Many Canadians have invited danger into their lives. Imagine technology with the ability to put people at risk found throughout an average home - in the kitchen, garage, hallway or bedroom. No, this isn't the science fiction plot of an Isaac Asimov novel. This is a danger grounded much more in the present. This is the real danger of the Internet of Things (IoT).
IoT devices connect to the internet - thermostats, connected coffee makers, Bluetooth speakers - the list goes on and on. These devices make our lives easier. They are fun and functional.
Some IoT devices can be updated and made secure for consumers so that data and personal information isn't easily compromised. Others, often inexpensive devices found online and in stores across the country, cannot be secured, leaving them vulnerable and open to bad actors on the net looking for a way in. A way into your private information, your network and beyond. The growing popularity of connecting almost anything to the online world means we have an urgent need for policy and awareness.
A multistakeholder approach to IoT security
CIRA, along with the Internet Society (ISOC), Innovation, Science and Economic Development (ISED) and the Canadian Internet Policy and Public Interest Clinic (CIPPIC), form a core team tasked with facilitating a multistakeholder approach to identify and guide the development of IoT policy, putting security at the heart of internet innovations in Canada. The goal is to bring together relevant government, academia and private and non-profit sectors to tackle this ever-growing challenge.
Securing IoT devices benefits individual Canadians, but I'd be remiss not to note the importance for CIRA as well. We're all too aware of the consequences IoT vulnerabilities can have when managing a domain name system (DNS). A counterpart of ours in the U.S. experienced this in 2016 when IoT devices (think Wi-Fi baby monitors) helped bring down websites across the U.S. including Twitter, Netflix, CNN and many others. While we have experts in cybersecurity here at CIRA, particularly related to the DNS, the vulnerabilities of IoT weigh on my mind.
With all that said, the first meeting of this IoT committee was held on April 4th, with a packed agenda that included a welcome message from ISED's director general, Pamela Miller. I, along with other speakers, provided an overview of the risks of IoT to help set the stage. Then a discussion began around defining IoT devices specifically for our work ahead, along with what we could expect to achieve in a year.
On the first point, there was much debate and we didn't reach consensus, an important ingredient in a multistakeholder environment. On the latter, we recognized that when it comes to an issue of this size and complexity, a year is not a lot of time.
We agreed that helping grow awareness in Canada is vital. What an awareness campaign might look like remains to be seen, but the idea of nationwide workshops came up.
In CIRA's corporate strategy, we have an ambitious goal to build a better online Canada. With that goal in mind, helping find ways to secure devices that are growing in popularity in Canadian homes is an important step in the right direction.
A website has been created with further details of this multistakeholder approach to IoT security, and I look forward to providing updates as this work proceeds.