Towards support for IoT security provisions in consumer devices
15 February 2022
While governments and industries are increasingly pursuing measures to improve the security of connected consumer devices, if global efforts remain fragmented or lack coordination with the private sector and other stakeholders, cybersecurity initiatives and their implementation will remain uneven at best.
Over 6 months, experts reflecting the interests of security researchers, technology providers, and the consumers – agreed on five security “must haves” as a minimum requirement for consumer-facing IoT devices, which reflect a growing international consensus and are key provisions of the ETSI standard 303-645, as well as many other international standards.
5 security must haves
This resulted in a Statement of Support that calls on device manufacturers and vendors to take immediate action with these security must-haves:
1. Must not have universal default passwords
2. Must keep software updated
3. Must have secure communication
4. Must ensure that personal data is secure
5. Must implement a vulnerability disclosure policy
To have your organization endorse the statement or for more information on how to get involved, please contact: [email protected]