Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

10/20/2020
03:15 PM
Loren Browman
Loren Browman
Ask the Experts
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Do Standards Exist That Certify Secure IoT Systems?

The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.

Question: Do standards or labels exist that certify secure Internet of Things (IoT) systems?

Loren Browman, senior security consultant, Optiv: No federally approved testing body currently exists to certify IoT device security in the way we have come to expect UL testing to certify products for safety issues.

The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products. While these products may be cool and innovative, many are produced without a security budget and are not held to any IoT-specific security standards. We have certainly seen IoT security awareness campaigns from organizations such as NIST and well-laid-out guidelines from associations such as the GSMA and now ISO, but guidelines and recommendations are not the same as certifications or regulated standards.

Product security is an increasingly important topic as the number of devices continues to grow rapidly and we become more reliant on these products and systems to provide access and control over sensitive infrastructure.

When investing in any connected device at an industrial or consumer level, the following can be signs that the manufacturer values security and has implemented best practices throughout the development of its products:

  • They engage in third-party product penetration tests.
  • They leverage existing Platform as a Service (PaaS) IoT solutions from reputable companies, such as Microsoft Azure and Amazon Web Services, which have detailed documentation and extensive security mechanisms.
  • They use secure hardware platforms with no known vulnerabilities.
  • They use updatable firmware in the event a security issue is discovered and needs to be patched.
  • They have transparent security policies and a straight-forward disclosure process.

 

Loren Browman is a senior security consultant at Optiv. Browman has a demonstrated history of working in the computer and network security industry. He is skilled in device security, reverse engineering, vulnerability assessment, test harness fabrication, and printed circuit ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
   OVER THE EDGE
A Swift Reminder About Cybersecurity

Source: The Security Awareness Company

What security-related videos have made you laugh? Let us know! Add them to the Comments section or email us at [email protected].

Name That Toon: Masks and Manners
Flash Poll