Thursday, March 16, 2023
The 600-plus companies that have joined the ioXt Alliance to help it build confidence in Internet of Things products will be among the first to experience the national cybersecurity label NIST is developing for consumer Internet of Things (IoT) products and consumer software products—as soon as April, Grace Burkard, director of operations at the alliance, told EE Times.
Since May 2021, NIST, the National Institute of Standards and Technology, has been working under the Biden administration’s Executive Order 14028 on Improving the Nation’s Cybersecurity to improve connected security for products produced in the United States. The order focuses intently on the prevention, detection, assessment and remediation of cyber incidents.
NIST researchers investigated the situation for about 18 months and last February issued recommendations. The White House then held a meeting with private sector leaders, such as ioXt and other private sector leaders, as well as manufacturers and Congressional staffers. “They’re coming together to say, ‘OK, we need a single label that everybody can be housed under that the US government directly supports,” Burkard said.
NIST held some information-gathering sessions at this year’s Consumer Electronics Show in Las Vegas.
“Efforts are already underway to establish a national label, with the goal to have a major announcement from NIST in April,” she added.
The California-based alliance, founded in 2019, is focused intently on growing its membership among manufacturers, OEMs, labs, industry alliances and government organizations. “They’re very central for our workgroups, which are creating our profiles,” Burkard said. “Members can also obtain certification, so it’s really important to have their participation as they are the first ones who are going to be impacted by the creation of new standards. Our aim is to make them as aware as possible so that they can prepare for what’s to come.”
The group has gone about setting baseline security requirements to build a safer IoT world by using industry-led profiles created with the help of security analysts. “This way, we know that profiles are set by the best,” she said. “So far, we have focused on IoT devices in smart home, smart building, cellular IoT and mobile apps.”
It has established several profiles, including those for network lighting controllers, android, smart speakers, residential cameras and VPNs. This year, a profile for building network controllers will also be released.
Next on the horizon for the alliance are smart cities and healthcare, as well as online privacy, Burkard added, noting that it will take into account global regulations, such as the European Union’s General Data Protection Regulation (GDPR), as well as Singapore’s Central Security Agency (CSA) standards.
The power grid is noticeably lagging in cybersecurity efforts, Burkard acknowledged: “Certain industries are going to be slow to adopt.”
Healthcare is probably not far ahead of the power grid in terms of industry readiness for cybersecurity.
“There’s a lot of red tape, so that’s more of the challenge when it comes to IoT healthcare,” she said. “Everybody wants it to happen. But it’s hard to break through that red tape at a quick pace.”
When NIST comes out with the national cybersecurity level, two goals will be obvious, Burkard said: “One is to make the public more aware of product transparency and their security levels. Another is to be able to be involved in international discussions. In the U.S., we have several standards organizations, so, the goal is to have one voice under one national label in discussions regarding the international issues of standards fragmentation.
“That will help the U.S. communicate with other global governments, such as Europe, and say, ‘Hey, look at our standards. Look at yours. How can we start harmonizing?’ This will enable going around the world and trying to reduce the fragmentation.”
Copyright © 2023 CST, Inc. All Rights Reserved