14 Nov Global Working Group Releases Principles, Best Practices to Secure the Internet of Things
WASHINGTON–(BUSINESS WIRE)–Self-driving cars, remote-controlled thermostats, medical treatments, smart TVs and virtual assistants. The Internet of Things (IoT), this vast array of devices connected to the worldwide web, is expanding rapidly. And while it presents incredible opportunities for development, productivity and health, the promise that comes with being so connected is not without peril.
The security of our Internet of Things devices and networks is fundamental to our health and safety. Without appropriate security, our IoT devices can leak information—our physical locations and behaviour, our sensitive personal data, access points to our homes, workplaces and families—into unsafe hands.
A stranger could hack into a video feed set up to monitor children or pets. An abuser could track a former partner’s location via a home alarm setting. A burglar could map a home layout through data from an automated vacuum. Ransomware attacks can shut down public services, utilities and companies, exposing even citizens and businesses that don’t use Internet-connected devices.
The Internet of Things Security Policy Platform is a global group working together to share best practices and reach global alignment on security measures that will protect us all.
On November 14, the Internet of Things Security Policy Platform released a statement to governments, manufacturers, citizens and organizations, calling on all to build strong security frameworks that meet three principles:
Ensure that security is incorporated in all stages of design, development and life-cycle of devices, including risk assessments, security testing and evaluation
Ensure personal and critical data is protected
Make it easy for users to delete their personal data
The statement includes a number of best practices for manufacturers and encourages government and regulators to build stronger safeguards. Examples of these vital procedures to enhance security include:
Implement a vulnerability disclosure policy
Make the minimum length of time for which a device will receive software security updates clear to consumers
Provide mechanisms to securely update software
Build devices with unique passwords or credentials
Protect the communication of security-sensitive data
Securely store credentials and security-sensitive data.
The IoT Security Policy Platform is a truly international effort, its members coming from government, industry, civil society and other diverse interests from around the world.
Rising to the challenge of IoT security takes cooperation across borders and across sectors. Now, more than ever, we need to work together to put security at the heart of innovation.
For more information about the IoT Security Policy Platform, please visit: https://www.internetsociety.org/iot/iot-security-policy-platform/
About the Internet Society
Founded by Internet pioneers, the Internet Society is a non-profit organization dedicated to ensuring the open development, evolution and use of the Internet. Working through a global community of chapters and members, the Internet Society collaborates with a broad range of groups to promote the technologies that keep the Internet safe and secure, and advocates for policies that enable universal access. The Internet Society is also the organizational home of the Internet Engineering Task Force (IETF).
Allesandra de Santillana