With the adoption of IoT devices on the rise, organizations are under increasing pressure to develop new strategies for securing IoT and smart devices that sit at the network's edge. At the same time, manufacturers are under increasing pressure to minimize device vulnerabilities. In an attempt to enhance the security of IoT devices, today, Google released five core principles for IoT security labeling. The principles state the following:
The principles will help to guide manufacturers on how to better protect and label IoT devices, so consumers and enterprises alike can use them with less exposure to threat actors.
Protecting IoT devices at the network’s edge
The announcement comes hot on the heels of the White House's plan to launch a consumer labeling program for IoT devices in Spring 2023 to increase consumer confidence in these solutions while incentivizing manufacturers to meet higher cybersecurity standards. It also comes as the overall security of IoT devices remains weak, with a report from Vedere Labs and JSOF Research discovering a set of nine vulnerabilities that impact four TCP/IP stacks which are used in more than 100 million IoT, OT and IT devices.
These vulnerabilities provide cybercriminals with the ability to conduct denial-of-service (DoS) attacks to disrupt network services and use remote code execution (RCE) to gain control over compromise devices.
Entities like Google and the White House are looking at labeling a step toward hardening IoT devices against threat actors.
“Our goal is to increase transparency against the full baseline of security criteria for the IoT over time. This will help drive 'competition' in security and push manufacturers to offer products with more robust security protections,” Dave Kleidermacher, VP of Android security and privacy at Google, and Eugene Liderman, director of mobile security strategy at Google, co-wrote in a blog post.
They added that, “As labeling efforts gain steam, we are hopeful that [the] public sector and industry can work together to drive global harmonization to prevent fragmentation, and we hope to provide our expertise and act as a valued partner to governments as they develop policies to help their countries stay ahead of the latest threats in IoT.”