Technewsworld has an interesting article:
Cybersecurity Conundrum: Who’s Responsible for Securing IoT Networks?
I do not want to focus on the IoT(Internet of Things) angle, instead pointing the spotlight at the responsibility of the Cyber breach (assuming they get breached):
{Global research and advisory firm Gartner predicts that, by 2024, 75 percent of CEOs will be held personally responsible for attacks on what Gartner calls cyber-physical systems (CPSs).
Gartner defines CPSs as “systems that are engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world, including humans.” }
There is an interesting Tweet from Eric Graves:
“In this report, trend Micro state users must take responsibility for managing their own internet-connected #devices because of the failure by many gadget manufacturers to build in up-front #security by default in their products Trend Micro post “
the relevant sentence from the trend Micro website is:
“Vulnerabilities in IoT devices are a reality that users must contend with. The more devices are on a network, the more challenging it is to keep track of and prevent threats that could leave the environment compromised. To protect IoT devices from being used to launch attacks like distributed denial of service (DDoS), users must always apply best practices when using such devices.”
Looking around for a different opinion I found Jaya Baloo the KPN CISO say that it should be the device manufacturer’s responsibility to create a secure device not the user who should find a way to make the device secure. She was in this youtube clip by Hot Topics.
As more and more are noting that we are and will plug in a very large number of IoT devices someone has to take ownership of the devices we love to use and plug into the Internet to make life easier.
Should it be the CIO, CEO, or dump it to the user?
Personally, I believe the IoT manufacturer CEO should definitely do everything possible to keep their devices from having cybersecurity issues. Should CEO be responsible ? Yes!!!
But if the user just buys whatever they want and plugs it in without any review of cybersecurity capabilities that is also bad. You cannot just say it is the CEO responsibility and plug in whatever. We also have to have the intelligence and moral ability to discern devices. Many Chinese made cameras are just not made with any security in mind. In fact they hard code the admin passwords, which are not hard to figure out. Some Chinese cameras are so easy to hack it is not funny.
Verkada.com has post to discuss hacking security cameras and how to protect them. Just to prove to you that the passwords are sometimes too easy here is the money quote(in the article): { In the case of the Hikvision hack, it was known to be “12345” with a username of “admin.”}