that global regulations would eventually become mandatory as cyber threats are universal and affect all nations. However, it is important to implement these standards as soon as possible to mitigate the growing threats. Hamel noted that many countries with existing regulations share similar foundational principles, which could serve as a basis for future unified standards.
Hamel’s insights call for decisive action toward universal cybersecurity regulations for IoT products, emphasizing the need for a proactive, offensive mindset. Although predicting every hacker’s move is impossible, anticipating their objectives can significantly enhance security measures. This shared responsibility extends to designers, engineers, policymakers, and consumers. Policymakers must enforce stringent regulations, not merely suggest them. Governments should promote cybersecurity awareness among the public and facilitate device patching, despite the regulatory complexities faced by corporations and organizations.
The significance of Hamel’s call for unified standards is highlighted by notable cases like the Mirai botnet attack in 2016. This incident exemplifies the risks posed by fragmented global cyber regulations. Hackers exploited weaknesses in thousands of poorly secured IoT devices, such as cameras and routers, sold in various countries with inconsistent security standards. The attackers compromised these devices due to weak passwords and outdated software, creating a massive network of infected devices known as a botnet. This botnet launched Distributed Denial of Service (DDoS) attacks, overwhelming websites and online services and causing widespread disruptions. The Mirai case demonstrates how varying regulatory standards across different regions enable such attacks to spread unchecked, underscoring Hamel’s point about the urgent need for unified global cybersecurity standards.
Hamel’s assertion that consistent global cybersecurity standards are critically needed is further supported by the Ring doorbell camera hacks in 2019. Hackers gained unauthorized access to Ring devices by exploiting weak security practices, such as default passwords and lack of mandatory security updates. These attacks led to privacy invasions and unauthorized surveillance in countries like the United States and the United Kingdom. The absence of universal regulations meant that there were no standardized requirements for securing these devices, leaving consumers vulnerable. Without enforced regulations, manufacturers often prioritized user convenience and cost over strong security measures, resulting in significant breaches.
The critical need to secure IoT devices, as advocated by Hamel, is echoed by the recent $50 million initiative from the Advanced Research Projects Agency for Health (ARPA-H), a part of the U.S. Department of Health and Human Services (HHS). This initiative, known as the Universal PatchinGand Remediation for Autonomous DEfense (UPGRADE) program, aims to enhance hospital cybersecurity. The program encourages private enterprises to develop a software platform for mitigating vulnerabilities and an automated system for detecting them. Hospitals face significant challenges due to diverse care practices, equipment vendors, and patient demographics, making robust digital security difficult to maintain.
The UPGRADE initiative seeks to empower hospitals with advanced cybersecurity tools by fostering collaboration among equipment manufacturers, cybersecurity experts, and hospital IT staff. This approach underscores the importance of cohesive cybersecurity measures, not only in healthcare but also in IoT consumer products, reflecting the broader necessity for universal standards advocated by Hamel. The proactive approach of UPGRADE, aimed at reducing the time from detecting a vulnerability to deploying a patch to just a few days, mirrors the urgent need for global IoT security standards to effectively mitigate growing cyber threats.
In conclusion, the need for a proactive cybersecurity approach is clear. Jerome Hamel’s insights into the vulnerabilities of IoT consumer products and his call for universal cybersecurity regulations are pivotal. While securing devices during manufacturing is a critical step, it is not sufficient on its own. Cybersecurity requires continuous adaptation to evolving threats and effective risk mitigation. Recognizing the inevitability of security loopholes, as Hamel pointed out, underscores the necessity for an ongoing, proactive cybersecurity approach that keeps defenses robust, active, and well-practiced.
Related article: Expert emphasizes securing the weakest link in cybersecurity: IoT consumer products
Internet-connected devices are reshaping people’s lives, yet they remain among the most highly vulnerable of consumer products, emphasized a global expert on cybersecurity testing and certification on Tuesday, underscoring the critical need for protective measures to be enacted on all such devices worldwide.
In an interview with The Readable, Jerome Hamel, the head of Cybersecurity Technical Governance at Bureau Veritas Consumer Products Services (CPS), emphasized the importance of protecting consumer internet of things (IoT) products. He noted that these products not only endanger the personal data of users but also serve as intermediaries enabling attackers to target critical assets.
Hamel remarked, “Consumer IoT is the weakest link in cybersecurity. While there are often robust security measures in the cloud and on the network itself, the devices connected to the network are very often inadequately protected.” READ MORE
