Ahead of what is anticipated to be a strong inflow of electronic devices incorporating Internet of Things (IoT) technology, the Telecommunications Regulatory Authority (TRA) of the Sultanate of Oman is formulating regulations to ensure that connected devices and networks are safe from security and cyber threats.
Our world is awash with IoT devices – pieces of hardware and machines that can communicate with each other and exchange data over the Internet. They are found in everything from household appliances and consumer gadgets to industrial machines and infrastructure systems and even transportation equipment.
But, given the ubiquity of IoT devices and with their presence expected to grow exponentially going forward, they can pose a threat to users – individuals, businesses, infrastructure systems, and government institutions – if not suitably secured from potential attacks from hackers and cyber-criminals.
To this end, the TRA has come out with draft guidelines that, when adopted and enforced, will require vendors, manufacturers and service providers of IoT devices and related software services to comply with robust security standards.
The draft version of the ‘Internet of Things (IoT) Security Regulatory Framework’, issued by the telecom regulator last week, seeks to elicit feedback from stakeholders and the general public before it is enacted into law.
“The Sultanate of Oman stands as one of the leading countries in the world in terms of digital transformation which thereby shows is a swift transition to an IoT environment. However, new technologies come with new threats. To allow Omanis to derive the most benefit from IoT technologies, their security must be ensured,” the regulator noted in the preamble.
“Our vision is a safe society, government, and business environment, which support and adopt developments in IoT as an essential element of Industry 4.0, without increasing vulnerability or compromising trust, while minimising the net cost of IoT cybersecurity for the economy. With this comprehensive and compelling vision, we aim to achieve a secure IoT ground in the Sultanate with an ultimate alignment with relevant Vision 2040 priorities,” it further noted.
In rolling out sturdy IoT security regulations, the Authority has pledged to work closely with, among others, the Ministry of Transport, Communications and Information Technology, the Cyber Defence Centre, and other relevant authorities involved in IoT security matters.
A key goal of the legislation is to ensure security across the IoT value chain, encompassing both hardware and software, according to the TRA. Vulnerabilities anywhere in the value chain can be exploited by cyber-criminals to mount large, coordinated attacks, such as Distributed Denial of Service (DDoS), using mass end-devices to bombard a server, software or network with Internet traffic, and causing disruption, it warns.
The proposed regulations also seek to place a certain onus on service providers and licensees to ensure that IoT security is primarily their responsibility across their networks. Consequently, they have an obligation to ensure they select vendors and integrators who offer secure devices and services.
“Service providers should be aware that they may be legally culpable and/or suffer reputational damage in the case of grave security breaches resulting from their deployed IoT services or the back-end to these services, where the deployed technologies are not of a reasonable standard,” the Authority added.