Moving Connected Device Security Standards Forward
As
Mobile
World
Congress
approaches,
we
have
the
opportunity
to
have
deep
and
meaningful
conversations
across
the
industry
about
the
present
and
future
of
connected
device
security.
Ahead
of
the
event,
we
wanted
to
take
a
moment
to
recognize
and
share
additional
details
on
the
notable
progress
being
made
to
form
harmonized
connected
device
security
standards
and
certification
initiatives
that
provide
users
with
better
transparency
about
how
their
sensitive
data
is
protected.
Supporting
the
GSMA
Working
Party
for
Mobile
Device
Security
Transparency
We’re
pleased
to
support
and
participate
in
the
recently
announced
GSMA
working
party,
which
will
develop
a
first-of-its-kind
smartphone
security
certification
program.
The
program
will
leverage
the
Consumer
Mobile
Device
Protection
Profile
(CMD
PP)
specification
released
by
ETSI,
a
European
Standards
Development
Organization
(SDO),
and
will
provide
a
consistent
way
to
evaluate
smartphones
for
critical
capabilities
like
encryption,
security
updates,
biometrics,
networking,
trusted
hardware,
and
more.
This
initiative
should
help
address
a
significant
gap
in
the
market
for
consumers
and
policy
makers,
who
will
greatly
benefit
from
a
new,
central
security
resource.
Most
importantly,
these
certification
programs
will
evaluate
connected
devices
across
industry-accepted
criteria.
Widely-used
devices,
including
smartphones
and
tablets,
which
currently
do
not
have
a
familiar
security
benchmark
or
system
in
place,
will
be
listed
with
key
information
on
device
protection
capabilities
to
bring
more
transparency
to
users.
We
hope
this
industry-run
certification
program
can
also
benefit
users
and
support
policy
makers
in
their
work
as
they
address
baseline
requirements
and
harmonization
of
standards.As
policy
makers
consider
changes
through
regulation
and
legislation,
such
as
the
UK’s
Product
Security
and
Telecommunications
Infrastructure
Act
(PSTI),
and
emerging
regulation
like
the
EU
Cyber
Security
and
Cyber
Resilience
Acts,
we
share
the
concerns
that
today
we
are
not
equipped
with
globally
recognized
standards
that
are
critical
to
increased
security
across
the
ecosystem.
We
join
governments
in
the
call
to
come
together
to
ensure
that
we
can
build
workable,
harmonized
standards
to
protect
the
security
of
users
and
mobile
infrastructure
today
and
build
the
resilience
needed
to
protect
our
future.
The
Importance
of
Harmonized
Standards
for
Connected
Devices
Connected
devices,
not
just
smartphones,
are
increasingly
becoming
the
primary
touchpoint
for
the
most
important
aspects
of
our
personal
lives.
From
controlling
the
temperature
of
your
home,
to
tracking
your
latest
workout
–
connected
devices
have
become
embedded
in
our
day-to-day
tasks
and
activities.
As
consumers
increasingly
entrust
more
of
their
lives
to
their
connected
devices,
they’re
right
to
question
the
security
protections
provided
and
demand
more
transparency
from
manufacturers.
After
we
participated
in
a
recent
White
House
Workshop
on
IoT
security
labeling,
we
shared
more
about
our
commitment
to
security
and
transparency
by
announcing
the
extension
of
device
security
assessments
–
which
started
with
Pixel
3
and
now
includes
Nest,
and
Fitbit
hardware.
We
have
and
always
will
strive
to
ensure
our
newly
released
products
comply
with
the
most
prevalent
security
baselines
that
are
defined
by
industry-recognized
standards
organizations.
We
will
also
remain
transparent
about
critical
security
features
–
like
how
long
our
devices
will
receive
security
updates
and
our
collaboration
with
security
researchers
that
help
us
identify
and
fix
security
issues
to
help
keep
users
safe.
By
participating
in
international
standards
and
certification
programs
such
as
our
work
as
a
member
of
the
Connectivity
Standards
Alliance
(Alliance),
we’re
working
to
raise
the
bar
for
the
industry
and
develop
a
consistent
set
of
security
requirements
that
users
can
rely
on.
New
Research
Continues
to
Help
Inform
Our
Efforts
to
Establish
Strong
Security
Standards
and
Labeling
Practices
Last
year,
the
Alliance
formed
the
Product
Security
Working
Group
(PSWG).
Over
the
past
nine
months,
the
working
group
has
been
making
terrific
progress
on
its
mission
to
build
an
industry-run
certification
program
for
IoT
devices
that
aligns
with
existing
and
future
regulatory
requirements
to
reduce
fragmentation
and
promote
harmonization.
Today,
the
Alliance
in
partnership
with
independent
research
firm
Omdia,
published
a
comprehensive
research
report
that
outlines
all
of
the
currently
published
and
emerging
global
IoT
security
regulations
and
the
standards
baselines
they
map
to.
This
critical
research
enables
PSWG
to
hone
its
focus
and
efforts
on
harmonizing
between
ETSI
EN
303
645
and
NIST
IR
8425,
as
these
two
baseline
security
standards
were
found
to
underpin
the
vast
majority
of
the
regulations
outlined
in
the
research
report.
The
other
notable
area
of
the
report
highlighted
the
need
for
transparent
security
labeling
for
connected
devices,
which
has
also
become
a
very
important
industry
initiative.
A
large
majority
(77%)
of
consumers
surveyed
indicated
a
device
label
that
explains
the
privacy
and
security
practices
of
the
manufacturer
would
be
important
or
very
important
to
their
purchasing
decision.
Transparent
security
labeling
is
critical
in
helping
consumers
understand
which
devices
meet
specific
security
standards
and
requirements
during
evaluation.
We
recently
provided
our
principles
for
IoT
security
labeling
and
will
continue
to
be
a
key
contributor
to
efforts
around
providing
users
with
transparent
device
security
labels.
Creating
Strong
Connected
Device
Security
Standards
Together
It’s
been
inspiring
to
see
all
of
the
progress
that
the
Connectivity
Standards
Alliance,
GSMA
and
the
industry
at
large
has
made
on
security
standards
and
labeling
initiatives
in
such
a
short
time.
It’s
even
more
exciting
to
see
how
much
collaboration
there
has
been
between
both
industry
and
the
public
sector
on
these
efforts.
We
look
forward
to
continuing
the
conversation
and
coordinating
on
these
important
security
initiatives
with
policymakers,
industry
partners,
developers
and
public
interest
advocates
to
bring
more
security
and
transparency
to
connected
device
users.
About Author
