Legislation for secure IoT is coming, but not soon enough
The lack of laws forcing baseline security in connected devices lets manufacturers sell products without safeguards that would protect consumers from trivial cyber-security attacks. Vendors are not legally liable for leaving easy-to-exploit bugs in their products and get to make bigger profits.
Internet-of-Things devices are like a slice of Swiss cheese when it comes to security. This state of things has persisted since the dawn of IoT and little has changed in this area; proof of this are all the incidents reported in the media, from spying through IP cameras, vulnerability findings, to the compromise routers in large numbers.
Experts have long warned that it’s high time to add to legislation practices for developing secure IoT devices. Cryptographer and privacy specialist Bruce Schneier is among the latest to warn of the dire consequences of letting manufacturers set their own security levels.
Although the steps are timid, organizations in the European Union and the US are working on recommendations and standards specifically adapted for the IoT segment. Some of the issues raised are an IoT product’s ability to receive updates and compliance with certain security standards that would ensure minimum protection.
With proper legislation still in the works, even for IoT for government activity, these are just guidelines vendors can choose to respect or ignore, leaving it up to the consumer to choose of a more secure product.
A firmer stance on the matter comes from the state of California, whose governor signed into law a broad bill that fails to deliver a set of clear standards. The law has no immediate consequence as it takes effect on January 1, 2020.
As things stand, you are better off choosing a smart device from a larger brand that feels a moral obligation to its customers to ship products with above-average safeguards. They understood from the moment they entered this market that IoT security is a real concern, and they added this detail in the design phase.
You may think products such as Bitdefender BOX are not of much use on networks with gadgets from security-aware companies. But the unsparing reality is that a network typically includes devices from makers that do not resonate in the same way to the dangers of hacking. Even if they did, cybercriminals would still try to hack their way in.
On top of this, both researchers and crooks find new vulnerabilities and forms of abuse on a constant basis.
Image credit: geraltInternet of Things IoT IoT regulation legislation