Security News > 2022 > September > New Report on IoT Security

The Atlantic Council has published a report on securing the Internet of Things: "Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem." The report examines the regulatory approaches taken by four countries-the US, the UK, Australia, and Singapore-to secure home, medical, and networking/telecommunications devices.

The report recommends that regulators should 1) enforce minimum security standards for manufacturers of IoT devices, 2) incentivize higher levels of security through public contracting, and 3) try to align IoT standards internationally.

This report looks to existing security initiatives as much as possible-both to leverage existing work and to avoid counterproductively suggesting an entirely new approach to IoT security-while recommending changes and introducing more cohesion and coordination to regulatory approaches to IoT cybersecurity.

It walks through the current state of risk in the ecosystem, analyzes challenges with the current policy model, and describes a synthesized IoT security framework.

The report then lays out nine recommendations for government and industry actors to enhance IoT security, broken into three recommendation sets: setting a baseline of minimally acceptable security, incentivizing above the baseline, and pursuing international alignment on standards and implementation across the entire IoT product lifecycle.

It also includes implementation guidance for the United States, Australia, UK, and Singapore, providing a clearer roadmap for countries to operationalize the recommendations in their specific jurisdictions-and push towards a stronger, more cohesive multinational approach to securing the IoT worldwide.

News URL

https://www.schneier.com/blog/archives/2022/09/new-report-on-iot-security.html