Internet of things (IoT)


14 Mar 2017

Speaking at a cybersecurity conference, Maureen Ohlhausen, acting chair of the US Federal Trade Commission (FTC) said that that the agency has not yet taken a position on whether there should be mandatory regulations for the Internet of Things (IoT), rather than self-regulation and standardisation from industry groups. In the light of massive cyber attacks involving IoT devices, several experts have asked for governmental regulation in the field of IoT security. Ohlhausen said that, if there is potential harm to consumers in a new technology, the FTC should not act until that harm manifests: ‘We don’t know if that risk will materialize. It may well materialize, but a solution may materialize at the same time.’

13 Mar 2017

A study conducted by Tripwire and Dimensional Research reveals increased concerns over the security of the industrial Internet of Things (IoT) – connected devices in critical infrastructures such as energy, utilities, government, healthcare, and finance. The study looked at the  industrial IoT deployment in organisations, and the expected security concerns in 2017. Ninety-six percent of the surveyed information technology security professionals expect to see an increase in security attacks on the industrial IoT in 2017. Moreover, 51% of them said they do not feel prepared for security attacks that abuse, exploit, or maliciously leverage insecure IoT devices, while 64% said they already recognise the need to protect against IoT attacks, as there continue to gain popularity among hackers.

8 Mar 2017

WikiLeaks released over 8000 pages of confidential documents of the US government dating from 2013 to 2016, that provide detailed description of the CIA ability to hack the phones, computers and smart devices. The leaks, dubbed "Vault 7", reveal that the CIA was able to compromise the software of all the major vendors, including Apple, Microsoft and Android, as well as those of producers of Internet of Things devices such as Samsung, which confirms the agency is collecting and exploiting vulnerabilities in these systems instead of reporting them to vendors to patch them. CIA was also able to trick the major anti-virus programmes, such as those of Kasersky, BitDifender, AVG and F-Secure, to avoid detection of the intrusion into a system. While the hacking arsenal disclosed could not break the encryption of the most popular communication applications like WhatsApp, Telegram or Signal, the ability to penetrate into the operating system of the users' phone and access the messages before being encrypted made the encryption irrelevant. The source code of the hacking tools was, however, not publicly disclosed by WikiLeaks but was instead saved until vendors and security companies do further analysis. The documents also reveal that the hacking tools have been exchanged beetween various intelligence services within the US as well as with the partners from Five Eyes (Australia, Canada, New Zealand and the United Kingdom). While the CIA did not comment on the authenticity or content, some sources confirmed to The New York Times that the code names of CIA programmes mentioned in the documents appear to be genuine.


The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'. Such devices both generate enormous amount of data and create new contexts in which data are used. IoT triggers a multitude of policy issues, from standardisation to protection of privacy.

When we say that Internet helps us to connect we also implicitly refer to the fact that some of our devices can be connected and transfer data among themselves. Primarily, we are thinking about computers, mobile phones, tablets, e-readers. But what if every device we use on a daily basis, such as transportation vehicles, home appliances, clothes, city infrastructure, medical and healthcare devices, can connect via the global network to a remote center or to other device? This gives the term ‘connected’ a different, broader meaning.

This is the general idea behind the IoT, a network of physical objects or ‘things’ connected via electronics, software, and sensors to exchange data with manufacturers, operators, or other connected device. The main objective is to achieve greater value or service. IoT devices use the present Internet structure, not a separate/different Internet.  

The most common sensors currently used for IoT device communication are radio frequency identifiers, universal product codes, and electronic product codes. In addition, researchers are continuously exploring new modalities for connecting IoT devices, such light emitting diodes (LEDs).

Some of the most developed IoT industries include home automation, health monitoring, and transportation. Other industries where IoT is playing a prominent role important role are energy, infrastructure, agriculture, manufacturing, and consumer applications.

In general terms, the IoT in increasingly seen as having a significant development potential, that can contribute to achieving the sustainable development goals (as underlined in an ITU–Cisco Systems report from 2016, and at various sessions held at the IGF 2016 meeting).

Even if the size of a single piece of data generated by connected Iot devices could be quite small, the final sum is staggering due to the number of devices, estimated to reach between 20 and 100 billion by 2020. According to the International Data Corporation, by 2020 the ‘digital universe’ will reach 44 zettabytes (trillion gigabytes), and 10% of this amount would come from IoT devices.

Public and private initiatives

The business sector is leading major IoT initiatives. While companies such as Intel and Cisco continuously develop their portfolios of IoT services, telecom operators have started to deploy IoT-dedicated networks on large scale, to encourage the use of IoT. Moreover, companies from different sectors are joining forces in alliances aimed at further contributing to developments in the field of IoT. Examples include the Open Connectivity Foundation, whose aim is to contribute to achieving interoperability among IoT devices, and the LoRa Alliance, which works in the field of IoT standardisation.

Governments are also becoming more and more aware of the opportunities brought by the IoT, and they are launching various types of initiatives in this area. The European Union, for example, has initiated the Horizon 2010 Work Programme 2016 -2017: Internet of Things Large Scale Pilots for testing and deployment, a funding programme aimed to encourage the take up of IoT in Europe. In the USA, the Department of Commerce has issued a Green Paper on Fostering the Advancement of the Internet of Things, and is exploring a potential role (and related benefits and challenges) for the government in supporting the evolution of the IoT field. The Chinese government, on the other hand, has created the Chengdu Internet of Things Technology Institute, through which it funds research in various IoT-related areas.

IoT, data protection, and security

The IoT generates massive amounts of data, and this has triggered major concerns related to privacy and data protection. Some IoT devices can collect and transmit data that are of personal nature (e.g. the case of medical IoT devices), and there are concerns about how the devices themselves are protected (ensuring their security), as well as about how the data they collect is processed and analysed. While information transmitted by an IoT device might not cause privacy issues, when sets of data collected from multiple devices are put together, processed, and analysed, this may lead to sensitive information being disclosed.

IoT devices are increasingly used as tools in large cyber-attacks, bringing the security of such devices into sharper focus. One notable example is from October 2016, when a series of distributed denial of service (DDoS) attacks against Dyn Inc., a large Domain Name System hosting and DDoS‐response provider serving top online service providers, rendered many services – including Twitter, PayPal, Reddit, and Spotify – temporarily unavailable, and slowed down Internet traffic across the globe.  In the context of ongoing debates on the responsibility that the private sector should take when it comes to IoT security, companies have started to launch initiatives in this area. In one such example, AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trustsonic have formed the IoT Cybersecurity Alliance, with the aim to ‘help customers address IoT cybersecurity challenges, demystify IoT security, and share best practices’. At the same time, standard-setting organisations are more carefully looking into developing IoT security standards. Despite such initiatives, there have been calls for governmental intervention, with security experts arguing that the private sector is not sufficiently motivated to appropriately address IoT security concerns, and that regulations and public policies are needed to cover issues related to security standards, interoperability, and software updates requirements.

IoT, big data, and artificial intelligence

Ongoing developments in the field of automated systems (i.e. self-driving cars, medical robots, etc.) bring into light an increasingly important interplay between IoT, artificial intelligence (AI), and big data. Artificial intelligence, a field that undergoes a very fast development, provides ‘thinking’ for IoT devices, making them ‘smart’. These devices, in turn, generate significant amounts of data – sometimes labeled as big data. This data is then analysed and used for the verification of initial AI algorithms and for the identification of new cognitive patterns that could be integrated into new AI algorithms.

While this interplay presents an enormous business potential, it also brings new challenges in areas such as the labour market, education, safety and security, privacy, ethics and accountability. For example, while AI systems can potentially lead to economic growth, they could also generate significant disruptions to the labour market. As AI systems involve judgements and decision‐making – replacing similar human processes – concerns have also been raised regarding ethics, fairness, justice, transparency, and accountability. The risk of discrimination and bias in decisions made by autonomous technologies is one such concern, very well illustrated in the debate that has surrounded Jigsaw’s Conversation AI tool. While potentially addressing problems related to misuse of the Internet public space, the software also raises a major ethical issue: How can machines determine what is and what is not appropriate language?

Such challenges have determined both governments and the private sector to take several steps. The US National Science and Technology Council outlined its strategy for promoting AI research and development, while the White House made recommendations on how to prepare the workforce for an AI‐driven economy. The UK Parliamentary Committee on Science and Technology asked the UK government to take proactive measures. In the European Parliament, the Committee on Legal Affairs proposed the adoption of an EU ‘legislative instrument’ to tackle legal questions related to the development of robotics and AI, as well as the introduction of ‘civil law rules on robotics’. In the private sector sphere, major Internet companies (IBM, Facebook, Google, Microsoft, Amazon, and DeepMind) have launched the Partnership on Artificial Intelligence initiative, aimed at addressing the privacy, security, and ethical challenges of AI, and initiating a broader societal dialogue on the ethical aspects of new digital developments.




Recommendation ITU-T Y.2060 ‘Overview of the Internet of things’ (2012)

Other Instruments



An Insider’s Handbook for IoT Startups (2016)
2016 Data Threat Report (2016)


Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


The Internet of Things (IoT): An Overview - Understanding the Issues and Challenges of a More Connected World (2015)


Technology, Media and Telecommunications Predictions 2017 (2017)
One Internet (2016)
State of the Market: Internet of Things 2016 (2016)
Smart Homes and the Internet of Things (2016)
Automotive IoT Security: Countering the Most Common Forms of Attack (2016)
Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2015–2020 (2016)
Harnessing the Internet of Things for Global Development (2016)
Measuring the Information Society 2015 (2015)
Recommendations for future collaborative work in the context of the Internet of Things Focus Area in Horizon 2020 (2015)
OECD Digital Economy Outlook 2015 (2015)
The Internet of Things: Mapping the Value Beyond the Hype (2015)
The Impacts of the Internet of Things - The Connected Home (2015)
Security: The Vital Element of The Internet of Things (2015)
Industrial Internet of Things: Unleashing the Potential of Connected Products and Services (2015)

GIP event reports

Report for Symposium on The Future Networked Car (2017)
Report for World Economic Forum Annual Meeting 2017 (2017)

Other resources

Internet of Things and the Smart Home Survey (2016)
The CEO's Guide to Securing the Internet of Things - Exploring IoT Security (2016)
GSMA IoT Security Guidelines (2016)
Cyber Security Guidelines for Smart City Technology Adoption (2015)
Security Guidance for Early Adopters of the Internet of Things (2015)


IGF 2016 Report


Many sessions at IGF 2016 addressed challenges and opportunities associated with the Internet of Things. The IoT can contribute to achieving the SDGs (Harnessing IoT to Realize the SDGs: What’s Required? - WS35), through applications in areas such as smart cities (ICTs for Smart and Sustainable City - WS69), agriculture, and autonomous devices (Internet of Things for Sustainable Growth - WS157). But multistakeholder efforts are needed to address challenges related to security of devices, privacy and data protection, interoperability and standardisation (The Network of Networked Things: Finding the Internet in IoT - WS170), and ethical and societal implications (Dynamic Coalition on the Internet of Things).

The GIP Digital Watch observatory is a service provided by


in partnership with


and members of the GIP Steering Committee



GIP Digital Watch is operated by