Now is the Time for a Global Approach to IoT Cybersecurity

Back in 1970, leading environmentalists around the world banded together to draw attention to topics like pollution and their impacts on society. Today that global effort to be kinder to the planet is reinforced in more than 190 countries on Earth Day. 

Fast forward to 2022, and we have another global problem with the potential to impact nearly every human on the planet, and it is IoT Cybersecurity. October is recognized in about two dozen countries as Cybersecurity Awareness Month. But, given the growth in the Internet of Things (IoT) and the billions of connected devices around the world, we need to broaden our spotlight from laptops, desktops, and servers to the rapidly growing market of IoT products and services. In a recent analyst report from IoT Analytics, there was an 8 percent increase in global IoT connections in 2021 and in 2022 it’s expected to grow an additional 18 percent to more than 14 billion active connections.

Without solid cybersecurity, IoT products can endanger their users by being potentially compromised leading to data theft, malfunction, or an invasion of privacy. Compromised IoT devices can even cause major disruptions on a greater level by joining “botnets” that swarm websites or internet infrastructure.

Currently, there are around two dozen regulatory organizations representing more than 40 countries who are developing IoT cyber security regulations or seeking certification to cyber security schemes for IoT products in their own regions. The good news is that this issue is top-of-mind with these organizations. The bad news is they are nowhere near in sync, and these various schemes can be in conflict. In fact, this disparate global approach can only lead to fragmentation in the IoT industry just when it’s poised for global growth.

The lack of harmonization can impact many facets of the IoT value chain, such as the manufacturers, chip suppliers, and software companies who must contend with more costly regional variations rather than building toward a more global model. Smaller companies may have to limit their distribution in order to manage all these various requirements and costs. Ultimately, this negatively impacts consumer adoption and choice. 

But what if we changed the paradigm? What if one organization with more than 550 global technology leaders, large and small and nearly equally dispersed around the world, were tackling the problem of conflicting certifications as well as the other product security disconnects in IoT? The Connectivity Standards Alliance is actually working on solutions as the chief goal of their new Product Security Working Group (PSWG). 

Beyond the introduction of the Matter standard in the Fall with inherent security, including blockchain technology and an Alliance Distributed Compliance Ledger (DCL), the Alliance is also creating harmonized standards and a certification model to bridge the gap between these disparate cyber security standards. We’re not looking to start from scratch to be just one more among many, we’re looking to take on the burden of building a common scheme and certification that will work around the world. And to get started, we’re looking first at NISTIR 8425 in North America, ETSI EN 303 645 in Europe, and at ISO 27402. We’re working now to map and align these leading standards to ensure that we provide coverage for all of their requirements in our scheme.

Globally adopted technologies such as Wi-Fi, Bluetooth, and even 5G cellular show the many benefits when a manufacturer, developer, or chip supplier can build once and be relevant around the world. The bottom line is that it will be cost-prohibitive for most companies to certify the security of their IoT products over and over with slight variants in dozens of global markets. The result for consumers and commercial applications would be higher costs, less innovation, and more confusion. 

The time has come for the world to work cohesively to create the standards for IoT product security that will deliver on the promise of a more connected, secure, and productive world. The Connectivity Standards Alliance is pleased to work together with companies, governments, and consumer advocates around the world to realize this vision and make it a practical reality for all.