Finland Has A Cyber Security Standard For IoT

Finland is the first to launch a cybersecurity labelling system to inform consumers of the IoT products that meet digital safety standards. The simple, visual symbol can help consumers buy products that meet basic standards and stem the in-flow of low-quality, vulnerable devices.

The move is aimed at promoting secure-by-default IoT product lines and spreading awareness of the dangers associated with increased connectivity.

Cyber Security Guidelines
The labelling initiative, which began development late last year, will see a stamp placed on every smart device that adheres to Finland’s cybersecurity safety guidelines. A website is also available for vendors to become certified with the security badge, and for consumers to make informed purchases.

The implementation of the consumer safety initiative has been led by the National Cyber Security Centre Finland (NCSC-FI) and industry partners such as telecommunications firm DNA and smart device manufacturers Cozify and Polar Electro.
“The security level of devices in the market varies, and until now there has been no easy way for consumers to know which products are safe and which are not,” said Jarkko Saarimäki, NCSC-FI Director.

“The cybersecurity label… is a tool that makes purchase decisions easier by helping consumers identify devices that are sufficiently secure.”

IoT Security Essentials
The NCSC-FI was responsible for testing products and developing criteria for security certification, currently based on EN 303 645 (PDF), security specifications for consumer IoT devices issued by European standards agency, ETSI.
Standards of smart devices should include safe default settings, access control, and secure data transfer and storage, to name a few.

“We hope that as many manufacturers as possible want to certify their products,” Saarimäki said....Our goal is that in a few years most home electronics categories will include products with the cybersecurity label.”

In the first half of 2019, Finnish security firm F-Secure found unpatched IoT devices were increasingly targeted in malware campaigns. 

A lack of secure-by-default features – such as reliance on factory-set passwords – was said to be a continuing concern among both consumer and enterprise-grade IoT products.


“We are hoping that consumers will learn to recognise the label and actively look for it when selecting products and services.... At the same time, we will contribute to the increased availability of secure devices in the market.”Saarimäki said.

Calls for IoT regulation have spread throughout the globe, as consumers become more reliant on smart devices.
The UK has now published a voluntary code of practice for IoT manufacturers to follow earlier this year, for example.
Finland is the first European country to disseminate security certificates on IoT products. 

These labels serve as a clear signpost to customers, and incentive for vendors to strive towards basic but uniform cybersecurity standards as a result, the impact that small change could make, should not be underestimated. 

Trafficom:          TechHQ:          Portswigger

You Might Also Read: 

10 Predictions For The IoT Future:


 

« Can Small Business Beat Cyber Attacks?
Artificial Intelligence Is Already Reshaping Our Lives »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

NuSummit

NuSummit

NuSummit (formerly NSEIT) specializes in empowering financial services firms to navigate complex challenges with cutting-edge, technology-driven solutions.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

Capital Network Solutions

Capital Network Solutions

Capital Network Solutions are a highly accredited managed IT services and consultancy provider, specialising in cyber security, infrastructure and communications.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

Data-Sec

Data-Sec

Data-Sec GmbH has been a trusted partner for mid-sized enterprises in the DACH region since 2009.