BSA-The Software Alliance has released a dozen principles for securing Internet of Things technology, calling for an approach that “seamlessly” integrates security in devices, networks and the cloud, and is driven by stakeholder collaboration.
The software group says the remote-work security challenges raised during the COVID-19 pandemic highlight the need for a comprehensive policy approach to IoT security.
The principles, released Thursday, include looking beyond devices to craft policies that address the entire IoT ecosystem, creating incentives for IoT lifecycle security, embracing multistakeholder approaches and seeking global harmonization.
BSA president and CEO Victoria Espinel said in a statement: “BSA is eager to engage with policymakers at the national, state, and local level on the crucial issue of IoT security. We need flexible policy approaches that are based on an understanding of how the entire IoT ecosystem works, seamlessly integrating security capabilities across devices, cloud services, and networks.”
She said, “The global pandemic has underscored the need for strong security as so many people, businesses, and government agencies now rely on technology to work and operate remotely. For the Internet of Things to continue to evolve in innovative and secure ways, governments must create consistent, internationally operable policies for IoT security. BSA stands ready to engage in this process, and we hope that these principles will help spur thoughtful discussions.”
In setting policy, BSA says governments must:
- Account for the IoT ecosystem’s diversity and complexity
- Define key concepts and requirements clearly
- Secure the whole IoT ecosystem, not just devices
- Distinguish between consumer IoT and industrial IoT (IIoT)
- Build on industry best practices
- Incentivize security throughout the IoT life cycle
- Embrace multi-stakeholder processes
- Seek national and international policy harmonization
- Support the development and use of internationally recognized IoT standards
- Establish baseline security requirements as necessary and appropriate
- Integrate security into IoT acquisition
- Include IoT in incident response
Action on IoT security “is more urgent than ever before” amid the COVID-19 pandemic, BSA says. The group also recently hosted a discussion with the National Institute of Standards and Technology on software security and issued a framework on that topic last year. -- Charlie Mitchell (firstname.lastname@example.org)