A popular consumer rights organization is proposing that the federal government create a type of cybersecurity mark that certifies that a connected device is secure. The concept would parallel the Energy Star labeling process. The Energy Star label certifies that an electric device meets pre-determined minimum federal standards for energy use. In essence, the Security Shield label would certify that an IoT device has some pre-set security elements from design process to deployment. They even propose that standards be established up through the end of life for a product. The most recent white paper they published provides an in depth look into how a program of this nature would work.
Last year, we published a white paper recommending stakeholders improve cybersecurity and foster innovation by drawing upon time-tested principles from sustainability management. The paper observed that transitioning to a sustainable approach to cybersecurity embraces the principles of shared responsibility and collective action, frames business costs associated with improved security as an investment in the internet ecosystem, encourages broad adoption of risk-management practices, and supports consumer engagement.
Our first paper also included a series of operational and policy recommendations for actors across the internet ecosystem. Among these recommendations is for device manufacturers to sell products that are secure to market, have an established lifecycle, and are updatable as necessary. As part of our recommendations, we highlighted a need for the marketplace to offer devices with these capabilities. In our new white paper, “Security Shield: A Label to Support Sustainable Cybersecurity,” we outline the need for a consumer-facing label that would inform purchasers of Internet of Things (IoT) products that the manufacturer followed best security practices in developing the product and convey that the product’s security capabilities are better than similar products without such a label.
