New IoT security standard launching in September
IoT security is top-of-mind for governments, enterprises
Speaking during a Fortinet event in Singapore last week, the U.K.-based Centre for Strategic Cyber Space and Security Science (CSCSS) announced that it is planning to launch a new IoT security standard in September 2018.
The organisation’s Asia-Pacific Executive Vice President Aloysius Cheang said that a technical committee had been formed to develop the standard and work had begun in June 2018. Reported originally by ComputerWeekly, the work is being conducted by participants from eight countries, including China, Taiwan, Singapore, India, the U.K. and Canada.
Cheang explained that IoT standards being developed by organisations such as the Institute of Electrical and Electronics Engineers (IEEE) are insufficient and “still very raw”, and that Taiwan would play an important role in ensuring CSCSS’ standard would be widely adopted.
Speaking back in March 2018, Gartner predicted that spending on IoT security would reach $1.5 billion in 2018. They also said that “nearly 20% of organisations observed at least one IoT-based attack in the past three years. “In IoT initiatives, organisations often don’t have control over the source and nature of the software and hardware being utilised by smart connected devices,” said Ruggero Contu, research director at Gartner, in March.
“We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. “In addition, organizations will look to increase their understanding of the implications of externalizing network connectivity. These factors will be the main drivers of spending growth for the forecast period with spending on IoT security expected to reach $3.1 billion in 2021.”
This announcement from CSCCS came after the Federal Bureau of Investigation (FBI) warned that cybercriminals are using IoT devices as proxies for anonymity. According to an alert published by the government organisation, “Examples of targeted IoT devices include: routers, wireless radios links, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices.”