Governance, security and privacy are probably the most challenging issues in the Internet of Things(IoT) and they have been extensively discussed in many forums. While most of the organisation work on Internet governance, a logical step can extend these concepts to IoT governance. But the difficulty of IoT is that the high number and heterogeneity of technologies and devices, which require even more specific Governance solutions and approaches that are more complex in nature. Size and heterogeneity in fact, are the two main components that affect the governance of IoT. The governance is considered as a double-edged sword, because it can offer stability and support for decisions but it can also become excessive and result in an over-controlled environment.
Nevertheless, since there are no legal frameworks for IoT governance, even if the differences between the IoT and the Internet have been overestimated at the beginning, an analysis of the major IoT governance issues (legitimacy, transparency, accountability, anti-competitive behaviour) seems to be worthwhile to design and develop.
Heterogeneity requires security to overcome the impossibility of implementing efficient protocols and algorithms on all the devices involved across the many IoT application areas. Without guarantees in security, stakeholders of governance ecosystem are unlikely to adopt IoT solutions on a large scale. For this reason, the development of enforcement techniques to support scalability and heterogeneity, to anonymise users’ data and to allow context aware data protection are key factors.
In the IoT context, it is difficult to separate the concepts of Governance, Security and Privacy, because addressing privacy and security aspects to achieve trust in IoT would probably need governance mechanisms as well. As mention before, at the higher level of the interaction of IoT with users, ethical aspects cannot be disjointed from the governance, security and privacy aspects as well.
In addition to that the proliferation of wireless devices with ubiquitous presence is expected to worsen the issue of privacy due to the current design of the link-layer and lower layer protocols, which usually expose information like implicit names and identifiers that can reveal users identity. To eliminate these issues, these layers should be redesigned in order to minimize the collection of such data, conceal important information from the un-trusted parties and, to reveal proper information to the authorized or trusted parties. The management of heterogeneous devices, applications and protocols can be also addressed using the principles of service-oriented computing, which going to achieve a significant flexibility in different levels of the IoT architecture
The key challenges for Governance, Security and Privacy in IoT
The IoT has to overcome not only a wider heterogeneity of connected systems, communication technologies and resource constraints, but has also to face challenges related to the potential unbounded number of interacting entities and substantial differences in the interaction patterns. Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC) systems, as well as PKIs, are not yet able to fully address these challenges providing scalable, manageable, effective, and efficient access control mechanisms. IoT challenges two different levels, considering the subdivision into the three main topics of governance.
IoT governance is one of the key remaining challenges. Achieving the right governance framework is critical to IoT’s success across all aspects from architecture, through standards to implementation. IoT embraces a breadth of established, emerging and evolving technologies across a variety of vertical domains that to achieve open interoperability and an environment for market driven application innovation IoT requires an inclusive governance framework which is as yet inexistent.
IoT security and privacy features addressing today’s needs and those that provisions for the requirements of tomorrow need to be sympathetic to the end user while accommodating an anticipated increasing complexity of requirements from the expansion of cross domain applications.
The next generation technology required a robust IoT policy and architecture in order to extend the path to a point where there has been sufficient consideration of the IoT vision enablers for IoT to flourish backed by sustainable commercial exploitation.