A New Specification Pulls Global IoT Security Under One Standard
The Connectivity Standards Alliance has released its IoT Device Security Specification V1.0 to unify many different standards for global use.
Billions of devices are connected in mesh networks in the home, workplace, and industry, making security a top priority to protect sensitive data.
The Connectivity Standards Alliance (CSA) Product Security Working Group has released V1.0 of its IoT Device Security Specification. This specification provides a comprehensive set of standards to secure the future of the Internet of Things (IoT).
The IoT DSS from the Connectivity Standards Alliance improves security requirements in the IoT.
Because different regions have different IoT regulations, the CSA has worked to create a single standard that encompasses security requirements for IoT hardware designers. This specification makes it easier to qualify devices worldwide.
An International Group Security Effort
Since the IoT Device Security Specification (DSS) is a global standard, the CSA solicited participation from groups worldwide to develop it. Contributors include Amazon, Apple, Arm, Google, Infineon, NXP, Silicon Labs, Sony, Siemens, and STMicroelectronics, among many others.
An IoT system example. Image used courtesy of the Connectivity Standards Alliance
Manufacturers who meet the IoT DSS standards will receive a CSA-verified mark on their product and a link to provide consumers with more information about the device's security measures. In its current form, the IoT DSS standard consolidates the most popular IoT requirements from the U.S., Singapore, and Europe; but as the standard evolves, it could continue to incorporate the latest security requirements from around the world.
Consolidating IoT Security Standards
Among the new security regulations, hardware designers will see several entries dedicated to ensuring hardware security off the shelf. The specification also addresses communications and updates to ensure that IoT devices do not become obsolete soon after entering the market.
IoT DSS mandates that every IoT device in a network is uniquely identified, even if they contain the same hardware. In a similar vein, devices are no longer allowed to use a hardcoded default password. Both of these rules ensure that communications and data can have their source identified while also ensuring that bad actors cannot use a known default password to breach a network.
Because the IoT consolidates potentially sensitive data, security standardization can help prevent malicious attacks. Image used courtesy of the Connectivity Standards Alliance
In addition, communications and storage must now employ more security requirements to lock down sensitive information. The hardware and software development process must employ techniques such as threat modeling and a “secure engineering approach” to prevent negligent vulnerabilities. Finally, all documentation related to device security measures must be publicly accessible to the end users.
Finding a Secure Common Ground
Cybersecurity is an ever-evolving field, with both malicious actors and security experts revealing new vulnerabilities. The IoT Device Security Specification V1.0 offers a single set of standards to speed the time to a global market and provide greater security measures.
As new threats emerge, the IoT DSS will require updates to ensure that the latest standards are implemented. In its current form, however, the newest CSA standard represents a big step in the right direction for the IoT.
