The Online Trust Alliance (OTA) released its updated IoT Trust Framework at the 2017 Consumer Electronics Show (CES (News - Alert)). This new version of the Framework serves as a product development and risk assessment guide for developers, purchasers and retailers of Internet of Things (IoT) devices. The OTA designed it to be the foundation for future IoT certification programs, with the goal of highlighting devices and companies that demonstrate a commitment to device lifecycle security and embrace responsible privacy practices. Such notifications and disclosures will aid consumers to make informed IoT device purchasing decisions.
Echoing written testimony he recently provided to the U.S. House of Representatives Energy and Commerce Committee, Craig Spiezle, Executive Director and President, OTA, said, “Recent IoT attacks like those which compromised hundreds of thousands of connected devices to take websites like Amazon, Twitter (News - Alert) and Netflix offline were just a ‘shot across the bow.’ The next incident could create significant safety issues. While most IoT devices are safe and secure, many still lack security safeguards and privacy controls, placing users and the Internet at large at risk.”
OTA said it recognizes that, while there is no perfect security, companies that apply the Framework principles should be shielded from regulatory oversight and class action suits, and potentially realize lower insurance premiums. The updated Framework reflects input from hundreds of leading security and privacy industry leaders including ADT, Microsoft (News - Alert), SiteLock, Symantec, TRUSTe, Verisign and others. This newest Framework builds on the first version released in March 2016, and incorporates a broad range of public and private efforts to help secure IoT devices.
“I have long supported multi-stakeholder processes to address the significant cybersecurity challenges facing our nation,” said Congressman Jim Langevin (D-RI), co-founder and co-chair, Congressional Cybersecurity Caucus. “Recent attacks leveraging IoT devices have only highlighted the need for the work of organizations like OTA. It is essential that companies manage the cybersecurity risk of their IoT devices, applications, and services, and the IoT Framework provides clear principles that developers can use to mitigate risk and protect their customers.”
OTA researchers integrated IoT security and privacy recommendations from U.S. government agencies including the Department of Commerce, Department of Homeland Security (DHS), Federal Communications Commission (FCC (News - Alert)) and Federal Trade Commission (FTC). In addition, OTA incorporated several key recommendations advocated by organizations including the Broadband Internet Technical Advisory Group (BITAG), Center for Democracy & Technology (CDT (News - Alert)), Consumer Federation of America (CFA), Consumer Technology Association (CTA), I am The Cavalry, International Telecommunications Union (ITU), Internet Society and National Association of Realtors® (NAR).