By next year, five Internet of Things (IoT) devices are projected to be in use for every person on the planet.
IoT devices offer endless opportunities to improve productivity, economic growth, and quality of life. Think smart cities, self-driving cars, and the ways connected medical devices can monitor our health. The potential growth of IoT is virtually infinite.
But with opportunity comes a significant amount of risk. As much as we’d like to trust manufacturers to make sure burglars can’t watch our homes through data from an automated vacuum, many new devices lack even basic security features. And thousands of new devices are coming online each year without commitment to basic measures such as using unique passwords, encrypting our data, or updating software to address vulnerabilities.
To help people and businesses around the world prepare, a dedicated group is rising to the challenge of securing the Internet of Things though cooperation across borders and sectors.
They are government agencies, non-governmental organizations, and other organizations and experts working on IoT security joined together to form the IoT Security Policy Platform. We are proud to say the Internet Society is amongst them too. Together we’ve been discussing and sharing best practices and gaps that need to be addressed. In the process, we’ve realized that all of our frameworks hold a set of principles for global IoT security in common.
The Platform already has a solid foundation for success. Its members have produced their own frameworks for IoT security or are in the process of producing one. Many, such as in Canada, France, Senegal, and Uruguay, were created through multistakeholder processes in partnership with the Internet Society and others. But with so many frameworks come the very real and daunting challenge of fragmentation of policies at a global level – between countries, between industries, and between consumer and industrial IoT.
Hence the need for a coordinated, collaborative effort towards improving IoT security for everyone.
Using existing guidelines to identify common themes, goals, and opportunities for alignment, on November 14th 2019 the Platform released a vision that lays out an agenda to raise the bar for IoT security practices.
Among the existing regional and national frameworks, it highlighted shared recommendations including:
- Ensure that security is incorporated in all stages of the design, development, and life-cycle, including risk assessments, security testing, and evaluation;
- Ensure that personal and critical data is protected; and
- Make it easy for users to delete personal data.
Platform members also identified practical steps to put these principles in action. For example, manufacturers should:
- Implement a vulnerability disclosure policy;
- Make it clear to consumers what the minimum length of time for which a device will receive software security updates;
- Provide mechanisms to securely update software;
- Build devices with unique passwords or credentials;
- Protect the communication of security-sensitive data (such as via encrypted data streams); and
- Securely store credentials and security-sensitive data.
When it comes to securing people and information online, everyone can bring something to the table.
That’s why the IoT Security Policy Platform believes it is critical to continue collaborating and recruiting new partners to further develop these frameworks to keep pace with the rapid evolution and growth of the IoT ecosystem.
Want to find out how to join?
Read more about the IoT Security Policy Platform here.