i3 - January/February 2021 - 13

By Mike Bergman

Tech

PIPE LINE

Whiskey, Hackers and the Devil's Share

 H 

ow can you tell if a connected gadget has been
hacked? You might not see it when the device gets
compromised. But it can be costly.

It's a little like when whiskey is aged in
barrels. " Angels share " is the part that
evaporates through the wood. It's invisible,
but a few percent - by volume - per year
of aging is lost this way. Distillers willingly
give up the unseen angel's share because
the whiskey becomes smoother as a result,
but that invisible tradeoff costs them a significant amount of their product in a
12-year aging process.
Separately, a retailer recently commented
that cybersecurity issues " just don't seem
real. " Meaning, when connected home
products are hacked it is invisible; it is difficult to know that they've been hacked.

Vectorpouch/Shutterstock

Why Worry about It?

One reason is that hackers like to rewrite
the software when they get " in " to a device.
Unfortunately, that new, hacker-provided
software may have bugs that cause problems, but the hacker only cares about stealing data or building a botnet. A hacked
device only needs to work well enough to
escape being replaced.
C TA . t e c h / i 3

i3_0121_13_Tech_Pipeline.indd 13

As a result, the hacked home gadget
keeps working - but can have symptoms
like odd behavior, failed features, slowdowns and freezes. When this happens,
the consumer may return their new gadget to the store, or call the installer to
come out and take a look at it. Those consequences are a sort of shrinkage, an
increased cost of doing business. These
costs hit the retailer, installer and manufacturer. There is also reputational risk for
everyone, especially the manufacturer.
And consumer perception has been
shifting away from buying connected
home products without some assurance.
One survey, " Consumer Attitude Towards
IoT Security " from Karamba Security in
November 2019, found that most consumers reported that they will only purchase a
connected device after researching the
product's security (23% of respondents),
or will not purchase a connected device at
all (51%). That's nearly three in four saying
that security matters, and it is an indication of potential lost sales.

These hacker-induced costs of doing
business are like the angel's share, in that
it's an invisible loss. But nothing gets better when hackers compromise a customer's device. Maybe these losses should be
called " devil's share " .
At this point, we turn to the development teams to take action. See our feature on page 20, for how cybersecurity is
impacting the retail channel.
The experts who develop CTA cybersecurity standards are working on these
issues. Development teams can now refer
to the new cybersecurity " Baseline " for
connected devices, CTA-2088 ( " Baseline
Cybersecurity Standard for Devices and
Device Systems " ).
The CTA baseline is a clear, unambiguous list of cybersecurity capabilities that
any connected consumer device should
have, whether thermostat, fitness tracker,
oven, security camera or smart TV. And it
has the potential to be very effective. A
recent study of nearly 200 hacked devices
showed that over 95% of those hacks would
have been stopped had the device met the
baseline requirements in CTA-2088.
The word " baseline " implies " minimum. " Everyone should at least meet the
baseline, to protect their products, brand
and customers. Excellent companies will
exceed the baseline, of course, and some
are even making their technology and
expertise available to their vendors and
customers to improve the ecosystem.
The baseline, CTA-2088, was developed by the R14 WG1 security working
group. It is applicable to most connected
devices including smart home products.
Some markets or sectors need more in
their baseline. Two CTA working groups
are dealing with the specifics of drones
(R14 WG3) and consumer robotics (R14
WG4). Contact standards@CTA.tech for
more information.

2021

Discussions at CES 2021 will examine
cybersecurity strategies.

JANUARY/FEBRUARY 2021

13

12/9/20 3:14 PM


https://www.ces.tech/ https://cta.tech/Resources/i3

i3 - January/February 2021

Table of Contents for the Digital Edition of i3 - January/February 2021

Contents
i3 - January/February 2021 - Cover1
i3 - January/February 2021 - Cover2
i3 - January/February 2021 - Contents
i3 - January/February 2021 - 2
i3 - January/February 2021 - 3
i3 - January/February 2021 - 4
i3 - January/February 2021 - 5
i3 - January/February 2021 - 6
i3 - January/February 2021 - 7
i3 - January/February 2021 - 8
i3 - January/February 2021 - 9
i3 - January/February 2021 - 10
i3 - January/February 2021 - 11
i3 - January/February 2021 - 12
i3 - January/February 2021 - 13
i3 - January/February 2021 - 14
i3 - January/February 2021 - 15
i3 - January/February 2021 - 16
i3 - January/February 2021 - 17
i3 - January/February 2021 - 18
i3 - January/February 2021 - 19
i3 - January/February 2021 - 20
i3 - January/February 2021 - 21
i3 - January/February 2021 - 22
i3 - January/February 2021 - 23
i3 - January/February 2021 - 24
i3 - January/February 2021 - 25
i3 - January/February 2021 - 26
i3 - January/February 2021 - 27
i3 - January/February 2021 - 28
i3 - January/February 2021 - 29
i3 - January/February 2021 - 30
i3 - January/February 2021 - 31
i3 - January/February 2021 - 32
i3 - January/February 2021 - 33
i3 - January/February 2021 - 34
i3 - January/February 2021 - 35
i3 - January/February 2021 - 36
i3 - January/February 2021 - 37
i3 - January/February 2021 - 38
i3 - January/February 2021 - 39
i3 - January/February 2021 - 40
i3 - January/February 2021 - 41
i3 - January/February 2021 - 42
i3 - January/February 2021 - 43
i3 - January/February 2021 - 44
i3 - January/February 2021 - 45
i3 - January/February 2021 - 46
i3 - January/February 2021 - 47
i3 - January/February 2021 - 48
i3 - January/February 2021 - Cover3
i3 - January/February 2021 - Cover4
https://www.nxtbook.com/nxtbooks/manifest/i3_20210304
https://www.nxtbook.com/nxtbooks/manifest/i3_20210102
https://www.nxtbook.com/nxtbooks/manifest/i3_20201112
https://www.nxtbook.com/nxtbooks/manifest/i3_20200910
https://www.nxtbook.com/nxtbooks/manifest/i3_20200708
https://www.nxtbook.com/nxtbooks/manifest/i3_20200506
https://www.nxtbook.com/nxtbooks/manifest/i3_20200304
https://www.nxtbook.com/nxtbooks/manifest/i3_20200102
https://www.nxtbook.com/nxtbooks/manifest/i3_20191112
https://www.nxtbook.com/nxtbooks/manifest/i3_20190910
https://www.nxtbook.com/nxtbooks/manifest/i3_20190708
https://www.nxtbook.com/nxtbooks/manifest/i3_20190506
https://www.nxtbook.com/nxtbooks/manifest/i3_20190304
https://www.nxtbook.com/nxtbooks/manifest/i3_20190102
https://www.nxtbook.com/nxtbooks/manifest/i3_20181112
https://www.nxtbook.com/nxtbooks/manifest/i3_20180910
https://www.nxtbook.com/nxtbooks/manifest/i3_20180708
https://www.nxtbook.com/nxtbooks/manifest/i3_20180506
https://www.nxtbook.com/nxtbooks/manifest/i3_20180304
https://www.nxtbook.com/nxtbooks/manifest/i3_20180102
https://www.nxtbook.com/nxtbooks/manifest/i3_20171112
https://www.nxtbook.com/nxtbooks/manifest/i3_20170910
https://www.nxtbook.com/nxtbooks/manifest/i3_20170708
https://www.nxtbook.com/nxtbooks/manifest/i3_20160102
https://www.nxtbook.com/nxtbooks/manifest/i3_20160304
https://www.nxtbook.com/nxtbooks/manifest/i3_20160506
https://www.nxtbook.com/nxtbooks/manifest/i3_20160708
https://www.nxtbook.com/nxtbooks/manifest/i3_20170506
https://www.nxtbook.com/nxtbooks/manifest/i3_20170304
https://www.nxtbook.com/nxtbooks/manifest/i3_20170102
https://www.nxtbook.com/nxtbooks/manifest/i3_20161112
https://www.nxtbook.com/nxtbooks/manifest/i3_20160910
https://www.nxtbookmedia.com