If you’re security conscious you’ll notice that there has not been any slow down in the media on consumer IoT hack-related stories. The hack on light bulbs from Osram is just of the most recent – and we expect a lot more as Blackhat and DEF CON 24 get underway.
What’s interesting about a lot of the contemporary IoT hacks, is that they could be easily avoided by adopting a security mindset and taking appropriate precautions – often simple precautions. At IoTSF, we have been working on our first set of best practices and a self certification framework for several months via our working groups. Our initial focus has been in the unregulated consumer IoT and smart home domains as those areas are particularly vulnerable at this phase of IoT market maturity. We’d like your help to ensure our best practice guidelines are of the highest quality and fit for purpose.
This is how you can help
Candidate-release documentation will soon be ready – we seek:
1) Security reviewers to ensure the guidelines meet our quality objectives prior to public release. If you’d like to volunteer to be an expert reviewer please contact us – we’ll make sure you are mentioned in the credits of course.
2) Lead customers to ensure our guidelines are fit for purpose. Would your organisation benefit from following our best practices? If you’d like to help us (to help you), we’re keen to have that conversation with you.
3) Help us spread the word. It has been said many times that perfect security is asymptotic – that is true, yet we can take collaborative measures that help protect us all – we value your help in supporting our mission and spreading the word – especially through your digital channels!
We have a simple philosophy for our outputs – they are required to be useful, accessible and actionable.
Useful: That may sound elementary – of course they should be useful. Moreover they should provide an appropriate level of assurance which is right for your organisation and your customers.
Accessible: We want the world to know what good security looks like without having to be a subject-matter expert. Our aim is to make as many of our guides free to the IoT stakeholder community as possible – IoT will be much safer if we increase security measures across the board and encourage wide adoption.
Actionable: This is key. If security measures are easy to adopt and low cost to implement to the organisation, why shouldn’t best practice be adopted? It demonstrates a duty of care to the market and that’s a concept we’re keen to promote; throughout all we do, we seek to foster a supply chain of trust.
If you can help, please email us at firstname.lastname@example.org – please tell us a little about yourself and where you would like to help.