https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44368#M5360 <P>I think it is a good start, but they should include metrics on sales, etc. to understand how much impact it makes in the marketplace.&nbsp; My guess is that it needs to be followed up by something with much more clout, but I could be wrong.&nbsp; The big players may take it seriously enough (And CA having its own laws would make that easier anyway) to move a solid chunk of the market to a more secure default position.&nbsp; Like herd immunity, that could cut down on the overall impacts.&nbsp; Anything to move us forward at this point.</P> Tue, 30 Mar 2021 11:11:24 GMT mgorman 2021-03-30T11:11:24Z https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44362#M5359 <P>Hi All</P><P>&nbsp;</P><P>What do you think of this voluntary approach?&nbsp;</P><P>&nbsp;</P><P><A href="https://thehill.com/policy/cybersecurity/544711-lawmakers-reintroduce-legislation-to-secure-internet-connected-devices" target="_blank">https://thehill.com/policy/cybersecurity/544711-lawmakers-reintroduce-legislation-to-secure-internet-connected-devices</A></P><P>&nbsp;</P><P>Will it work or does it need more clout?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 09 Oct 2023 09:50:30 GMT https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44362#M5359 Caute_cautim 2023-10-09T09:50:30Z https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44368#M5360 <P>I think it is a good start, but they should include metrics on sales, etc. to understand how much impact it makes in the marketplace.&nbsp; My guess is that it needs to be followed up by something with much more clout, but I could be wrong.&nbsp; The big players may take it seriously enough (And CA having its own laws would make that easier anyway) to move a solid chunk of the market to a more secure default position.&nbsp; Like herd immunity, that could cut down on the overall impacts.&nbsp; Anything to move us forward at this point.</P> Tue, 30 Mar 2021 11:11:24 GMT https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44368#M5360 mgorman 2021-03-30T11:11:24Z https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44371#M5361 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>&nbsp;wrote:<P>&nbsp;</P><P>What do you think of this voluntary approach?&nbsp;</P><P>&nbsp;</P><HR /></BLOCKQUOTE><P><STRONG>IF</STRONG>&nbsp;it's approved, I think it's a good staring point and a good way to see if the IoT manufacturers will voluntarily adopt the standards within the program. Eventually, I'd like to see this mandatory in industries categorized as critical infrastructure.</P><P>&nbsp;</P><BLOCKQUOTE><HR /><P>&nbsp;</P><P>Will it work or does it need more clout?</P><P>&nbsp;</P><HR /></BLOCKQUOTE><P>I hope so. <STRONG>IF</STRONG> it's approved, as consumers we need to help this along by only buying IoT products with the Cyber Shield label or any other frameworks the IoT device adheres to. Leaving customer reviews along the lines of, "Your product looks great but unfortunately I couldn't buy it because it doesn't adhere to current IoT standards to keep me safe". As security professionals, we'll need to step up and be loud about this&nbsp;<STRONG>IF</STRONG> it gets approved.<BR />&nbsp;</P><P>Edit:&nbsp;<A href="https://www.markey.senate.gov/imo/media/doc/(3.24.21)%20Bill%20--%20Cyber%20Shield%20Act%203-17-21.pdf" target="_blank" rel="noopener">Cyber Shield Bill</A>&nbsp; &nbsp;</P> Tue, 30 Mar 2021 18:50:14 GMT https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44371#M5361 tmekelburg1 2021-03-30T18:50:14Z https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44374#M5362 I think it's important to always offer voluntary approaches first. Self-policing can work and requires less regulatory overhead. This would be a good way to get IoT security onto the radar of tech companies by providing a badge. With a little marketing, that badge could be like the term "organic", driving a new level of improvement.<BR /><BR />However, if the certification does not come with testing, there is no point. Tue, 30 Mar 2021 17:49:11 GMT https://community.isc2.org/t5/Industry-News/Secure-Internet-connected-devices/m-p/44374#M5362 thegsmith 2021-03-30T17:49:11Z