The ease with which internet of things devices can be compromised, coupled with the potentially extreme consequences of breaches, have prompted action from legislatures and regulators, but what group is best to decide? Both the makers of IoT devices and governments are aware of the security issues, but so far they haven't come up with standardized ways to address them. "The challenge of this market is that it's moving so fast that no regulation is going to be able to keep pace with the devices that are being connected," said Forrester vice president and research director Merritt Maxim. "Regulations that are definitive are easy to enforce and helpful, but they'll quickly become outdated." The latest such effort by a governmental body is a proposed regulation in the U.K. that would impose three major mandates on IoT device manufacturers that would address key security concerns: This proposal is patterned after a California law that took effect last month.
He called it "Security DIY". Not do-it-yourself, but Deliberate, Ignorant, and Yet to be discovered. Deliberate threats, such as back doors and remote data transmission, you fix with code reviews. Ignorant threats, such as poor security configurations or bad design choices, you find through penetration testing. And the Yet to be discovered threats?
The Obama White House has had to reckon with cybersecurity like no other presidential administration in history, from China's 2009 hack of Google, to the Office of Personnel Management breach, to the rise of botnets built from dangerously insecure "internet-of-things" devices. Now, in the waning days of Obama's presidency, his team has a new plan to shore up America's protections from digital threats. Whether any of it happens, though, is up to Donald Trump. Late Friday afternoon last week, the White House's Commission on Enhancing National Cybersecurity released the results of a nine-month study of America's cybersecurity problems. Its recommendations, in a hundred-page report, cover a lot of ground.
Smart TVs and other internet-connected household devices will be made to carry labels setting out how secure they are, under proposals being put forward by the government. Ministers want the labels introduced on a voluntary basis at first, but propose that they are eventually made mandatory. The labels would help consumers identify which products are more and which are less secure. Under the plans, announced by the digital minister Margot James on Wednesday, retailers would only be able to sell products that carried the label, which would indicate to consumers whether the device conforms to the principal three security standards set out by the government in a longer code of practice in February. The move is designed to tackle the problems posed by insecure connected household devices, such as TVs, thermostats and doorbells and locks, which can be hijacked by malicious actors.