Did you know American homes average 21 connected devices across 13 categories, ranging from smart speakers to connected appliances? Despite promises of unprecedented convenience and functionality, smart home gadgets create troublesome security, privacy and management challenges. With IoT connectivity expanding, organizations across the industry must grapple with the complexities of securing this vast network of internet-connected “things.” Industry leaders, research laboratories like CableLabs and other organizations recognize and study these challenges, delivering insights highlighting an often-overlooked aspect of IoT security: The value of technology interoperability.

The IoT Security Conundrum

As we connect more thermostats, refrigerators and toasters, etc. to the internet and the IoT ecosystem expands, this rapid proliferation of connected devices opens the door to potential vulnerabilities. Many of these devices are traditionally developed within isolated, proprietary ecosystems, resulting in high barriers to interoperability.

Crucial features like security and privacy often take a backseat to flashy functionalities in the rush to market. As a result, security and privacy-conscious policies tend to exist more frequently in mature products with larger ecosystem support rather than in entrepreneurial, smaller, newer devices. Worse yet, when products are neither secure nor privacy-conscious by design, manufacturers and product retailers are left to add security post hoc, which has limited ability to genuinely protect devices in the manner that would be possible with intentional design.

When security and privacy are not core components of product design, IoT devices are among the most vulnerable on home networks. The challenges are multifaceted and include the following:

• Interoperability issues: Manufacturers implement their devices in their ecosystems to protect their management, control and orchestration from others. Consequently, devices from different manufacturers often struggle to communicate effectively, limiting their potential and creating fragmented user experiences. How many different apps control the smart devices in your home?
• Privacy considerations: Devices, products and ecosystems collect and process information within the smart home environment. Right now, consumers struggle to understand or manage what is being collected, how and where that collection occurs, what the data gets used to support, how long it is retained, with whom the information is shared, or if there is commerce related to sharing that data.
• Cost pressures: Security implementations can be expensive, leading some manufacturers to deprioritize security or privacy in the race to the market and remain competitive.
• Update difficulties: Many devices lack user-friendly update mechanisms, leaving them running on outdated firmware or software and vulnerable to emerging threats.
• Identification challenges: When compromised, pinpointing the unique credentials of the specific device causing issues on a network can be difficult. Identification must be balanced with privacy protections, and creative ways exist to enable both features, but they aren’t yet common in devices.
• Default passwords and weak authentication: While a less worrisome issue than in years past, IoT devices frequently ship with default passwords, which users often neglect to change, making them easy to compromise.

From a Ring security camera breach allowing hackers to view live feeds and communicate through the devices to 2016’s Mirai botnet attack compromising hundreds of thousands of IoT devices, IoT security vulnerabilities can have dangerous consequences. As these challenges continue, efforts to address the security and interoperability issues plaguing the IoT landscape grow more urgent.

Advancing Industry Standards and Spearheading Security Solutions

A bold, proactive approach across industry stakeholders and vendors must focus on several key areas to enhance IoT security, interoperability, privacy and device management.

Championing Interoperability

Players across the broadband industry have led and continue leading efforts in several major standards organizations — including Universal Plug and Play, Open Interconnect Consortium, AllSeen/AllJoyn Alliance, Open Connectivity Foundation and Matter/Connectivity Standards Alliance. Beyond participation, organizations like CableLabs and its employees take on leadership roles on boards of directors, chair working groups and contribute fundamental security protocols to the connected ecosystem.

Driving these standards helps create an environment where devices from different manufacturers can communicate seamlessly and, more importantly, securely. Interoperability opens the door to a cohesive and user-friendly IoT ecosystem.

Democratizing Security and Interoperability

One of the industry’s most significant contributions involves eliminating the cost barrier associated with implementing robust security measures and building interoperable connected home devices. By developing interoperability and security solutions and then offering them as open-source implementations, standard bodies go beyond long technical specifications and provide reference implementations to assist in effectively removing the financial excuse for inadequate security in connected devices.

The industrywide accessibility-focused approach equips all stakeholders — from smaller manufacturers and startups to big brands — to implement strong security protocols and interoperability without prohibitive upfront costs. Open-source solutions like these establish interoperability and security as the standard rather than nice-to-have add-on options.

Promoting Consistent Security Across Ecosystems

Strategically linking interoperability to security, industry leaders work to establish shared security expectations across different device ecosystems. In our interconnected homes, security must be integral to how devices interact. Setting these baseline security standards allows CableLabs and other industry players to raise the IoT landscape’s overall security posture, benefiting manufacturers and consumers alike.

Dictating Innovation in Technology Policy and Standards

Stakeholders across the technology landscape frequently inform policymakers of the technical considerations when pushing for policy changes, with certain organizations developing standards that promote immutable, attestable and unique identifiers for devices on subscriber networks. Innovations like this drive effective device management, especially in identifying and isolating compromised devices, and unlock a more secure and manageable IoT environment where network administrators can quickly identify and address potential security threats.

Simplifying Security Updates

When updating a device’s security requires users to jump through too many hoops, they simply won’t do it. Recognizing that users often ignore or fail to perform manual updates, industry groups have advocated for automated security updates for years. Automating updates can simplify the user experience while enhancing overall security. By pushing for devices and systems that can update themselves without user intervention, industry efforts help protect our smart home devices and our data.

The Future: Enhanced IoT Security and Device Management

While the work of organizations like CableLabs and other connectivity industry players lays the groundwork for a more secure, interoperable and user-friendly IoT ecosystem in our homes and offices, privacy and security challenges still need to be solved.

Fortunately, a multifaceted approach focused on standardization, open-source solutions and policy advocacy paves the way toward greater IoT security. Addressing the core issues of interoperability, security, privacy protections, transparency and ease of management can help shape an interconnected device landscape that balances innovation with robust protection.

The groundwork laid today sets the stage for the internet of things to realize its full potential while minimizing risks to users and networks. Through continued industrywide collaboration, innovation and technology policy advocacy, we can all look ahead to a future where IoT devices are smart, privacy-conscious, secure and seamlessly interconnected.