The development of the Internet of Things (IoT) has opened up opportunities across society and business, yet with this comes new security concerns and cyber threats. These can range from small inconveniences to serious privacy threats which could have drastic consequences. Typically there is an assumption that IoT products and services are largely unregulated and await specific regulations, when in fact regulations which affect IoT security do already exist with sanctions applicable to IoT providers. However as these are reliant on existing laws, which were not specifically written for the IoT market, often there is a lack of awareness of such legislation and how it may affect IoT products. This is coupled with some of the gaps in existing legislation, which usually only come to light when something goes wrong and the gaps become evident.
The Internet of Things Security Foundation (IoTSF) reminds us that “Security is not a destination, it is a journey”.
The IoTSF’s new report, “IoT Cybersecurity: Regulation Ready” is targeted at enterprises that produce or use IoT systems. With a security-focused mindset, it is intended to give IoT users and service providers a view of the current regulatory landscape and indications of the direction of some of the impending regulatory changes.
The report highlights existing legal regulations and sanctions – which vary globally – as well as highlighting already available resources and tools that can help businesses be ‘regulation ready’.
This report is an important part of the IoTSF’s Compliance activities, of which Richard Marshall, Managing Consultant at Xitex, is delighted to be leading in his role as Plenary Chair for the IoTSF.
The report is available in two versions and is free to download. A ‘concise version’ and a more detailed ‘full version’ for those who need greater depth. Both copies can be found on the Internet of Things Security Foundation’s Best Practice Guidelines webpage.