Enforcing IoT Security Up the Hardware Supply Chain
The IoT manufacturing chain is highly fragmented, with some companies enforcing security measures and others that only care about bringing their products to the market as soon as possible. An initiative from The Atlantic Council advises how the United States could leverage its position to force companies to adopt a more cohesive security strategy.
The number of IoT devices is expected to reach around 75 billion by 2025, but no standards yet govern security policies implemented by IoT manufacturers. This means the market is a hodgepodge of devices, some secure and some not, with the vast majority of hardware somewhere in the middle.
Enforcing a security standard is not possible for several reasons. First of all, manufacturers are based worldwide, so it’s impossible to force them to adopt any standard. Secondly, the same is true for the hardware, which is often built abroad.
The Atlantic Council US think tank proposes a new way of enforcing security policies across the global IoT supply chain, starting with manufacturers. The organization published a paper underlining some measures that could be enforced.
“This paper proposes to apply regulatory pressure to domestic technology distributors to drive adoption of security standards throughout their supply chains,” reads the paper. “This reverse cascade enforces standards back to foreign manufacturers by preventing domestic sale or distribution of products that don’t adhere to the standard.”
The organization is also looking to cooperate with the European Union, which is a necessary step in any enforcement.
The Atlantic Council proposes a mechanism called The Reverse Cascade, which is basically a policy of strategic upward pressure applied to information and communications technology (ICT) product supply chains, using domestic distributors as a point of leverage to enforce standards on foreign-based manufacturers.
The organization is not offering a timeline. Such measures would take a long time to implement for new devices, but the reverse cascade would be a little easier to execute, only by exerting pressure on the existing agencies and mechanisms.hardware Internet of Things IoT policies security standard vulnerability