It sounds simple enough. Products such as fridges, washing machines and ovens are already sold in the EU with mandatory energy efficiency ratings, so why not something similar for security?
In comments made at a weekend press conference, EU deputy commissioner for digital economy and society, Thibault Kleiner, spelled out some of the organization’s worries about the state of IoT.
Ever greater numbers of products were being sold with an IoT connectivity as a standard feature, he said.
Despite there being at least five billion devices in service with IoT capability – Gartner reckons that this is expanding by 5.5 million new devices every day – security standards are only just emerging. Meanwhile, default security is often weak.
A warning of the potential for trouble came with the recent record-breaking DDoS attack on cybersecurity blogger Brian Krebs. The ‘Mirai’ botnet that generated this huge wave of traffic came from an army of poorly-secured network cameras, digital video recorders (DVRs), routers and printers.
The Commission believes that labels guaranteeing adherence to basic security standards would encourage manufacturers to work together more closely in the spirit of common interest.
The EU is doing its best to speed up development, investing €192 million in IoT research as part of its Horizon 2020 programme.
Unfortunately, IoT devices need better security now, not years from now when the EU has agreed what the labels should look like – and mean.
What consumers and businesses will think about having another label to peel off shiny new IoT products when pulling them out of the box remains an unknown.
Will they have faith in them? Or will they end up feeling disappointed should securing IoT devices from real-world threats turn out to be more complex than the label suggests?
See more at sophos.com