When you eat food, it’s nice to know exactly what you are putting into your body, be it good or bad. This helps you make better, more educated decisions for the future. Wouldn’t it be nice if you could do that with your business’ technology, too, just by glancing at the label? Well, a new initiative may do just that for certain Internet of Things devices.
In much the same way that nutrition labels are designed to protect the consumer, a new push to implement security standards is underway. The National Institute of Standards and Technology, or NIST, held a workshop titled “Workshop on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software” in response to the Biden administration’s calls for greater transparency and communication in terms of applications and connected devices. Government agencies, private companies, and academics are all working to put in place requirements and pilot programs which could lead to the eventual launch of these standards as early as next year.
The first thing on the docket? The creation of criteria and components for what this label might entail.
In the exact words of the executive order, the program must “initiate pilot programs informed by existing consumer product labeling programs to educate the public on the security capabilities of Internet-of-Things (IoT) devices and software development practices, and shall consider ways to incentivize manufacturers and developers to participate in these programs.”
Mind the word “consumer” in that order; this is very much directed at consumer products rather than most business technology, but that’s not to say that these directives will not eventually come to fruition for certain business technology solutions. Consider the fact that many small businesses suffer from the same problems that plague consumers, such as a lack of security knowledge or expertise. Including a label can help consumers and professionals alike make the best decisions about their technology procurements.
Of course, there is an inherent flaw with this approach, and that is to assume that consumers and business professionals know what they are looking at on the labels. It’s like looking at the ingredients on a nutrition label; while it’s good to know what is in there, what good does it do if you have no clue what you’re looking at? All of this assumes that consumers understand the concepts involved with security, which is a dangerous assumption to make.
It is unlikely that these labels will have in-depth information—at least, not at first. They will likely only have the most basic security information on their packaging. Still, even an inkling of what some of these Internet of Things devices have available to them is better than having no idea at all, and considering that many of them are notorious for being security risks, this is a great movement toward improving the security of both the average consumer and small businesses.
If you ever have any concerns about the security of devices or how introducing one might affect your infrastructure, it’s a good idea to consult an expert. SRS Networks wants to help you improve your organization’s security through industry-standard best practices. To learn more about what we can do for your company, reach out to us at (831) 758-3636.