Attention vendors, developers and consumers: You have a responsibility to help make the IoT secure
November 1, 2016
By George Japak, Managing Director, ICSA Labs

In light of the recent attacks that exploited Internet of Things (IoT) devices, it seems timely to reinforce the importance of IoT security.

The proliferation of IoT and what is anticipated makes privacy and security a critical consideration for device makers and more importantly for those enterprises and consumers looking to acquire them.  

The lack of security in many of the existing IoT devices already deployed creates untold challenges for those deploying the devices.  After all, with the increased inter-connectability afforded by the IoT comes significantly greater exposure to threats and, in some cases, new types of data being exposed.

While the Internet of Things is often viewed as the “wild west”, it is possible to test and secure it. To facilitate IoT security certification testing, frameworks must constantly be updated to account for rapid changes in this ever-evolving space.  

Successful testing frameworks must have broad applicability across device categories, and should address the foundational elements that a consumer or commercial IoT device maker or service provider should review during the development process and throughout the device or sensor’s lifecycle.

Third-party testing is driven through a process we equate to “Push – Pull” forces.   “Push” occurs when IoT developers and vendors voluntarily register for third-party testing because they feel obligated to mitigate risks to their own existing and potential customers. “Pull” exists where customer demand or other forces mandate participation in third-party security-focused certification testing.  

Both push and pull are powerful forces that IoT device makers must contend with as we all slowly move toward a more secure Internet of Things.   Failure on either the part of the IoT developer to do the right thing, or the customer to demand the right thing, is typically a precursor to public sector policy and government regulation, which few of us want.   In the case of securing the IoT, motivation to do what is best for the consumer should be a priority considering its enormous economic promise and its long-term positive impact on society. 


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.