There is sufficient knowledge today about the weaknesses of our IoT systems as well as some suggested ways to tackle them. However, most of these solutions have broader policy implications that we must take into account before we try to implement them.

It is a difficult task, owing to the multi-sectoral nature of the IoT industry and the supply chain itself. Still, it should be possible to improve the security of IoT, one recommendation at a time. Let’s have a closer look at the problem:

One of the critical weaknesses of IoT is the lack of end-to-end security that makes a system secure through its lifecycle. The fault persists because our current security standards are sometimes contradictory and don’t offer enough protection. Creating more standards will only further increase the problem if we don’t enable end-to-end security first. It is one of the priorities of IoT safety improvements.

Working on IoT security, sector by sector is proving to be a good practice, even though it’s less comprehensive than security experts would prefer. It has its challenges because each industry must also acknowledge that they don’t exist in a vacuum and that their supply chain is likely multi-sectoral. However, it’s possible to come to better cybersecurity solutions if every sector worked on this separately.

The regulatory burden is currently divided between public authorities and the private sector — and at times it seems that it’s not distributed as efficiently as it could be. Another issue is that there are many “soft” laws and regulations that the private sector only takes as guidelines that they don’t have to adhere to if a cost/benefit analysis says otherwise. These issues have to be addressed through a unified effort of the authorities and the private sector.

Cyber risk management is an attractive idea for IoT. However, even though it can improve through studying the human factor, these two approaches stand at odds when it comes to their overall philosophy. The study of social factors analyzes weaknesses and vulnerabilities after they’ve happened, while cyber risk management attempts to predict and address them before they come to be.

Many IoT issues start at the source, as early as the design stage of the process. To address them, manufacturers and designers of IoT devices need to adopt the security-by-default and resilience-by-design mindset. It would help them come up with better security and resilience solutions that would be embedded right into the device. Both of these approaches have further implications for other common IoT issues such as liability and regulation, but they’re a step in the right direction.

Improving IoT security is no easy task. It will require cooperation from a vast number of industries and policymakers. However, this effort can eventually ensure the cybersecurity of all of our IoT systems. Taking it one recommendation at a time is possible, as long as we understand what should come first.