IoT Standards: Many Guidelines
There's been much effort worldwide to ensure smart devices don't introduce security risks. ENISA in Europe released good security practices for IoT guidelines two years ago. Also in 2018, the U.K. released Code of Practice for Consumer IoT Security for manufacturers.
Meanwhile, the Australian government is refining a code of practice for IoT manufacturers that's intended to ensure devices have basic security features. A public consultation on the code concluded on March 1.
In the U.S., a new law, SB 327, took effect in January in California that mandates IoT devices must have reasonable security features. And, the Cyber Shield Act has been introduced in the U.S. Congress for the second time. That act would introduce benchmarks that connected devices have to meet to earn a "Cyber Shield" label.
But for the most part, IoT manufacturers today aren't bound by legislation or regulations, which also can be tricky to write given the changing nature of security requirements.
Australia's IoT Security Trust Mark program was inspired by work that Enex TestLab did for the U.K. government between 2007 and 2011, Tett says. The lab tested products that the U.K. government was evaluating for critical national infrastructure. Vendors that passed evaluations were to be given greater weighting in tenders.
The program proved "that you can have an independent, agnostic, vendor-sponsored certification program provided you have the right checks and balances in there," Tett says.
Know how to freelance jobs online?
The Trust Mark program will have an independent decision authority that decides whether products are approved, Tett says. The products will be evaluated by separate, independent testing facilities. In other countries, a host country IoT association can promote and market that evaluated products that have gone through the program, Tett says.
CommentairesAucun commentaire pour le moment
Suivre le flux RSS des commentaires
Ajouter un commentaire