New industry-backed IoT security standards aim to improve device safety
New IoT security standards could make it easier to choose devices that are hardened against some of the most common vulnerabilities.
IoT covers pretty much any physical device which can be connected to a digital network. IoT devices like digital locks, smart speakers, home surveillance systems, and routers are increasingly common, but have frequently been flagged as at-risk to threat actors.
That poor security can create risks for the users of these devices, such as the wrong people being able to access their security webcam, and can risk opening a backdoor into their network.
IoT security flaws also can create problems for the wider world, such as when vulnerable routers were enrolled into a botnet, which was then used in a Russian espionage campaign. In a recent survey, 50% of IT leaders said they thought IoT was the weakest point of their security.
Now, the Connectivity Standards Alliance (CSA) has published the first version of its IoT Device Security Specification, which it hopes will create a single IoT cyber security standard and certification program.
That should give manufacturers an easy way to show that their devices comply with multiple international regulations and standards – and hopefully help consumers and businesses alike make better choices.
The CSA’s Product Security Working Group has consolidated the requirements from three sets of IoT cyber security regulations in the US, Singapore, and Europe into a single program so device makers can comply with international requirements. The alliance has already signed a mutual recognition arrangement with the Cyber Security Agency of Singapore.
The 32-page specification includes dozens of specific device security provisions.
Manufacturers must demonstrate compliance with those provisions by supplying evidence to an authorized test lab. If they pass, manufacturers will be able to use the ‘Product Security Verified’ badge on their packaging. a printed URL, hyperlink, or QR code on the badge gives consumers access to more information about the device’s…