The Consumer Technology Association
firewalls, network segmentation, and software updates can help. The Consumer Technology Association (CTA) has produced a checklist-based system for installing and maintaining connected devices. Aimed originally at the smart home market, it is relevant for business installations, as well. The Connected Home Security System includes information about router and device installation and configuration in order to get the maximum security from existing devices. Device manufacturers, retailers and purchasers, government and industry have been developing common agreement on a simple question: What security should a device have? Ignoring for the moment what the device actually does, how should it be secured? This is generally referred to as the baseline – a list of capabilities that is the basic minimum regardless of device type. A device should have this baseline of capabilities whether it is a smart home door lock, a wearable medical device, an enterprise security camera, or an industrial control unit. This past February, CTA– as part of a group called the Council to Secure the Digital Economy – began convening industry stakeholders that have a voice on cybersecurity. We brought 20 groups together in a process that came to be called the C2 Consensus. C2 stands for Convene the Conveners because each stakeholder group is a convener of the technical experts with its own membership. As a group, we came to a consensus that there needs to be one common baseline for IoT device security. The resulting C2 baseline has 13 important security capabilities, ten that can be identified on the device, and three that are exhibited by the manufacturer. For example, a connected device should protect data; it should secure access to critical functions; and it should be identifiable on a network. These are building blocks of the kind of device that hackers hate. The C2 Consensus on IoT devices and baseline security was published in September with the VP, Technology & Standards, Mike Bergman
Made with FlippingBook
RkJQdWJsaXNoZXIy MTI5MjAx