With recent IoT-related cyberattacks, organizations and at least one government agency are now focusing on preventative security measures with another set of recommendations just released.
In addition to the U.S. Department of Homeland Security’s IoT security principles, the Broadband Internet Technical Advisory Group (BITAG) just outlined its recommendations for IoT device security.
The guidelines are intended specifically for the area of consumer-facing IoT devices, although most of the recommendations are for increased process and oversight in the supply chain of those devices.
Most of the recommendations are simply to follow current best practices that have already been established in other similar devices, like personal computers and other consumer electronics.
BITAG recommends using current best practices for software standards, device naming and addressing, security and cryptography. The group also recommends that the IoT devices industry comes together to explore the creation of a more formal cybersecurity program.
Most of these guidelines seem to be similar to the principles for IoT security that DHS recently released.
Those guidelines include incorporating security at the design phase of IoT products and services and enabling security by default through unique usernames and passwords.
However, there has yet to come a legal governance for IoT device security. Rather, the guidelines from both DHS and BITAG are recommendations for IoT device manufacturers.
Here are the IoT device security recommendations outlined by BITAG: