K
Kathleen Martin
Guest
The regulatory landscape for IoT is evolving rapidly as governments seek to mitigate growing cyber risk and protect not only consumers but societies and economies at large. We are certainly moving in the right direction. Still, with a myriad of standards, regulations, and baseline requirements being introduced to mandate enhanced security across the IoT value chain, there is still some confusion across the ecosystem.
Stakeholders are working towards a more secure connected future. Still, the regulatory picture remains complex without a single source setting out recommendations and specifications that can be applied globally.
So, while we may have come a long way, the need to demystify and defragment the regulatory landscape in a common language and provide a common framework around IoT security is critical to unlocking its potential.
Current Laws and Regulations
On average, there are 5,200 attacks per month on IoT devices, with 7 million data records compromised daily. In 2019, governments started regulating the Internet of Things to mitigate growing cyber risk, especially network and device security. Since then, the IoT regulatory environment has matured at a considerable pace.
Today, the challenge lies in understanding which regulations apply and whether IoT regulatory compliance is enough to provide adequate security. With IoT regulatory requirements and standards changing vastly by geography, the complexities faced in designing, manufacturing, and implementing connected devices cannot be underestimated.
Worldwide, standards organizations guide best practices and ‘baseline’ or ‘core’ requirements for IoT security. In many parts of the world, governments are exploring a firmer, regulatory approach. For example, in California, a law requires manufacturers to implement ‘reasonable security features’ such as having unique passwords per device if they want to sell to consumers in that market. More recently, the US presidency introduced the Executive Order on Improving the Nation’s Cybersecurity to push IoT device companies and software providers to adopt security standards and labeling requirements.
In June 2020, the EU introduced a cybersecurity standard for consumer IoT (ETSI EN 303 645 V2.1.1) products. With intentions of driving better security practices and the adoption of security-by-design principles in new connected consumer product development, the standard consists of 13 provisions, including no universal default passwords.
Continue reading: https://www.iotforall.com/iot-security-standards-and-regulations-where-are-we-now
Stakeholders are working towards a more secure connected future. Still, the regulatory picture remains complex without a single source setting out recommendations and specifications that can be applied globally.
So, while we may have come a long way, the need to demystify and defragment the regulatory landscape in a common language and provide a common framework around IoT security is critical to unlocking its potential.
Current Laws and Regulations
On average, there are 5,200 attacks per month on IoT devices, with 7 million data records compromised daily. In 2019, governments started regulating the Internet of Things to mitigate growing cyber risk, especially network and device security. Since then, the IoT regulatory environment has matured at a considerable pace.
Today, the challenge lies in understanding which regulations apply and whether IoT regulatory compliance is enough to provide adequate security. With IoT regulatory requirements and standards changing vastly by geography, the complexities faced in designing, manufacturing, and implementing connected devices cannot be underestimated.
Worldwide, standards organizations guide best practices and ‘baseline’ or ‘core’ requirements for IoT security. In many parts of the world, governments are exploring a firmer, regulatory approach. For example, in California, a law requires manufacturers to implement ‘reasonable security features’ such as having unique passwords per device if they want to sell to consumers in that market. More recently, the US presidency introduced the Executive Order on Improving the Nation’s Cybersecurity to push IoT device companies and software providers to adopt security standards and labeling requirements.
In June 2020, the EU introduced a cybersecurity standard for consumer IoT (ETSI EN 303 645 V2.1.1) products. With intentions of driving better security practices and the adoption of security-by-design principles in new connected consumer product development, the standard consists of 13 provisions, including no universal default passwords.
Continue reading: https://www.iotforall.com/iot-security-standards-and-regulations-where-are-we-now