The Broadband Internet Technical Advisory Group (BITAG), made up of several major tech and communications firms, has proposed a plan to secure internet-connected devices.
BITAG, which includes participants such as Cisco, Google, Charter, Comcast, CenturyLink, Mozilla, MIT and Level 3 published a report in which it recommended several security standards for internet of things (IoT) devices.
The report, Internet of Things (IoT) Security and Privacy Recommendations, addresses what it refers to as “potential issues contributing to the lack of security” of IoT devices.
“Several recent reports have shown that some devices do not abide by rudimentary security and privacy best practices. In some cases, devices have been compromised and allowed unauthorized users to perform surveillance and monitoring, gain access or control, induce device or system failures, and disturb or harass authorized users or device owners,” notes the report.
BITAG emphasizes several points that have become a source of concern, with calls for reformation of the IoT space by lawmakers, tech groups and concerned consumers in the past two months.
The BITAG Technical Working Group made the following recommendations:
IoT Devices Should:
- Use Best Current Software Practices
- Follow Security & Cryptography Best Practices
- Be Restrictive Rather Than Permissive in Communicating
- Continue to Function if Internet Connectivity is Disrupted
- Continue to Function If the Cloud Back-End Fails
- Support Addressing and Naming Best Practices
- Ship with a Privacy Policy That is Easy to Find & Understand
- Disclose Rights to Remotely Decrease IoT Device Functionality
- The IoT Device Industry Should Consider an Industry Cybersecurity Program
These recommendations are timely considering the recent cyberattacks which leveraged insecure IoT devices to launch several disruptive DDoS attacks.
BITAG does not have the power to enforce these recommendations, but the report could help shape looming reforms in the IoT space.
