Home / News / Aspen Cybersecurity Group Sets New Principles to Secure IoT Devices

Aspen Cybersecurity Group Sets New Principles to Secure IoT Devices

The Aspen Cybersecurity Group has issued seven principles to bolster the security of Internet-of-Things devices, calling on manufacturers to increase investment, accountability and transparency in their products’ security, to design devices with “updateable” security and to build a multi-layered IoT defense, The Washington Post reported

“When left unsecured, however, these devices also carry increased risks to public health and safety, business operations and individual privacy,” the ACG said in a recently-released memo. “As the attack surface continues to expand, there is an acute need to ensure the benefits of IoT— and technological innovation more broadly — are nurtured while simultaneously mitigating against the associated risks.”

ACG’s IoT Security First Principles:

1. Manufacturers should incorporate security at the design phase of IoT devices.
2. Transparency should include details on the security attributes of products and services for the consumer’s awareness.
3. Developers should provide information on product privacy.
4. Manufacturers should be held accountable for the security of their devices.
5. IoT devices should have updateable security to keep up with changing security risks.
6. Products should have multi-layered security and countermeasures that function 
without degrading in the absence of connectivity.
7. Manufacturers should limit device features to “necessity.”

“Changing the dynamic requires an environment that incentivizes products to be secure-by-design and increases transparency to give consumers an opportunity to consider the security and privacy impacts of a product in their purchasing decisions,” the group said. 

The ACG also provided recommendations for increasing the size of the U.S. cybersecurity workforce and a framework to improve cybersecurity collaboration between the federal government and the industry.

The Aspen Institute established the group in 2017, which consists of lawmakers, former government officials, technology experts, scholars and other cybersecurity professionals.

Check Also

DARPA Launches Program Seeking High Performance Computing for Military Simulators

The Defense Advanced Research Projects Agency launched a new program to improve how virtual training environments replicate real-world interactions and host more complex systems. DARPA unveiled Monday that the Digital RF Battlespace Emulator program intends to build a new breed of High Performance Computing capable of supporting advanced radio frequency for simulators.