In an increasingly digital world, having secure internet infrastructures is a challenge and an obligation. As the number of devices sharing data increases, thanks to the rise and democratization of the Internet of Things (IoT), so does the number of threats facing users.
In this sense, it is estimated that, if the current rate of growth is maintained, the value of the damages caused by cyberattacks will amount to around 10.5 trillion dollars a year in 2025, compared to three trillion in 2015, which represents a increase of more than 200%.
The development of cybersecurity measures to mitigate and reduce these risks must be sustainable. By betting on sustainability, the internet is encouraged to be an environmentally responsible element, equitable access to the network is guaranteed, digital inclusion is promoted and social responsibility is promoted.
This is one of the premises that led researchers from the Open University of Catalonia (UOC) to coordinate the Bringing Sustainable Cybersecurity to the Internet of Things (SECURING) project, in which the Autonomous University of Barcelona (UAB) and the University Rovira i Virgili (URV) in Tarragona.
The project seeks to contribute to the sustainable development of the internet by providing cybersecurity and privacy technologies that efficiently protect the infrastructures of the internet of things. In this way, an important part of the economies will be protected, at the same time that sustainability will be promoted from the social and environmental point of view.
The importance of having a sustainable internet
It is becoming increasingly clear that the concept of sustainability must not be relegated to the economy and the environment, but must be integrated into all areas and sectors. Among them, digital: the internet moves the world, so if it is unsustainable, the world will be too.
In 2020, there were more than 9.7 billion IoT devices on the planet, and it is estimated that the number could triple by 2030. Producing, maintaining and protecting these devices and the activities they carry out (thanks to cybersecurity) require sustainable methods.
“In the context of IoT, sustainable cybersecurity involves ensuring that devices and systems are secure and private, while minimizing environmental impacts and maximizing energy efficiency opportunities,” explains Professor David Megías, director of the Internet Interdisciplinary Institute (IN3) of the UOC and coordinator of the SECURING project, together with professor and researcher Helena Rifà, from the Computer Science, Multimedia and Telecommunications Department.
Not promoting sustainability would have consequences in different areas. “We can speculate on some potential consequences of not promoting sustainable cybersecurity, such as service interruptions due to cyberattacks; the loss of privacy, information and trust on the part of users, or the increase in congestion problems that can reduce the speed and efficiency of the network”, explains Megías, who heads the K-riptography and Information research group Security for Open Networks (KISON).
In addition to this, if IoT devices are not designed to be energy efficient and are not recycled properly, they can contribute to the environmental impact of the internet and promote both the emission of greenhouse gases that cause climate change and the increase in waste.
According to the project coordinators, avoiding these problems requires a proactive approach to security, adequate regulation and the promotion of a sustainable cybersecurity culture. This culture must be fostered among all stakeholders: from software developers to the users themselves.
The first step to guarantee sustainability must be taken in the very creation of the IoT devices, an aspect on which the SECURING project focuses. “Incorporating sustainable cybersecurity into ICT and IoT design is essential, as it ensures that devices are secure and private from the start and protects users from potential cyberattacks and privacy breaches,” says the IN3 director.
“In addition, by using more efficient materials and production processes and creating devices with greater durability and repairability, the environmental impact of technologies can be reduced. In summary, by considering sustainable cybersecurity in the design of ICTs and IoT, more secure, sustainable and efficient solutions can be created that benefit both users and the environment”, indicates the UOC professor.
In the years to come, not only will cybercriminals become more common in the world, but the cost of damage perpetrated by this class of criminals will also increase. (Image: Amazings/NCYT)
The objective of SECURING is to propose new technological solutions to security and privacy issues. The researchers seek to contribute to infrastructures focused on intrusion detection and prevention (IDP) techniques, design new sustainable privacy protocols, and propose a new community-based crowdsensing communication paradigm.
Its methodology is based on the design and creation of software or hardware solutions and the subsequent performance of formal tests. In the development of the project, technologies such as machine learning, the chain of blocks (blockchain) and digital watermarks will be combined, and privacy guarantee mechanisms will be implemented to ensure that the personal data of end users are protected at all times. .
The project is a multidisciplinary initiative that combines ICT with law. “One of the members of the research team is specialized in law and particular research methods will be used in this area for the application of standards such as the General Data Protection Regulation (RGPD) to the technological solutions that are developed,” explains Megías. .
The URV team that has participated in the project is led by Jordi Castellà-Roca and Alexandre Viejo, researchers from the Department of Computer Engineering and Mathematics. Its job is to ensure security, privacy and energy sustainability in the management of the life cycle of data acquired through IoT networks. Specifically, they will design systems to, first of all, acquire and store the data obtained by IoT devices in a secure, private and sustainable way. Subsequently, they will provide tools that allow the people who own this data to effectively control how third-party companies process and exploit it. In turn, these companies will be able to demonstrate the good use they make of this data. Both scenarios are circumscribed within the framework of the General Data Protection Regulation.
«Cyber risk is a complex phenomenon that involves multiple technical, legal, economic and social aspects. An interdisciplinary approach makes it possible to address these aspects in a comprehensive way, which makes it easier to obtain a deeper understanding of the problem and develop more effective solutions that may not only be technological, but will require an important social element”, concludes the project coordinator. (Source: URV)