SecurityWorldHotel

04/01/2017

New compliance framework for securing IoT devices

London, UK

The Internet of Things Security Foundation (IoTSF) recently announced the publication of its IoT Security Compliance Framework at its annual conference in London.

The framework is part of IoTSF’s mission to drive the quality and pervasiveness of security in IoT. IoTSF is promoting the Supply Chain of Trust concept which encourages producers to adopt a duty of care for their own customers and towards the wider eco-system. This is necessary because poorly secured connected products may provide a vulnerability point to attack the system elsewhere such as in a denial of service attack.

The framework provides a comprehensive and practical checklist to guide organisations through a security assuring process. It offers a methodical approach to determining an organisation’s unique security posture for both business processes and technical requirements.

The framework is intended to be used by key staff such as senior management, technical, manufacturing and logistics from producer companies, yet it could also be used by purchasers to assess suppliers.

The framework is designed to be generally applicable and extendable with release 1.0 targeted at the consumer product category. Follow-on releases are expected to further add requirements from additional application domains.

John Moor, Managing Director of IoTSF commented “From the early days of the Foundation it was clear that a great deal of remedial work was necessary to help companies that are new to connected products accelerate their understanding of security and provision appropriate measures into their products and business processes. We therefore mandated a working group to look at a self-certification process that was flexible, comprehensive and fit for purpose over the longer term. After an intense period of working, we are delighted to publish the very first release of that work”.

Pamela Gupta, President of Outsecure Inc., and chair of the self-certification working group said “IoT is very broad and its security is not only context dependent, it is also evolving on a daily basis. Given the immediate requirement and future objectives of the self-certification scheme, we concluded that we needed to establish a risk based framework which could then be built upon and updated to address emerging risks and requirements. We decided to target a baseline framework release and issue updates that could track the evolution of applications and threats. We’ve met the time table for Release 1.0 and now invite industry to start using it and give us feedback in the spirit of continuous improvement for future releases”.

John Haine, Chairman of IoTSF said, “I’d like to commend all the contributors to the framework, especially the participants of the working group, for working hard to achieve the brief we gave them and in a timely manner. Poorly secured IoT devices are low hanging fruit for hackers and offer a wide range of attack types such as denial of service and extortion through malware. This is just the beginning and given what is at stake for citizens and society it is not surprising that more voices are calling for regulation, which now seems inevitable. The compliance framework is a well-designed and practical approach that companies can adopt to take care of matters right now and position themselves for future eventualities. We therefore strongly encourage industry to start using the framework with immediate effect and engage with us to help ensure it remains future-proof and fit for purpose”.


Tags

Product News

Dahua Nvidia partnership offers Deep Sense smart video server

The “Deep Insight, Deep Cooperation” – Dahua Smart GPU Product Release Conference was held in Hangzhou in March. Together with Nvidia, a world-leading Artificial Intelligence (AI) computing company, Dahua released the Deep Sense server for smart video structure analysis, designed with extremely high computing capability. Mr. Yang Yinchang, General Manager of Dahua R&D Center, Dr. Pan Shizhu, President of Dahua Institute of Advanced Technology, as well as Mr. Shen Wei, VP of Nvidia participated in the new product release conference.

Business News

The key to successful safe cities is a collaborative approach

For the first time in history, more people around the world live in cities than in rural areas. By 2030, over 60 percent of the world’s population will be living in cities. While this global migration to urban areas improves the living standards, health and financial prosperity of these citizens, it brings challenges to a city’s infrastructure, resources, security procedures and emergency response systems. Meeting these challenges is critical to the success of cities in the decades that follow, and IHS Markit analysts have produced a market insight report exploring the potential benefits of the Safe City concept.

Business News

Multi-factor authentication market strengthens with growing cyber threats

According to the latest market research report from Marketsandmarket the multifactor authentication market  is expected to grow at a CAGR of 15.52% to reach USD 12.51 Billion by 2022. Factors such as an increase in data breaches and cyber attacks, stringent regulations and the growing pressure of data security compliances, and the growing adoption of BYOD concept among enterprises are driving the growth of the multifactor authentication market.

Business News

Cyber security focus for Israel's first Secure-By-Design Government facility

Cyberbit, the wholly owned subsidiary of Elbit Systems, whose cyber security solutions protect some of the world’s most sensitive systems, has been selected by the Arison Group – Solel Boneh Infrastructure, one of Israel's most prominent construction and infrastructure companies, to provide its cyber security product suite for the new Ram Compound, an ultra-secure facility under construction in the Israeli capital. The Ram Compound will serve as headquarters for sensitive government ministries and will integrate physical and cyber security to achieve unprecedented resilience.

Product Suppliers
Back to top