Unified Industry Effort Needed on Connected Home Cybersecurity, Says CABA
Privacy and cybersecurity need to be factored into connected home building amid the growth in consumer adoption of connected devices, reported Frost & Sullivan Friday in a research project for the Continental Automated Building Association. The $130,000 project was funded by CABA members Acuity Brands, CommScope, Community Smart Living, CSA Group, CTA, National Research Council, Resideo Technologies, SnapAV and UL with the goal of setting a “measured response plan” for the industry to fast-track solutions that treat cybersecurity protections “as the norm.”
Cybersecurity and privacy concerns in the smart home will likely worsen with device ownership and demand for gadgets growing, said the report. “Cybersecurity and privacy remain perhaps the foremost challenges for the connected home industry right now, compounded by technology adoption by new demographic segments, such as older adults and children and large numbers of young adults,” said CABA CEO Ron Zimmer. The report reviewed the challenges of implementing protection measures and evaluated the perceptions of various industry stakeholders, including their accountability in managing challenges, while providing best practices.
A survey of 1,100 consumers included in the report found 29% of connected home device users experienced some form of cyber breach over the past 12 months, but their sophistication and vigilance is increasing. Over 80% of survey respondents said they used unique, complex passwords for multiple devices; 49% were aware of privacy guidelines. Consumers perceived the levels of privacy protection from vendors and service providers to be “very low,” it said.
Privacy and cybersecurity concerns highlighted in the research are complicated by the “expanding technology stack [that’s] increasing the potential for various vendors and service providers to inflict security breaches on each other’s networks," said Konkana Khaund, director-consulting, energy and environment, Frost & Sullivan, calling concerns “a serious threat to the market prospects of connected-home solutions.”
A “dynamic response plan” from key industry players is needed to counter growing cyberthreats, said the report, which noted privacy is a “changing concept” as consumers are exposed to new experiences, emerging technologies and associated service. Vendors’ expectations will shift as consumers weigh functionality, usefulness, and compromises to their privacy and anonymity, the report said.
Vendors and service providers need a “nimble and scalable” response plan to cope with their growth needs and consumers’ evolving demands for new connected products and solutions, the report recommended. They also have to step up compliance levels to keep pace with consumers’ increasing sophistication and vigilance and their growing expectations around privacy and security.
Instituting prescriptive cybersecurity requirements and minimum privacy provisions in connected products requires collaboration between alliances and standards-development bodies to ensure that interoperability and cyber compliance is achieved consistently, the report said. “Interdependencies and crossover impacts will continue to challenge regulators, assimilators, integrators, aggregators, and above all, consumers,” it said.