With the advancement of the “Fourth Industrial Revolution” driven by the Internet of Things(IoT)and other emerging digital technologies, people’s social and economic life is undergoing significant changes. The application integration and data refinement management of the IoT industry have promoted the development of the digital economy, improved the scale and quality of digitalization, and has profoundly changed the social production mode. The security risks related to IoT device security, data security and personal privacy protection have also gradually taken centre stage. IoT security has become an important challenge impacting cybersecurity, affecting individuals, enterprises, and even national security.

But existing reports on IoT security often focus on technology and market security while ignoring the partnerships among international organizations, national governments, and enterprises at various levels. Countries have formulated relevant laws, policies, and guidelines to improve IoT security. There is a contradiction between the regulation and governance of these security considerations and the rapid development of emerging technologies. Enterprise compliance costs are simultaneously constrained by IoT’s complex technology, market operations, and cybersecurity policies. Hidden factors behind the actions of emerging technologies, technology ecosystems, national policy norms, and market responses, such as geopolitics and national strategic security, hinder global collaboration on improving IoT security through supply chain security reviews.

The Research Center of Global Cyberspace Governance (RCGCG), in collaboration with ioXt (Internet of Secure Things Alliance) have conducted a collaborative study and jointly published the “Report on 2022 Global IoT Security” around global IoT security, providing a structure that encompasses technical security, market compliance, policy perceptions and other professional perspectives, which complete a panoramic overview of global IoT security and IoT governance in 2022.

The report points out that the overall global IoT security is complex, with the technical characteristics of IoT intertwined with the risks of cybersecurity. Compared with traditional Internet models, the multi-source heterogeneity, openness, ubiquity, and other characteristics of the IoT expose it to more complex cybersecurity risks and challenges. In recent years, with the massive number of devices accessing the IoT, and the impact of COVID-19, the scale of the IoT industry and the external and internal cyberattacks against the IoT have increased simultaneously, and the number and complexity of cyber security threats are rising simultaneously.

Focusing on the overview of global IoT security governance, the report clarifies the security system framework and standards established by the UN, ISO, ITU, and other relevant international organizations to guide and improve the quality and security level of IoT services. The paper also highlights corporate case studies in cybersecurity, including TuYa Smart and other industry leaders. The white paper applauds Tuya Smart for its holistic approach to cybersecurity leadership; specifically for acquiring international third-party security certifications, establishing the Tuya Security Team, creating secure and independent data storage centers, and developing innovative security products in-house.

In addition, the report compares the top-down IoT security policy layout and governance philosophy of nine countries, including the U.S., the EU, Australia, UK, Canada, Singapore, Mexico, Malaysia and China. From the market perspective, the report shows the bright prospects for the stable development of the IoT industry with a large number of data analysis. In summary, the report concludes that IoT is both an endogenous security issue that requires companies to explore security solutions and a national governance issue that requires national policy regulation. At the same time, the transnational nature of IoT also requires countries to strengthen cooperation and create a joint response.

Based on a comprehensive analysis of the global IoT security and governance landscape, the report identifies four key challenges faced by IoT enterprises in the compliance process: increasingly stringent cybersecurity policies and blurred legal boundaries, the complexity of technological increases compliance costs, the contradiction between outdated policies and the application of new technologies, and geopolitical games increase the complexity of the IoT security landscape.

The main authors of this professional report are fellows from RCGCG and ioXt. During the compilation process of the report, they also exchanged and spoke with scholars from renowned think tanks and universities, such as the Shanghai Academy of Social Science, China Institute of International Studies (CIIS), China Institute of International Studies (CIIS), China Academy of Information and Communications Technology (CAICT), the U.S. Stimson Center, Massachusetts Institute of Technology (MIT), Harvard Kennedy School, further improving the content and quality of the report.

The report put forward twelve important initiatives that will help maintain global IoT security, enhance the efficiency of global IoT security governance and promote the growth of the IoT’s digital economy and innovation.

  1. Build an International Environment of Mutual Trust
  2. Strengthen Guidance in Legal Compliance
  3. Improve the Construction of Standard Systems
  4. Optimize the Construction of IoT Ecological System
  5. Establish Risk-Response Mechanism
  6. Improve Corporate-Compliance Capacity
  7. Enhance Consumer Awareness for Safe Use
  8. Rigorously Implement Technological Solutions
  9. Build an IoT Security Industrial Chain
  10. Build Service Systems
  11. Construct Lifecycle Security-Guarantee Systems
  12. Solidify the IoT Security Talent Pool