Home / News / Aspen Cybersecurity Group Sets New Principles to Secure IoT Devices

Aspen Cybersecurity Group Sets New Principles to Secure IoT Devices

The Aspen Cybersecurity Group has issued seven principles to bolster the security of Internet-of-Things devices, calling on manufacturers to increase investment, accountability and transparency in their products’ security, to design devices with “updateable” security and to build a multi-layered IoT defense, The Washington Post reported

“When left unsecured, however, these devices also carry increased risks to public health and safety, business operations and individual privacy,” the ACG said in a recently-released memo. “As the attack surface continues to expand, there is an acute need to ensure the benefits of IoT— and technological innovation more broadly — are nurtured while simultaneously mitigating against the associated risks.”

ACG’s IoT Security First Principles:

1. Manufacturers should incorporate security at the design phase of IoT devices.
2. Transparency should include details on the security attributes of products and services for the consumer’s awareness.
3. Developers should provide information on product privacy.
4. Manufacturers should be held accountable for the security of their devices.
5. IoT devices should have updateable security to keep up with changing security risks.
6. Products should have multi-layered security and countermeasures that function 
without degrading in the absence of connectivity.
7. Manufacturers should limit device features to “necessity.”

“Changing the dynamic requires an environment that incentivizes products to be secure-by-design and increases transparency to give consumers an opportunity to consider the security and privacy impacts of a product in their purchasing decisions,” the group said. 

The ACG also provided recommendations for increasing the size of the U.S. cybersecurity workforce and a framework to improve cybersecurity collaboration between the federal government and the industry.

The Aspen Institute established the group in 2017, which consists of lawmakers, former government officials, technology experts, scholars and other cybersecurity professionals.

Check Also

Navy Opens Renovated Norfolk Naval Shipyard Building

The U.S. Navy has inaugurated a newly renovated facility in Norfolk Naval Shipyard on Aug. 22. The shipyard's Building M-32 has been equipped with new airconditioning, ventilation, electrical, plumbing and fire suppression systems and is expected to employ 200 people from NNSY's equipment management, production facility, engineering and planning departments, the Navy said Thursday.