Verizon’s testing arm to roll out IoT certification to allay security fears
via Flickr © alexbrn (CC BY 2.0)
- IoT security remains a huge issue
- Multiple security breaches might wreck the smart home market
- Verizon's testing arm to offer certification programme
Security is perhaps the most oft-mentioned impediment to the development of Internet of Things (IoT). Critics (sometimes with a commercial axe to grind, admittedly) say security is being almost totally neglected and that IoT purveyors and developers seem to have learned nothing from the preceding iterations of consumer Information Technology. Both the PC and smartphone worlds at first neglected security but were eventually jerked into action after multiple breaches and rising consumer outrage. Today, with both the issues and the ameliorating security processes well understood, say the critics, it’s incredible that the IoT world seems to be walking into the same trap having apparently learnt nothing.
On the other hand, IoT vendors and promoters sometimes imply that the security ‘thing’ is being slightly over-egged. “Yes, security is an issue, but it’s being dealt with. These worries are to be expected as the market forms,” is a sentiment I often hear.
In the meantime, users (or potential users) are becoming wary as the inevitable ‘shock horror’ stories trickle out. We all remember the case of Interactive Barbie (see - Hacked interactive Barbie poses family security threat).
And just the other week there was the saga of ‘smart’ doorbell company Ring whose users were apparently picking up notifications and video streams from adjacent doorbells - disturbing to say the least.
Not surprisingly, it’s these home gadget security flaws that most worry the buying public, so no surprise to see that Verizon has clawed its way onto the waiting bandwagon to announce that ISCA Labs, its independent testing and certification division, is going to address the issue with a new security testing programme for the IoT.
The programme, believed to be amongst the first-of-its-kind, will test six components: alert/logging, cryptography, authentication, communications, physical security, and platform security.
"We expect the Internet of Things to be the next digital wave," the press release has George Japak, managing director, ICSA Labs, saying. "Given the enormity and complexity of the space, it can be tricky for enterprises to navigate. We know from multiple recent studies that the #1 concern among adopters is security and privacy, and our new IoT Security Testing and Certification Program directly.”
The resulting certified devices and sensors will carry the ICSA Labs' mark of approval and will be tested over their lifecycle at regularly established intervals to keep up with the hackers.
That ongoing testing aspect could be critical. According to Haydn Povey, CEO & Founder, Secure Thingz, interviewed on TelecomTV at the recent Smart IoT London event, IoT devices might last 5, 10, or even 30 years out in the field so ongoing testing and security updating is going to be a real requirement. (see - Why IoT systems can and will have gaping security holes and how the industry should deal with them).