Download PDF version Contact company

Suzanne Spaulding, Senior Advisor at CSIS and Advisor at Nozomi Networks, former DHS undersecretary for cyber and infrastructure where she led the NPPD now called CISA: “This is consistent with the recommendation from the Cyberspace Solarium Commission.”

This is not regulation. Instead, it's designed to make the market more effective by providing consumers, including business consumers, information they need to better compare security and risks in Internet of Things (IoT) devices. Not only will there be better labelling, this information should drive tech analysts to include a ‘security’ element in their reviews.”

Fixing security flaws

This helps consumers understand that security is a feature they should look for in considering purchases, which in turn should encourage the producers of IoT to see security as a potential market differentiator. We won't see an improvement in security until we take steps like this one to mitigate the ‘first to market’ imperative that shortchanges investment--and time--in designing more secure and resilient devices.”

Roya Gordon, Security Research Evangelist at Nozomi Networks: “I think this is a great effort! Providing end users with information that aids them in selecting secure technology products while incentivising vendors to prioritising fixing security flaws sounds like a win-win. Now, there are other parts of this policy that would need to be worked through e.g., analysing manufacturers who provide frequent patching and using that to rank their security posture.”

New technological innovation

A vendor can check all the boxes, as far as secure tech development, and still be exploited"

If this ranking process influences the purchase (or non-purchase) of technological goods, then this could be perceived as the government having direct control of the market by way of this new policy. The patching process (from discovery, CVE curation, patch development, reporting, and implementation) is laborious within itself and may need policy incentives to help fast-track the process.”

Maybe instead of ranking vulnerable products as low and possibly black-balling them from the market, the government can provide additional assistance to help these products combat the constant tactics threat actors are using to exploit these devices. A vendor can check all the boxes, as far as secure tech development, and still be exploited, and they should not be penalised for that.”

Additionally, all of these policies may make it more difficult for new technology vendors to break into the market, which could create a bottleneck for new technological innovation. Overall, this is a great effort to increase cybersecurity, but there are a few more areas that need to be defined for this policy to be cohesive, and not a constraint, to the cybersecurity/technology industry.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?