Through necessity, the internet industry has developed novel approaches to setting standards and addressing stakeholder concerns
T E S T M a g a z i n e | N o v e m b e r 2 01 7
T H O U G H T
WHAT DOES A SOLUTION LOOK LIKE? There are no silver bullets here, and probably there will never be a point where we can say that all of the issues with IoT have been “solved”. There will always be issues that need to be addressed. If there is a solution, it will likely come in the form of a process and a mode of working that allows the IoT industry to quickly adapt and address the many different concerns of customers, regulators and other stakeholders in a timely fashion. Here it may be instructive to look at how the traditional Internet community has worked over the years. Through necessity, the internet industry has developed novel approaches to setting standards and addressing stakeholder concerns. This has resulted in the so-called “multistakeholder model” that is built on openness, transparency, and participation from all stakeholders. There is also a kind of flexibility inherent in this model. While a perfect solution may be elusive, there is usually a compromise that can be found. “We believe in rough consensus and running code,” states one infamous internet Engineering Task Force document, which underscores the fact that many internet standards were developed “on the go” with consensus decisions based on the results of working prototypes.
L E A D E R S H I P
When there is a security incident, there is an expectation that it will be followed by appropriate and transparent disclosure. This is key not only to maintaining trust but also to safeguard other network operators who may share the vulnerability. No doubt there are similar approaches to the responsible disclosure of security and safety incidents in the airline industry, for example, and these working examples could be applied to parts of the IoT landscape, where small design mistakes or manufacturing errors can have serious and far reaching consequences. All of this is in stark contrast to today’s reality, where attempting to reveal a security vulnerability to IoT manufacturers will often generate legal threats. Finally, in as much as the IoT is about things that are connected to the internet – many of the associated issues may not be quite as novel as they first appear. There are established, open communities that have been working on network and ICT security, privacy, network abuse and related issues for decades, including RIPE, the IETF, IEEE and W3C. These communities have developed a base of standards, documentation and knowledge that will help developers who are working at the intersection at these issues. They also welcome the unique perspective of people working in the IoT field to inform their policy and standards development discussions.
Assisting the most adequate tests possible, software testing tools help to defeat repetitive, vulnerable operations – replacing the human el...