IoT Security Standards And Initiatives

Share and earn Cybytes
Facebook Twitter LinkedIn Email

It’s no secret that there are significant concerns with Internet of Things (IoT) security. The concerns stem in part from several high-profile incidents. Late last year, for example, attackers exploited a vulnerability in a brand of IoT cameras to launch a DDoS attack on the website of security expert Brian Krebs. The following month, the Mirai botnet arranged 100,000 IoT devices to launch an attack on DYN, the DNS provider. 

The industry has responded with numerous efforts and initiatives. Here’s a summary of some of those efforts.

Industry Initiatives Promote IoT Security in IoT Devices and Solutions

About a year ago, the Cloud Security Alliance released a 75-page report describing how manufacturers can develop secure IoT products. In January, Online Trust Alliance (OTA) updated its IoT Trust Framework to provide guidance on how to develop secure IoT devices and assess risk. 

The following month the GSM Association (GSMA) released its IoT Security Guidelines. The GSMA brings extensive experience guiding the development of security solutions from the mobile sector.The specification aims to do the same for IoT by promoting best practices around securing IoT services. The group also provides an IoT security assessment for IoT vendors to evaluate themselves.

Government Action Helps Enforce IoT Security

Also in January, the U.S Federal Trade Commission (FTC) filed a lawsuit against an IoT manufacturer for in part making “deceptive claims about security of its products.” The lawsuit’s effect is expected in part to encourage the development of better, more secure IoT devices.

While the lawsuit might be the proverbial stick, the FTC also has its carrot. The IoT Home Inspector Challenge, for example, was a competition arranged by the FTC to encourage the development of technology tools to help protect consumers against the risks posed by out-of-date IoT software. (The winner of the challenge was a mobile utility for users with limited technical expertise to scan and identify home Wi-Fi and Bluetooth devices with out-of-date software and other common vulnerabilities. The software then provided instructions on how to update each device’s software and fix other vulnerabilities.)

The Department of Commerce’s Internet Policy Task Force, under the auspices of the National Telecommunications Information Administration, is reviewing “the benefits, challenges, and potential roles” for the government in advancing IoT. The group is working with various stakeholders to increase consumer awareness around the importance of security upgrades for IoT devices.

The British government issued guidelines for securing Internet-connected vehicles. According to Reuters, the government’s aim is to ensure that engineers seek to design out cyber security threats as they develop new vehicles. The new guidelines also include making the systems able to withstand receiving corrupt, invalid or malicious data or commands, and allowing users to delete personally identifiable data held on a vehicle’s systems, notes the report.

The Internet of Things Cybersecurity Act of 2017 introduced in August, represents an effort to establish industry-standard protocols and require IoT manufacturers to disclose and update vulnerabilities. The act looks to leverage the government’s buying power to drive change by requiring compliance by IoT devices purchased by the US government, notes Brian Krebs.

The General Data Protection Regulation (GDPR) has a number of requirements relating to the use of IoT within the EU. The regulation will take effect in May 25th, 2018.

Think we’ve missed some? Let us know. We’ll be growing this list regularly.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Cato Networks
Cato Networks is rethinking network security from the ground up and into the Cloud. Cato has developed a revolutionary new Network Security as a Service (NSaaS) platform that is changing the way network security is delivered, managed, and evolved for the distributed, Cloud-centric, and mobile-first enterprise. Based in Tel Aviv, Israel, Cato Networks was founded in 2015 by cybersecurity luminary Shlomo Kramer, who previously co-founded Check Point Software Technologies and Imperva, and Gur Shatz, who previously co-founded Incapsula.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?