cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Secure Internet connected devices

Hi All

 

What do you think of this voluntary approach? 

 

https://thehill.com/policy/cybersecurity/544711-lawmakers-reintroduce-legislation-to-secure-internet...

 

Will it work or does it need more clout?

 

Regards

 

Caute_Cautim

 

 

3 Replies
mgorman
Contributor I

Re: Secure Internet connected devices

I think it is a good start, but they should include metrics on sales, etc. to understand how much impact it makes in the marketplace.  My guess is that it needs to be followed up by something with much more clout, but I could be wrong.  The big players may take it seriously enough (And CA having its own laws would make that easier anyway) to move a solid chunk of the market to a more secure default position.  Like herd immunity, that could cut down on the overall impacts.  Anything to move us forward at this point.

tmekelburg1
Contributor III

Re: Secure Internet connected devices


@Caute_cautim wrote:

 

What do you think of this voluntary approach? 

 


IF it's approved, I think it's a good staring point and a good way to see if the IoT manufacturers will voluntarily adopt the standards within the program. Eventually, I'd like to see this mandatory in industries categorized as critical infrastructure.

 


 

Will it work or does it need more clout?

 


I hope so. IF it's approved, as consumers we need to help this along by only buying IoT products with the Cyber Shield label or any other frameworks the IoT device adheres to. Leaving customer reviews along the lines of, "Your product looks great but unfortunately I couldn't buy it because it doesn't adhere to current IoT standards to keep me safe". As security professionals, we'll need to step up and be loud about this IF it gets approved.
 

Edit: Cyber Shield Bill   

thegsmith
Newcomer I

Re: Secure Internet connected devices

I think it's important to always offer voluntary approaches first. Self-policing can work and requires less regulatory overhead. This would be a good way to get IoT security onto the radar of tech companies by providing a badge. With a little marketing, that badge could be like the term "organic", driving a new level of improvement.

However, if the certification does not come with testing, there is no point.