The Internet of Things Security Policy Platform defines baseline principles for security
Self-driving cars, remote-controlled thermostats, medical treatments, smart TVs and virtual assistants. The Internet of Things (IoT), this vast array of devices connected to the worldwide web, is expanding rapidly.
And while it presents incredible opportunities for development, productivity and health, the promise that comes with being so connected is not without peril.
The security of our Internet of Things devices and networks is fundamental to our health and safety. Without appropriate security, our IoT devices can leak information—our physical locations and behaviour, our sensitive personal data, access points to our homes, workplaces and families—into unsafe hands.
A stranger could hack into a video feed set up to monitor children or pets. An abuser could track a former partner’s location via a home alarm setting. A burglar could map a home layout through data from an automated vacuum.
Ransomware attacks can shut down public services, utilities and companies, exposing even citizens and businesses that don’t use Internet-connected devices.
The Internet of Things Security Policy Platform is a global group working together to share best practices and reach global alignment on security measures that will protect us all.
On November 14, the Internet of Things Security Policy Platform released a statement to governments, manufacturers, citizens and organizations, calling on all to build strong security frameworks that meet three principles:
- Ensure that security is incorporated in all stages of design, development and life-cycle of devices, including risk assessments, security testing and evaluation
- Ensure personal and critical data is protected
- Make it easy for users to delete their personal data
The statement includes a number of best practices for manufacturers and encourages government and regulators to build stronger safeguards. Examples of these vital procedures to enhance security include:
- Implement a vulnerability disclosure policy
- Make the minimum length of time for which a device will receive software security updates clear to consumers
- Provide mechanisms to securely update software
- Build devices with unique passwords or credentials
- Protect the communication of security-sensitive data
- Securely store credentials and security-sensitive data.
The IoT Security Policy Platform is a truly international effort, its members coming from government, industry, civil society and other diverse interests from around the world.
Rising to the challenge of IoT security takes cooperation across borders and across sectors. Now, more than ever, we need to work together to put security at the heart of innovation.