Categories
Building Trust Internet of Things (IoT)

Rural Development Special Interest Group Organizes Internet Connectivity Tag 2019

In November, the Internet Society Rural Development Special Interest Group (RD SIG) organized an event called the Internet Connectivity Tag 2019 in Bangalore, India to deliberate on emerging technologies for the Internet of Things (IoT) and security, and what this means for rural development in India.

RD SIG invited a number of distinguished speakers to the event, many of whom are Chapter members. Adarsh B.U., for instance, is the president of RD SIG, a member of the Bangalore Chapter, and the program chair of the Hyderabad Chapter, which is currently being established. B.U. has been recognized as one of the top eight IoT thought leaders for his contribution towards the advancement of IoT in India. At the event, he organized an interactive, hands-on session with Contiki OS and Cooja Simulator.

Leading up to the event, RD SIG issued a call for fellowship applications from which over 300 expressions of interest were received. Out of the applicants, seven fellows from different parts of India were selected to participate in the event.

Highlights from the event included a presentation by Abhijan Bhattacharyya on IPv6 in the context of 5G for digital convergence. In his talk, he looked at the promise of 5G in fueling a convergence of applications and the essential role of IPv6 in supporting the core network for this convergence. Towards the latter part of the event, Bhattacharyya demonstrated the use of SimuLte for 5G simulation.

Adding more depth to the conversation on 5G and IPv6 was Nicolas Fiumarelli, who presented remotely from Uruguay. He focused on current and future applications of the technologies and shared some of the activities undertaken by the Internet Governance Forum Youth Ambassadors in his country.

The other remote speaker was Mohit Sethi from Finland. He spoke on the topic of wireless LAN security. He examined two new features: WiFi Enhanced Open for verifying open systems and Simultaneous Authentication of Equals for insurance against word reference assaults in home systems. He clarified the deficiencies and security vulnerabilities of WPA3, and gave a few thoughts on security in an enterprise wireless network with IEEE 802.1x and Extensible Authentication Protocol.

Sanjay Adiwal gave an informative talk on the Domain Name System and its security, while Prasant Misra delivered a fascinating presentation on the real-time analysis of traffic flow and how this has helped traffic authorities make better decisions and policies.

Oh behalf of RD SIG, we would like to take this opportunity to express our gratitude to all the participants, speakers, and sponsors for making this event a success and allowing us to reach out to multiple communities. The event was supported by IEEE Ramaiah Students Branch, IEEE Bangalore Section, Ramaiah Institute of Technology, and Moradabad Institute of Technology.

If you’re interested in knowing more about the Rural Development Special Interest Group, drop us an email at info@ruralisocsig.org!

Categories
Building Trust Internet of Things (IoT)

IoT Security Policy Platform Wants to Raise the Bar On Global IoT Security

By next year, five Internet of Things (IoT) devices are projected to be in use for every person on the planet.

IoT devices offer endless opportunities to improve productivity, economic growth, and quality of life. Think smart cities, self-driving cars, and the ways connected medical devices can monitor our health. The potential growth of IoT is virtually infinite.

But with opportunity comes a significant amount of risk. As much as we’d like to trust manufacturers to make sure burglars can’t watch our homes through data from an automated vacuum, many new devices lack even basic security features. And thousands of new devices are coming online each year without commitment to basic measures such as using unique passwords, encrypting our data, or updating software to address vulnerabilities.

To help people and businesses around the world prepare, a dedicated group is rising to the challenge of securing the Internet of Things though cooperation across borders and sectors.

They are government agencies, non-governmental organizations, and other organizations and experts working on IoT security joined together to form the IoT Security Policy Platform. We are proud to say the Internet Society is amongst them too. Together we’ve been discussing and sharing best practices and gaps that need to be addressed. In the process, we’ve realized that all of our frameworks hold a set of principles for global IoT security in common.

The Platform already has a solid foundation for success. Its members have produced their own frameworks for IoT security or are in the process of producing one. Many, such as in Canada, France, Senegal, and Uruguay, were created through multistakeholder processes in partnership with the Internet Society and others. But with so many frameworks come the very real and daunting challenge of fragmentation of policies at a global level – between countries, between industries, and between consumer and industrial IoT.

Hence the need for a coordinated, collaborative effort towards improving IoT security for everyone.

Using existing guidelines to identify common themes, goals, and opportunities for alignment, on November 14th 2019 the Platform released a vision that lays out an agenda to raise the bar for IoT security practices.

Among the existing regional and national frameworks, it highlighted shared recommendations including:

  1. Ensure that security is incorporated in all stages of the design, development, and life-cycle, including risk assessments, security testing, and evaluation;
  2. Ensure that personal and critical data is protected; and
  3. Make it easy for users to delete personal data.

Platform members also identified practical steps to put these principles in action. For example, manufacturers should:

  • Implement a vulnerability disclosure policy;
  • Make it clear to consumers what the minimum length of time for which a device will receive software security updates;
  • Provide mechanisms to securely update software;
  • Build devices with unique passwords or credentials;
  • Protect the communication of security-sensitive data (such as via encrypted data streams); and
  • Securely store credentials and security-sensitive data.

When it comes to securing people and information online, everyone can bring something to the table.

That’s why the IoT Security Policy Platform believes it is critical to continue collaborating and recruiting new partners to further develop these frameworks to keep pace with the rapid evolution and growth of the IoT ecosystem.

Want to find out how to join?

Read more about the IoT Security Policy Platform here.

Categories
Building Trust Encryption Improving Technical Security Internet of Things (IoT) Mutually Agreed Norms for Routing Security (MANRS) Privacy Security

Celebrating National Cybersecurity Awareness Month

Every October, we mark National Cybersecurity Awareness Month. From the U.S. Department of Homeland Security website, “Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.”

We believe in an Internet that is open, globally connected, secure, and trustworthy. Our work includes improving the security posture of producers of Internet of Things (IoT) devices, ensuring encryption is available for everyone and is deployed as the default, working on time security, routing security through the MANRS initiative, and fostering collaborative security.

The Online Trust Alliance’s IoT Trust Framework identifies the core requirements manufacturers, service providers, distributors/purchasers, and policymakers need to understand, assess, and embrace for effective security and privacy as part of the Internet of Things. Also check out our Get IoT Smart pages for get more consumer-friendly advice on IoT devices.

Much of OTA’s work culminates in the Online Trust Audit & Honor Roll, which recognizes excellence in online consumer protection, data security, and responsible privacy practices. Since that report’s release in April 2019, we’ve done a couple of “deep dives” into specific sectors, including Healthcare and Banks, with more sectors on the way. We’ve also done a deep dive specifically into privacy statements, finding that most organizations do not comply with existing global privacy regulations and are not ready for additional regulations going into effect in 2020.

In addition, our Cyber Incident & Breach Trends Report analyzes events to extract key learnings and provide guidance to help organizations of all sizes raise the bar on trust through enhanced data protection and increased defense against evolving threats.

Check out our Best Practices to learn more, and make October the month you work to improve your organization’s overall cybersecurity stance!

Categories
Building Trust Internet of Things (IoT) Privacy

IoT Privacy for Policymakers: Solutions Need Informed Discussion

The consumer Internet of Things market is growing exponentially – one prediction suggests that people will be using 25 billion connected devices by 2021. These new products promise innovation and convenience, but they can also erode privacy boundaries and expose consumers to risk without their knowledge or consent. Is that a good bargain?

The policy brief “IoT Privacy for Policymakers” explores this question and more.

Do consumers have enough information and choice to make meaningful decisions? Do vendors and service providers have the opportunity and incentive to bring privacy-enhancing innovations to the market? Can the downsides of IoT be mitigated through policy actions – and if so, how?

IoT Privacy for Policymakers” explains the scope and nature of IoT privacy and the issues it raises. As ever, those issues are multi-party. They cross the boundaries of jurisdictions and sectoral regulations. There are no single-stakeholder solutions, so a multistakeholder approach is needed. Solutions need informed discussion that includes consumer rights, economic incentives, technical options, and regulatory measures. This paper is a positive step in that direction.

The policy brief also includes a “how to” on implementing Privacy by Design and four Guiding Principles and Recommendations:

  • Enhance User Control
  • Improve Transparency and Notification
  • Keep Pace with Technology
  • Strengthen the Multi-stakeholder Approach to IoT Privacy

Read “IoT Privacy for Policymakers” and find out how you can take steps to help safeguard privacy and trust in IoT.

Categories
Building Trust Internet of Things (IoT) Privacy Security

Accessible, Clear, and Appropriate: An Open Letter to Amazon on Privacy Policies

With great power comes great responsibility.

Online marketplaces, such as Amazon, are becoming increasingly common. But can consumers count on these marketplaces to help safeguard their privacy? On Monday, coinciding with Amazon Prime Day, the Internet Society partnered with Mozilla and other organizations to publish An Open Letter to Amazon about Privacy.

We call for Amazon to require vendors of connected devices to have “a privacy policy that is easily accessible, written in language that is easily understood, and appropriate for the person using the device or service.”

This is one of the five minimum guidelines we called for in a joint statement with Mozilla and Consumers International during the 2018 holiday buying season: “Minimum Standards for Tackling IoT Security.” The other guidelines cover strong passwords, software upgradability, ability to manage reported vulnerabilities, and encryption of data. However, these five guidelines are just baseline recommendations. A full set of principles addressing security, privacy, and lifecycle issues is outlined in our IoT Trust Framework.

We urge everyone involved in the production and sales of connected products to step up and help protect their customers by ensuring that trust by design – making privacy and security the default – becomes a common practice. An Open Letter to Amazon about Privacy starts with the premise that it’s essential for vendors to have a public privacy policy. As security and privacy levels rise, so will consumer confidence. Which means we all benefit.

Categories
Building Trust Internet of Things (IoT) Privacy Security

The Internet of Things: Connecting the Dots to Become a Smart Consumer

According to a recent survey conducted by Consumers International and the Internet Society, 63% of consumers think the way Internet-connected devices collect data is “creepy.” The Trust Opportunity: Exploring Consumer Attitudes to the Internet of Things, which polled people in the US, Canada, Japan, Australia, France, and the UK, also found that 73% of consumers think people using connected devices should worry about eavesdropping. And yet, new connected devices are being introduced practically every day, and sales show no sign of slowing down.

The word “smart” is used to describe almost all of these devices. But is that right?

The marketing around the Internet of Things (IoT) has become almost non-stop. Smart-this will make your life better, happier, more efficient. If only you had smart-that, you would reap the benefits of the marvelous technological age in which we live. But this often leaves out key information consumers need to make real smart choices.

It’s really about connectivity. For instance, that smart oven is a computer that happens to get hot in the middle. These IoT devices are able to perform smart functions because they are connected to the Internet. And while the marketing focuses on features and functionality, it often glosses over privacy and security implications.

Just like any computing device, privacy and security are major concerns – and they’re never solved. They’re ongoing processes that involve continuous updates to fix bugs and security vulnerabilities.

As these devices are proliferating, they’re collecting data from and about us. They may collect a great deal of data, in many cases far beyond what users would expect based on their functions. This is not an accident. This data can help formulate a very comprehensive picture of our lives – our habits, preferences, health issues, location and travel patterns, and much more. This aggregate picture can be used for purposes we often don’t know about, much less approve of. This data collection can extend past the owners of these devices – to anyone who enters a home or business where they’re in use. Is that smart home assistant listening to and recording everything we say, in the guise of listening for the “trigger word”?

Which is why it’d be more accurate to describe these products as connected.

Given the risks, we have to be careful consumers. This means doing our homework and researching products and services – even asking questions of our friends when we enter their homes.

In reality, these are connected devices and should be treated that way. Smart? Maybe not. But we can be!

Ready to get IoT smart? Read Top Tips for Consumers: Internet of Things Security and Privacy.

Categories
Building Trust Internet of Things (IoT)

Uruguay Joins Others Taking Action to Strengthen IoT Security

The use of Internet of Things devices has substantially increased in recent years and the trends indicate that the number will continue to grow significantly. In this environment of rapid technological adoption, the inclusive and collaborative approach is essential to face the challenges and take advantage of the opportunities that arise.

Specifically, to overcome the privacy and security challenges associated with the growing number of Internet of Things (IoT) devices and systems, the Internet Society signed an agreement with the Agency of Electronic Government and the Information and Knowledge Society of Uruguay (Agesic). The agreement will encourage us to strengthen our collaborative ties to develop a multistakeholder process that will seek to issue recommendations on IoT security in the country.

The recommendations issued will be useful to guide the processes of development of national and regulatory policies in Uruguay. In addition, the agreement focuses on two broad areas: the exchange of information and the development of training materials on consumer protection and network resilience.

This is undoubtedly great news for the region, since Uruguay joins a group of countries that have opted for the multistakeholder processes to strengthen the security of IoT devices. The most recent example is Canada, whose process published its final recommendations a few weeks ago. In addition, there are similar efforts in France and Senegal.

The process, which will end later this year, will adhere to the principles of the multistakeholder model, such as the inclusion of diverse actors, with their participation on an equal footing, and transparency.

No one can build a secure Internet alone. Solutions need all of us. Read the Canadian Multistakeholder Process: Final Outcomes and Recommendations Report.

Categories
Building Trust Internet of Things (IoT)

Your Voice Matters: The World Can Learn from Canada’s Inclusive Solutions to Make Citizens Safer Online

Canada has shown great leadership in its innovative approach to secure our connected future by drawing on the diverse strengths, backgrounds, and perspectives our country has to offer.

While the wrap up of a collaborative effort to produce policy recommendations to keep us safe online is definitely worth celebrating, the real work for Canadians has just begun.

The Internet has profoundly changed the way we do things, expanding opportunity as it shrinks distances between people, cultures, and ideas. With connected devices hitting the shelves of major Canadian retailers like never before, the Internet of Things (IoT) is adding countless facets to a new era of human potential.

It has also brought new and complex challenges in areas such as privacy and security.

Many of us worry about our security when we log on. Despite recent calls by governments around the world to create regulation to keep citizens and information safe online, it is critical to consider that not one person or government can solve these issues alone.

If there’s anything the world of Internet governance has shown us, it’s that we get better answers to tough questions when a range of experts and interests can meaningfully take part in the conversation.

When it comes to IoT security, Canada nailed it. It met this challenge with a collaborative project that drew on the expertise of diverse people and organizations. Known as the Canadian Multistakeholder Process: Enhancing IoT Security, the group included civil society, technology companies, academics, and developers. All worked in partnership with agencies such as the Canadian Ministry of Innovation, Science and Economic Development, the Canadian Internet Registration Authority, CANARIE, and CIPPIC.

Participants established three working groups that focused on consumer education and awareness, network resiliency, and the potential for a trustmark. The recommendations of each group are included in the final report released May 28.

The project’s recommendations carry serious weight in terms of credibility because they include perspectives from people who don’t always get a seat at the decision-making table.

For instance, youth delegates brought invaluable ideas about the potential future challenges of IoT from people who grew up in a world where the Internet has always existed. Likewise, participants of the 2018 Indigenous Connectivity Summit helped us understand the unique IoT access and security challenges of people without fast, reliable, and affordable Internet.

What’s more, other countries are already looking towards Canada’s collaborative model as a best practice to secure IoT. The Canadian Multistakeholder Process was the linchpin to the IoT Security Policy Platform, a collaborative body of government agencies and global organizations championing inclusive solutions to make security a pillar of our digital future. Senegal and France are also taking this way of working forward.

There isn’t a single person out there who can build a secure Internet by themselves. Solutions that are going to last need all of us. While the Canadian report represents a new way of meeting the potential and challenges of the Internet, it is only the starting point.

What’s next? We need your help to make things happen.

Now that the recommendations are in place, Canada needs to make them happen. That’s where you come in.

A new working group is already formed with the mandate to carry these recommendations forward. You can be a part of it.

The more the merrier: whether you’re an active community leader, policy maker, business leader, or concerned citizen, you can join group of changemakers working to secure our connected future through the IoT Security Implementation Committee. If you are interested, contact Senior Policy Advisor Katie Jordan at jordan@isoc.org.

Inclusivity is part of the Internet’s own DNA. It is an open and global network of networks that voluntarily work together.  Each network that joins the Internet does its own thing, but together they are all richer and more reliable.  It’s stronger because it works that way. We are too, and your voice is critical to the equation.

Join the IoT Security Implementation Committee and help ensure a secure, open, and accessible Internet for the future.

Categories
Events Internet of Things (IoT)

Talking Internet of Things in Canada at IoT613 This Week

This week, 8-9 May, we’ll be at IoT613 in Ottawa, Canada, talking about our work on “Trust by Design” – the idea that privacy and security should be built into Internet-connected products, and not just an afterthought. We have been working with manufacturers to embrace the Online Trust Alliance’s IoT Trust Framework, which identifies the core requirements manufacturers, service providers, distributors/purchasers and policymakers need to understand, assess and embrace for effective IoT security and privacy. We also work to encourage consumers to demand security and privacy and to help policymakers create a policy environment that strengthens trust and enables innovation.

This week in Ottawa, we’ll have an Internet Society booth at the event both days, and on 9 May, Mark Buell, North American Bureau Director, will be part of an “IoT in Canada” panel that will “explore current IoT trends in Canada, identify the benefits of IoT for businesses and citizens and find out how Canada’s IoT ecosystem stacks up compared to the rest of the world.” Mark will speak about the Canadian Multistakeholder Process: Enhancing IoT Security, an Internet Society-led initiative to develop a broad-reaching policy to govern the security of the IoT for Canada. 

From its website, IoT613 “fosters a culture of knowledge, sharing, and growth within the local and global IoT community. Through our varied programs, we provide a platform for technology, business, and policy professionals to learn, connect, and interact for the advancement of technology and economic development in the National Capital Region.”

Join us in Ottawa, come chat with us about IoT, privacy, and security, and read more about our work on the Internet of Things

Categories
Building Trust Internet of Things (IoT)

The Economics of Trust: Overcoming Obstacles to Better Consumer IoT Security

In 2018 the Internet Society launched the Trust by Design campaign, to make sure that security and privacy features are built into Internet of Things (IoT) products. We focused our activities on consumer IoT, a segment particularly vulnerable, despite having the biggest share in the IoT market. We believe trust should come as standard, and so we’ve been working with manufacturers and suppliers to make sure privacy and security are included in the initial design phase all the way through the product lifecycle, as outlined in the OTA IoT Trust Framework. Our work does not stop there, as this goal can only be achieved when consumers drive demand for security and privacy capabilities as a market differentiator and policymakers create a policy environment that strengthens trust and enables innovation.

Consumer IoT devices and services without adequate security pose a wide range of risks, from directly threatening the security, privacy, and safety of their owners to the devices themselves turning into botnets that can initiate DDoS attacks against the Internet. As more and more connected devices with weak security are rushed to the market due to competition and cost concerns, missing trust is deeply rooted in economics. To better understand the economic aspects of consumer IoT security, we commissioned an independent study conducted by Plum Consulting that we are pleased to share with you.

The economics of the security of consumer-grade IoT products and services” looks at the consumer IoT market and the current state of security (or lack thereof) and points out the main economic obstacles to better security. Consumers often do not have enough information to identify products with weak security. This results in investment in security not being seen as a competitive differentiator for manufacturers. Additionally, since the cost of security breaches are borne by the device owner or third parties rather than the manufacturer, there is little incentive for manufacturers to invest in security. Finally, effective security by design requires specialized skills, can slow down the process, and can cost extra. Because of these factors, combined with cognitive biases of consumers, manufacturers tend to prioritize reducing cost and quickly sending IoT products to market.

But everyone, from consumers to policymakers, can take steps to incentivize manufacturers and shift demand in the market for strong IoT security. These vary by cost and difficulty and come with pros and cons of their own. The report provides a taxonomy and comes up with recommendations for the industry and policymakers to improve consumer IoT security, including prioritizing consumer guidance, leveraging public procurement procedures for products with strong security, encouraging responsible vulnerability disclosures, developing a trustmark for secure consumer IoT devices, prosecuting misleading claims on security, and prescribing a general set of security principles. Mandated security requirements through regulation is considered a last resort, and only if all other initiatives fail to improve security in the consumer IoT market.

Improving consumer IoT security calls for action from a diverse group of stakeholders and their actions complement each other. The complex IoT ecosystem is only as strong as its weakest link – and a collaborative approach to security is essential for success. It is only by working together that we can make a more secure consumer IoT. The economics say so, too.

Categories
Building Trust Internet of Things (IoT)

Consumers International Summit: Making IoT Privacy and Security a Priority

Each day, more and more of us buy products that connect to the Internet, such as personal assistants, fitness monitors, appliances, and home security systems. Odds are you have one, two, or even more. There are more than 23 billion of these Internet of Things (IoT) products installed around the globe – roughly triple the world’s population – and that number is growing.

The Internet of Things offers the promise of convenience, efficiency, and more personalized services. However, many of these products are designed with little consideration for basic security and privacy protections.

The Internet Society and Consumers International formed a working partnership last year to address these challenges and to make sure consumers have access to trusted Internet-connected devices. We are proud to be lead partner at the Consumers International Summit, 30 April – 1 May, focused on putting consumers at the heart of digital innovation.

Consumers care deeply about their privacy, security, and how their personal information is collected and handled. On May 1 at the Summit, our President and CEO Andrew Sullivan will unveil new research from Consumers International and the Internet Society exploring what matters most to consumers when buying connected devices. He will also share details on who consumers expect to be responsible for better privacy and security.

During the Summit we will meet with consumer organizations from around the globe, as well as representatives from business, civil society, and governments, to exchange ideas on how we can work together to increase consumer trust online. Several Internet Society Chapter leaders will attend to meet Consumers International members from the same country to open a dialogue for future collaboration on the issue of IoT privacy and security.

Another highlight at the Summit will be convening a high-level group of representatives from governments and organizations to discuss their initiatives on IoT privacy and security guidelines. The IoT Security Policy Platform members will identify common areas of overlap and explore best practices as an opportunity for global coordination to enhance IoT security and protect both people and innovation online.

The Internet Society values our partnership with Consumers International, and our shared focus on a trusted Internet for everyone. Watch for more details when we announce the IoT research findings on 1 May and how our collaborative work is leading us toward Trust by Design.

Privacy and security should be more than an afterthought. Learn more about Trust by Design and why it matters.

Categories
Building Trust Internet of Things (IoT)

The Internet of Things: Why ‘Trust By Design’ Matters

As we have seen vividly in recent years, inadequate security and privacy protections in the Internet of Things (IoT) can have devastating impacts – on Internet users and core infrastructure. The high profile Mirai botnet distributed denial of service (DDoS) attack in 2016 was a dramatic example of the effects of poor security in IoT devices, and CloudPets connected teddy bears were withdrawn from sale by most retailers after it was revealed that millions of voice recordings between parents and their children were exposed. But the threats from these insecure devices don’t vanish when they are updated or recalled, since there is often a large number of them still in service, and still vulnerable.

Because of this, the Internet Society is particularly focused on improving the security and privacy of consumer IoT. As a rapidly growing area, it is especially vulnerable and has been exploited by malicious actors.

That’s why we’re encouraging manufacturers to adopt Trust by Design.

“Trust by Design” – an umbrella term that includes Privacy by Design and Security by Design – is an essential component of a healthy IoT ecosystem. It has significant implications beyond IoT for the health of the Internet as a whole, and all of its users.

The Privacy by Design concept was developed by Dr. Ann Cavoukian in the 90s in response to the growing and systemic effects of information technologies and large scale data systems. It has since become a foundational concept, underlying much of the work on privacy protection that has followed. There are 7 key principles:

  1. Proactive not reactive: preventative not remedial
  2. Privacy as the default setting
  3. Privacy embedded into design
  4. Full functionality: positive-sum, not zero-sum
  5. End-to-end security: full lifecycle protection
  6. Visibility and transparency: keep it open
  7. Respect for user privacy: keep it user-centric

While all 7 principles are essential, there is one we place particular emphasis on (especially with manufacturers): privacy embedded into design.

“Privacy measures are embedded into the design and architecture of IT systems and business practices. These are not bolted on as add-ons, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is thus integral to the system, without diminishing functionality.”

There are several interpretations of Security by Design. The Open Web Application Security Project (OWASP) Foundation does a good job of explaining the fundamental principles:

  1. Minimize attack surface area
  2. Establish secure defaults
  3. Principle of Least privilege
  4. Principle of Defense in depth
  5. Fail securely
  6. Don’t trust services
  7. Separation of duties
  8. Avoid security by obscurity
  9. Keep security simple
  10. Fix security issues correctly

We believe proper security should be included at all steps of the design and architecture of IoT systems, not as an afterthought.

The Online Trust Alliance (OTA, an Internet Society initiative) IoT Trust Framework has 40 key principles that provide a set of guidelines for manufacturers as they design and develop products and services ­– with privacy and security as a top priority. Developed through a consensus-driven, multistakeholder process, this IoT Trust Framework is unique in two significant ways:

  • It takes into account the lifecycle issues associated with IoT products and services..
  • It addresses the entire ecosystem, holistically, including devices/sensors, mobile apps, and backend services. Most frameworks focus on just the devices, but a system is only as strong as its weakest link.

There is a great deal that we can all do. In particular, it’s important that:

  • Manufacturers take affirmative steps to improve the security and privacy of the devices they produce
  • Retailers understand the role they play and the impact they can have when they take these factor into account when deciding upon which products to sell
  • Consumers inform themselves, using credible sources, to understand the security and privacy aspects of IoT devices they are considering or already using
  • Policymakers and regulators look at the roles they can play and work together with other key stakeholders toward better outcomes

Learn more about Trust by Design and what manufacturers, retailers, consumers, and policymakers can do: