Google, Schlage, Assa Abloy, Keysight Technologies and a handful of other technology companies have signed a letter signaling their support for baseline consumer IoT cybersecurity standards.
In a joint statement following the Singapore International Cyber Week and ETSI Security Conference, the companies say progress was made on connected device security, including a set of proposed principles for consumer IoT security transparency.
Those principles include real-time security assurance, international evaluation schemes, a minimum-security baseline coupled with flexibility, transparency of security capabilities, and the need for adoption incentives.
While the statement or principles didn’t mention any specific initiative to apply a label to consumer IoT devices, it comes as the Federal Communications Commission is debating the Cyber Trust Mark, a proposal to affix a label that certifies baseline cybersecurity standards in consumer IoT devices. It would be the cybersecurity equivalent of the Energy Star label and is designed to help give consumers more information when making purchasing decisions.
In fact, Google is a key participant in the Cyber Trust Mark initiative, being one of more than 20 organizations who signed onto the proposal when it was announced by the White House in July 2023.
“To help consumers make an informed purchase decision they should receive clear, consistent, and actionable information about the security of the device (e.g. security support period, authentication support, cryptographic assurance) before purchase – a communication and transparency mechanism commonly referred to as “a label” or “labeling,” although the communication is not merely a printed sticker on physical product packaging,” the joint statement reads. “While an IoT label will not solve the problem of IoT security on its own, transparency can both help educate consumers and also facilitate the coordination of security responsibilities between all of the components in a connected device ecosystem.”
According to the statement, the companies want to strengthen the security of IoT devices and ecosystems through the implementation of cybersecurity standards to protect individuals and organizations while continuing to innovate and enhance the capabilities of IoT systems.
“Security labeling programs can support consumer purchase decisions that drive security improvements, but only if the label is credible, actionable, and easily understood,” the companies say in the statement. “We are hopeful that the public sector and industry can work together to drive harmonized policies that achieve this goal.”
Other organizations that signed the letter include ARM, HackerOne, NXP, OpenPolicy, Rapid7 and Silicon Labs.
In addition to Google, OpenPolicy and KeySight were also part of the Cyber Trust Mark announcement along with Amazon, Best Buy, Carnegie Mellon University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Infineon, the Information Technology Industry Council, IoXT, LG Electronics U.S.A., Logitech, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale and August U.S. Since its announcement, other industry organizations, like Crestron, have voiced their support for the initiative.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!