Google Online Security Blog: Joint Industry statement of support for Consumer IoT Security Principles

By admin

Last week
DATE

at

Singapore International Cyber Week
EVENT

and

the ETSI Security Conferences
ORG

, the international community gathered together to discuss cybersecurity hot topics of

the day
DATE

. Amidst a number of important cybersecurity discussions, we want to highlight progress on connected device security demonstrated by joint industry principles for

IoT
CARDINAL

security transparency. The future of connected devices offers tremendous potential for innovation and quality of life improvements. Putting a spotlight on consumer

IoT
CARDINAL

security is a key aspect of achieving these benefits. Marketplace competition can be an important driver of security improvements, with consumers empowered and motivated to make informed purchasing decisions based on device security.

As with other

IoT
CARDINAL

security transparency initiatives globally, it’s great to see this topic being covered at both conferences

this week
DATE

. The below

IoT
CARDINAL

security labeling principles are aimed at helping to improve consumer awareness and to foster marketplace competition based on security.

To help consumers make an informed purchase decision they should receive clear, consistent, and actionable information about the security of the device (e.g. security support period, authentication support, cryptographic assurance) before purchase – a communication and transparency mechanism commonly referred to as “a label” or “labeling,” although the communication is not merely a printed sticker on physical product packaging. While an

IoT
CARDINAL

label will not solve the problem of

IoT
CARDINAL

security on its own, transparency can both help educate consumers and also facilitate the coordination of security responsibilities between all of the components in a connected device ecosystem.

Our goal is to strengthen the security of

IoT
CARDINAL

devices and ecosystems to protect individuals and organizations, and to unleash the full future benefit of IoT. Security labeling programs can support consumer purchase decisions that drive security improvements, but only if the label is credible, actionable, and easily understood. We are hopeful that the public sector and industry can work together to drive harmonized policies that achieve this goal.

Signed,


Google
PRODUCT

ARM


Assa Abloy

PERSON

Finite State

HackerOne

Keysight

NXP

OpenPolicy

Rapid7

Schlage


Silicon Labs
ORG