{"id":2756,"date":"2024-03-20T08:00:00","date_gmt":"2024-03-20T13:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/ics-ot-security\/connectivity-standards-alliance-meets-device-security-challenges-with-a-unified-standard-and-certification"},"modified":"2024-03-20T08:00:00","modified_gmt":"2024-03-20T13:00:00","slug":"connectivity-standards-alliance-meets-device-security-challenges-with-a-unified-standard-and-certification","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/20\/connectivity-standards-alliance-meets-device-security-challenges-with-a-unified-standard-and-certification\/","title":{"rendered":"Connectivity Standards Alliance Meets Device Security Challenges With a Unified Standard and Certification"},"content":{"rendered":"
<\/a><\/div>\n

COMMENTARY<\/span><\/span><\/p>\n

Since the discovery of the Mirai Botnet in 2016, governments, enterprises, and consumers have seen the impact of insecure Internet of Things (IoT) devices. <\/span><\/p>\n

It has become commonplace for numerous Internet-connected consumer devices, such as smart home security cameras and home routers, to be in use with unchanged default usernames and passwords, allowing attackers to take control and turn them into a network of “zombie” devices. Together, they create a botnet of compromised devices, used in large-scale network attacks, impacting the availability of many websites, Internet-driven services, and network availability. <\/span><\/p>\n

While it may seem like common sense to avoid using default usernames and passwords, many IoT devices do not have adequate security protection, even at the most basic level. Following Mirai, a remarkable amount of work has been performed by standards bodies, industry groups, and governments to ensure new IoT devices placed on the market have a baseline of security by design. <\/span><\/p>\n

Still, insecure IoT can also impact the individual consumer. It is not clear to consumers whether their devices are secure, have been protected, or will be protected. Certification, verification, standards, and regulation seek to make devices more secure and empower consumers to make informed purchasing decisions. <\/span><\/p>\n

In an effort to change that, on March 19, the Connectivity Standards Alliance Product Security Working Group (PSWG) released its Internet of Things Device Security Specification 1.0, as well as an accompanying certification program and Product Security Verified Mark for compliant products. <\/span><\/p>\n

The work aims to establish a unified IoT device security standard, alleviating the challenge for manufacturers to certify their devices and comply with international requirements, as well as inform consumers in regard to devices that meet this set of security requirements. The Cloud Security Alliance (CSA) has factored in the existing requirements from international standards, including the European Telecommunications Standards Institute (ETSI) and the National Institute of Standards and Technology (NIST), as well as current regulations, when creating the specification.<\/span><\/p>\n

Secure by Design Baseline<\/h2>\n

Security by design calls for device manufacturers to consider and implement security from the early stages of device design and manufacturing, instead of as an afterthought. Three key existing standards have defined the security baseline requirements: <\/span><\/p>\n

\n