Who Sets Security Standards for the IoT?

As manufacturers across the planet are rushing to ensure that all upcoming products have their Internet of Things (IoT) label while standards are yet to emerge, it is the right time to question the security associated with this paradigm shift of “everything is connected to the Cloud” trend. The question is not new : check this article by Alan Grau in January 2015 “How to build a Safer Internet of Things”. Originally printed under the title “Can you trust your fridge?”, it gives an overview of concerns by cyber-security specialists. One year down the line,  it is at the heart of discussions and strategies by all the major players and standardization organizations.

IoT cyber security

Among them IEEE is actively working on setting standards for the IoT through the P2413 Working Group initiative, of which Schneider Electric is part of. It is also at the forefront of the reflection on security aspects of this new digital revolution. Specialists have recently been involved in brainstorming sessions regarding these security challenges. A major trend emerging from those discussions is the idea of a cyber equivalent to Underwriters’ Laboratories (UL) that are currently in charge of testing physical security compliance of products. Tekla S. Perry, a long time senior editor at IEEE, attended this event and wrote a very interesting piece on this topic.

Although the outcome does not materialize into a defined standard yet, it looks like a consensus exists around the idea of independent cyber-security certification organizations that will provide peace of mind to the end-users but also limitations of risks and liabilities for the manufacturers, and possibly a post-disaster analysis process and organization as a way of perpetually improve the standards and best practices, by analyzing root causes of issues.

Are you aware of other initiatives in this regard ? Do you believe the market forces –and the governments- will allow for the emergence of independent security certification organizations for the IoT ? If not, is there a risk on the adoption of those new technologies by security-wary end-users? It is the right time to raise your opinion and shape our digital future.

Tags: , , , ,