Font size:
Print
IoT Vulnerabilities: A Growing National Security Threat
Context:
The Indian government has recently placed Internet of Things (IoT) modules manufactured by Chinese companies under heightened scrutiny, recognising the potential risks they pose to national security.
|
The Internet of Things (IoT) refers to a vast network of interconnected physical devices that can collect, transmit, and receive data over the internet without requiring human intervention. This concept encompasses a wide range of devices, from everyday household items to complex industrial machinery. |
More on News
- This move follows earlier restrictions on Chinese apps and telecom equipment but has broader implications, extending to critical sectors such as healthcare, agriculture, smart cities, and industrial automation.
- While IoT devices drive efficiency and technological advancement, they also introduce significant cybersecurity risks, underscoring the need to safeguard India’s digital infrastructure.
Vulnerabilities of IoT Devices
- IoT Security Doorbells (July 2023): CERT-In identified vulnerabilities in Qubo’s IoT doorbells, making them susceptible to hacking, unauthorised surveillance, and botnet attacks.
- Connected Vehicles Breach (November 2023): Over 600 Indian smart vehicles were compromised, allowing attackers to track real-time locations and demonstrate remote control capabilities.
- Parking Solutions Data Leak (May 2024): A cybersecurity flaw in a major Indian parking company exposed sensitive user data, including contact details, license plates, and parking locations, raising serious privacy concerns.
Digital Infrastructure and Geopolitical Implications
-
- Threat to Critical Infrastructure: Security breaches in healthcare, transportation, and defense can disrupt essential services, compromise military systems, and impact economic stability.
- Global Cybersecurity Concerns:
-
- Ukraine (2024): SSU exposed Russian cyber actors exploiting IoT vulnerabilities for intelligence gathering and airstrike coordination.
- United States: Concerns over Chinese cranes at ports potentially enabling espionage and supply chain disruptions.
- TP-Link Scrutiny: Reports suggest compromised TP-Link devices were exploited in ransomware operations.
- United Kingdom: Security flaws detected in Hikvision IP cameras, with potential data transmission to Chinese servers.
Mitigating IoT-Related Threats
- Establishing a National IoT Task Force: A dedicated task force comprising experts from cybersecurity, intelligence, telecommunications, and industry sectors could spearhead efforts to regulate, audit, and monitor IoT integration across critical infrastructure.
- Restricting High-Risk IoT Deployments: The government could impose strict regulations prohibiting Chinese-manufactured IoT devices in sensitive areas such as defense installations, power grids, and public utilities.
- Implementing Stringent Certification Standards: The Standardisation Testing and Quality Certification (STQC) Directorate, under the Ministry of Electronics and Information Technology, could enforce rigorous testing and certification for IoT devices deployed in critical sectors.
- Manufacturers could also be required to provide a Software Bill of Materials (SBOM) and a Bill of Materials (BOM) for each device, ensuring transparency in component sourcing.
- Strengthening Domestic IoT Manufacturing: India’s push for self-reliance in technology through the Production Linked Incentive (PLI) scheme could be extended to support the domestic production of secure IoT alternatives.
- Raising Public Awareness on IoT Security: Educational initiatives targeting businesses and consumers could help promote a security-first mindset, encouraging users to prioritise verified and secure IoT products.
As India accelerates its digital transformation, ensuring the security of IoT infrastructure is paramount. The government’s scrutiny of Chinese-manufactured IoT modules is a necessary step in safeguarding national security, data privacy, and critical infrastructure.
