CTIA, the wireless industry association, just revealed a new IoT device security protocol and certification program.
The Internet of Things security certification for wirelessly connected devices will tell consumers and companies buying these certified devices that cybersecurity is baked in throughout the product's development.
It is a significant switch from the way most IoT devices have been developed: Be the first to market, regardless of the cyber risks created.
For years, we've heard from executives at our cybersecurity conferences that IoT manufacturers need to include cybersecurity from the start. Device manufacturers wanting this new CTIA certification will have to do exactly that.
Leading wireless operators, technology companies, security experts, and test labs collaborated to develop the program’s test requirements and plans.
The program also builds upon IoT security recommendations from the National Telecommunications and Information Administration (NTIA) and the National Institute of Standards and Technology (NIST).
With this much collaboration, perhaps it's no surprise that wireless industry executives are giving the new standards a thumbs up.
"Establishing a common and readily achievable security program that protects devices, consumers, and our networks is a critical initiative as the IoT market continues to grow exponentially, both in the U.S. and globally,” says Cameron Coursey, VP of Product Development, IoT Solutions, at AT&T.
And William Boni, Senior VP of Digital Security at T- Mobile, really hit on a key point: "To realize the exciting promise of IoT, security must be considered at every turn. By setting these standards, the wireless industry is proactively leading the charge to secure previously insecure devices, protecting our networks and customers against cyberattacks.”
The CTIA says its labs will be ready to accept devices into the certification program beginning in October 2018. Here are all the details on the program.
Speaking of October, IoT security is a hot topic at the SecureWorld Dallas conference on October 11-12, 2018.
iRobot's CISO, Ravi Thatavarthy, is speaking on IoT risks versus rewards. He tells me that we must continue to increase confidence in the Internet of Things to maximize its potential.
"My belief is that security combined with privacy will become a brand differentiator,” he says. And he's optimistic that will happen.
And the new CTIA certification program may inspire optimism in other information security leaders, as well.