Consumers don’t trust smart products

15. mars, 2019

Three out of four consumers are concerned about cybersecurity and privacy in smart products. The Norwegian Consumer Council is asking for minimum requirements for cybersecurity in internet-connected products.

An increasing number of devices are being connected to the internet and communicating with each other. This gives many obvious advantages. Lighting and temperatures can self-adjust, cars can adjust their speed and routes according to traffic, and coffee can be ready-made when you get up in the morning.

At the same time, many people are concerned that their safety and privacy could be endangered. Three out of four consumers say that they are worried that connected products can be hacked or put their privacy at risk. Almost as many people are worried about viruses, lack of quality, and that products are incompatible with each other, a survey commissioned by the Consumer Council shows.

– These worries are not unfounded. There are innumerable examples of products riddled with cybersecurity flaws, which makes us vulnerable to hacking, fraud, and identity theft, consumer director Inger Lise Blyverket says.

– There is a clear need for setting minimum requirements for cybersecurity in connected devices. The current lack of trust will lead to fewer people taking advantage of new technologies.

Asks the authorities and industry to act

In conjunction with a public inquiry from the Norwegian Cybersecurity Committee, the Consumer Council is presenting a set of suggestions that can lead to safer connected products:

• Binding minimum requirements for cybersecurity
• Increased enforcement on connected products.
• Cybersecurity must become a part of public procurement routines.
• Vulnerability disclosures must be facilitated and acted upon.
• Increased guidance of industry actors, in cooperation with authorities.

– The Committee has delivered a solid piece of work that demonstrates that the challenges are numerous and complex. We now expect the authorities and industry to act, Blyverket says.

– We want to emphasize that lacking cybersecurity is not only a consumer challenge. It can also be a threat to critical infrastructure, for example through bad actors hijacking connected thermostats in a large area and overloading the power grid.

The EU points the way

Last month, the European Commission published a roadmap that outlines the possibilities to ensure secure connected products. The Consumer Council are asking Norwegian authorities to play an active role in this work.

– Today’s environment of self-regulation and non-binding efforts is clearly insufficient. We hope that the Norwegian government will contribute to regulation that sets clear and binding requirements for cybersecurity in connected products.

Report on consumer attitudes towards connected products