This video is part of the TechXchange: Cybersecurity. You can also check out more TechXchange Talks videos.
The World Economic Council on the Connected World recently announced a joint statement of support on consumer IoT device security. It included a list of five security “must haves” as a minimum requirement for consumer-facing IoT devices:
- Must not have universal default passwords.
- Must keep software updated.
- Must have secure communication.
- Must ensure that personal data is secure.
- Must implement a vulnerability disclosure policy.
The first four are ones that most developers would take for granted, but whether it's part of a corporate policy is another matter. Getting companies to pay attention to security concerns tends to be an ongoing struggle. Still, pronouncements like this can help elevate those efforts. The ETSI standard 303-645, announced in 2020, also is part of the discussion.
I spoke with Haydn Povey, CEO of Secure Thingz, an IAR Systems company, about the announcement, what it means, and its impact (watch video above). IAR Systems and Secure Thingz issued a joint statement supporting the announcement.
Links