Addressing the broad-range DDoS cyber attack happened in October, the U.S. Department of Homeland Security (DHS) has published the “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0” as guidelines for companies which manufacture IoT devices.
Rather than regulating the users, the publications aim to tell the IoT device designers and manufacturers to follow the security requirements and recommended protocols. The purpose of the publications is to evoke a high-level awareness and a sense of urgency from the industrial consumer standpoint.
The outlines from the DHS publication includes incorporating security at the design phase, enabling security updates and vulnerability management, building on proven security best practices, prioritizing security measures according to the impact, promoting transparency between developers and manufacturers, and connecting carefully and deliberately as IoT consumers.
“We increasingly rely on functional networks to advance life-sustaining activities, from self-driving cars to the control systems that deliver water and power to our homes. Securing the Internet of Things has become a matter of homeland security. The guidance we issued today is an important step in equipping companies with useful information so they can make informed security decisions,” said Jeh Johnson, the secretary of Homeland Security, in the published statement.
From the U.S. Federal Communications Commission’s (FCC) early announcement, however, the official would not set security mandates on IoT devices yet.
After the DDoS attack last month, the FCC has stated that the Open Internet order now has given Internet service providers sufficient space to protect their networks from vulnerable connected devices without any additional regulations. The FCC has no interests to issue any new mandates for now.
Considering the U.S. IoT market is one part of the global ecosystem, any regulations from the country might bring influences to other nations and on international standards.