Finland Has A Cyber Security Standard For IoT

Finland is the first to launch a cybersecurity labelling system to inform consumers of the IoT products that meet digital safety standards. The simple, visual symbol can help consumers buy products that meet basic standards and stem the in-flow of low-quality, vulnerable devices.

The move is aimed at promoting secure-by-default IoT product lines and spreading awareness of the dangers associated with increased connectivity.

Cyber Security Guidelines
The labelling initiative, which began development late last year, will see a stamp placed on every smart device that adheres to Finland’s cybersecurity safety guidelines. A website is also available for vendors to become certified with the security badge, and for consumers to make informed purchases.

The implementation of the consumer safety initiative has been led by the National Cyber Security Centre Finland (NCSC-FI) and industry partners such as telecommunications firm DNA and smart device manufacturers Cozify and Polar Electro.
“The security level of devices in the market varies, and until now there has been no easy way for consumers to know which products are safe and which are not,” said Jarkko Saarimäki, NCSC-FI Director.

“The cybersecurity label… is a tool that makes purchase decisions easier by helping consumers identify devices that are sufficiently secure.”

IoT Security Essentials
The NCSC-FI was responsible for testing products and developing criteria for security certification, currently based on EN 303 645 (PDF), security specifications for consumer IoT devices issued by European standards agency, ETSI.
Standards of smart devices should include safe default settings, access control, and secure data transfer and storage, to name a few.

“We hope that as many manufacturers as possible want to certify their products,” Saarimäki said....Our goal is that in a few years most home electronics categories will include products with the cybersecurity label.”

In the first half of 2019, Finnish security firm F-Secure found unpatched IoT devices were increasingly targeted in malware campaigns. 

A lack of secure-by-default features – such as reliance on factory-set passwords – was said to be a continuing concern among both consumer and enterprise-grade IoT products.


“We are hoping that consumers will learn to recognise the label and actively look for it when selecting products and services.... At the same time, we will contribute to the increased availability of secure devices in the market.”Saarimäki said.

Calls for IoT regulation have spread throughout the globe, as consumers become more reliant on smart devices.
The UK has now published a voluntary code of practice for IoT manufacturers to follow earlier this year, for example.
Finland is the first European country to disseminate security certificates on IoT products. 

These labels serve as a clear signpost to customers, and incentive for vendors to strive towards basic but uniform cybersecurity standards as a result, the impact that small change could make, should not be underestimated. 

Trafficom:          TechHQ:          Portswigger

You Might Also Read: 

10 Predictions For The IoT Future:


 

« Can Small Business Beat Cyber Attacks?
Artificial Intelligence Is Already Reshaping Our Lives »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

Cyphercor

Cyphercor

Cyphercor is a leading smartphone and desktop-based two-factor authentication (2FA) provider.

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

HALOCK Security Labs

HALOCK Security Labs

HALOCK is an information security consultancy providing both strategic and technical security offerings.

Highen Fintech

Highen Fintech

Highen is a blockchain software development company with offices in the United States and development centers in India.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

CLEAR

CLEAR

With more than 17 million members and a growing network of partners across the world, CLEAR's identity platform is transforming the way people live, work, and travel.

e-Safer

e-Safer

e-Safer's mission is to provide solutions and services that ensure a safer digital environment.

CHERI Alliance

CHERI Alliance

CHERI Alliance is an industry initiative spearheading the global adoption of the Capability Hardware Enhanced RISC Instructions (CHERI) security technology across the computing industry.

Blind Insight

Blind Insight

Field-level searchable encryption plus fine-grained programmable access controls. All wrapped neatly in developer-friendly APIs and SDKs. Data protection perfection.