Finland Has A Cyber Security Standard For IoT

Finland is the first to launch a cybersecurity labelling system to inform consumers of the IoT products that meet digital safety standards. The simple, visual symbol can help consumers buy products that meet basic standards and stem the in-flow of low-quality, vulnerable devices.

The move is aimed at promoting secure-by-default IoT product lines and spreading awareness of the dangers associated with increased connectivity.

Cyber Security Guidelines
The labelling initiative, which began development late last year, will see a stamp placed on every smart device that adheres to Finland’s cybersecurity safety guidelines. A website is also available for vendors to become certified with the security badge, and for consumers to make informed purchases.

The implementation of the consumer safety initiative has been led by the National Cyber Security Centre Finland (NCSC-FI) and industry partners such as telecommunications firm DNA and smart device manufacturers Cozify and Polar Electro.
“The security level of devices in the market varies, and until now there has been no easy way for consumers to know which products are safe and which are not,” said Jarkko Saarimäki, NCSC-FI Director.

“The cybersecurity label… is a tool that makes purchase decisions easier by helping consumers identify devices that are sufficiently secure.”

IoT Security Essentials
The NCSC-FI was responsible for testing products and developing criteria for security certification, currently based on EN 303 645 (PDF), security specifications for consumer IoT devices issued by European standards agency, ETSI.
Standards of smart devices should include safe default settings, access control, and secure data transfer and storage, to name a few.

“We hope that as many manufacturers as possible want to certify their products,” Saarimäki said....Our goal is that in a few years most home electronics categories will include products with the cybersecurity label.”

In the first half of 2019, Finnish security firm F-Secure found unpatched IoT devices were increasingly targeted in malware campaigns. 

A lack of secure-by-default features – such as reliance on factory-set passwords – was said to be a continuing concern among both consumer and enterprise-grade IoT products.


“We are hoping that consumers will learn to recognise the label and actively look for it when selecting products and services.... At the same time, we will contribute to the increased availability of secure devices in the market.”Saarimäki said.

Calls for IoT regulation have spread throughout the globe, as consumers become more reliant on smart devices.
The UK has now published a voluntary code of practice for IoT manufacturers to follow earlier this year, for example.
Finland is the first European country to disseminate security certificates on IoT products. 

These labels serve as a clear signpost to customers, and incentive for vendors to strive towards basic but uniform cybersecurity standards as a result, the impact that small change could make, should not be underestimated. 

Trafficom:          TechHQ:          Portswigger

You Might Also Read: 

10 Predictions For The IoT Future:


 

« Can Small Business Beat Cyber Attacks?
Artificial Intelligence Is Already Reshaping Our Lives »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

Cogeco Peer 1

Cogeco Peer 1

Cogeco Peer 1 provide Data Center, Cloud Infrastructure, Managed IT, Managed Security, Data Connectivity and Voice Services.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

SecureBrain

SecureBrain

SecureBrain software and services help protect against Japanese-specific cybercrime and global internet security threats such as online fraud, phishing, drive-by downloads and malware attacks.

VNT Software

VNT Software

VNT's vision is to change the way complex IT problems are resolved by predicting business disruptions before they occur.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

SecureMisr

SecureMisr

SecureMisr is a trusted advisor and leading cybersecurity services and solutions provider across the Middle East and Africa.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Cyber Security Consulting Services to help you secure your mission-critical systems.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.