The effort to create informative labels to give buyers insight into the cybersecurity of connected devices continues to advance, but very slowly, according to technology firms and the US government.
Last week, Google published a blog post outlining the company’s stance on what should be included in product labels for Internet of Things (IoT) devices. It described five principles that should guide the industry, including a minimum security baseline, adherence to international standards, and allowing the label to change as knowledge of the security landscape changes. The need for a statement focusing on basics highlights the slow paces at which the standards are being developed.
One reason that IoT cybersecurity labelling standards are in their “early stages” is because the Internet of Things includes a massive number of products and categories, says Dave Kleidermacher, vice president of engineering for Android Security & Privacy at Google.
“Simplification of IoT security remains a challenge that the industry continues to work on,” he says. “This is largely due to the fact that IoT has a broad spectrum of product categories like light bulbs and smart displays, which have very different levels of required security.”
Google’s published statement comes two weeks after the White House called together technologists from government and private industry for a summit on the progress in IoT labeling, and more than a year after the US National Institute of Standards and Technology (NIST) held its “Workshop on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices