Highlights:

  • In an effort to improve the security of Internet of Things devices, Google has issued five key principles for IoT security labeling today.
  • The principles will guide manufacturers on properly safeguarding and labelling Internet of Things (IoT) devices, allowing consumers and businesses to use them with less exposure to threat actors.

As organizations increasingly adopt IoT devices, they are under growing pressure to establish new techniques for protecting IoT and smart devices that reside at the network’s edge. Concurrently, manufacturers are under growing pressure to reduce device vulnerabilities.

To improve the security of Internet of Things devices, Google has issued five critical principles for IoT security labeling.

The principles state the following:

  • A printed label must not imply trust
  • Labels must also reference robust international assessment methodologies
  • A minimal security baseline must be linked with security transparency
  • Broad-based transparency is equally as vital as the minimum bar
  • Labeling methods are ineffective without an incentive for adoption

The principles will guide manufacturers to appropriately safeguard and label Internet of Things (IoT) devices, allowing consumers and businesses to use them with less exposure to threat actors.

Protecting IoT devices at the network’s edge 

The announcement follows the White House’s intention to start a consumer labeling scheme for IoT devices in the spring of 2023 to boost customer trust in these solutions and incentivize manufacturers to fulfill more significant cybersecurity requirements.

It also comes close at a time when the overall security of IoT devices is weak, with a report by Vedere Labs and JSOF Research discovering nine vulnerabilities affecting four TCP/IP stacks used by over 100 million IoT, OT, and IT devices.

These vulnerabilities allow hackers to launch denial-of-service (DoS) attacks to interrupt network services and execute remote code (RCE) to seize control of compromised devices.

Google and the White House are considering labeling to strengthen IoT devices against threat actors.

Dave Kleidermacher, VP of Android security and privacy at Google, and Eugene Liderman, director of mobile security strategy at Google, said, “Our goal is to increase transparency against the full baseline of security criteria for the IoT over time. This will help drive ‘competition’ in security and push manufacturers to offer products with more robust security protections.”

They added, “As labeling efforts gain steam, we are hopeful that [the] public sector and industry can work together to drive global harmonization to prevent fragmentation, and we hope to provide our expertise and act as a valued partner to governments as they develop policies to help their countries stay ahead of the latest threats in IoT.”