Cyber Security Council Recommends Security Certificates for IoT-devices
Internet of Things (IoT)-applications form digital threats to the economic growth, security and freedom. Therefore, an advisory report of the Cyber Security Council (CSR) state that, amongst others, there should be more certificates and more supervision on IoT-devices and its manufacturers.
“IoT-applications are at this moment not properly secured and therefore form a threat to our security and privacy” as said by the CSR. The Council points, amongst others, towards the Mirai-botnet, that consists out of hacked IoT-devices. The botnet was used in 2016 in a large-scaled cyberattack in the United States.
In the report, the Council offers six ‘strategic solution guidelines’ in order to cope with these concerns. The Council also advices a ‘labelling-system’. By applying stickers on the packaging of IoT-products, consumers are better informed about the devices’ security and if there is a possibility to disconnect the device from the internet.
Besides that, the CSR also proposes to execute an information campaign and a manual on the labelling-system.
The Council also emphasizes the importance of the proposal by the European Commission to come up with a European certification for cyber securing ICT-products and services. Furthermore, the government should state standardised security-requirements to the suppliers.
In case that the device is hacked, or vulnerable, it should be made public, according to the Council. For this, an independent monitor should be set up. This monitor should make public information available on which manufacturer and suppliers who do not secure their devices enough.
Furthermore, the CSR states that manufacturers should be held legally liable, also for economic damage. Dutch supervisors should be able to address manufacturers on basal security issues, among which not being able to provide security updates in time.
Cyber Security Council (CSR)
The Cyber Security Council is an independent, national advisory body of the Cabinet and consists of high placed representatives from public and private organisations and science. The CSR is committed to a strategic level, and aims to inprove the cybersecurity in the Netherlands.