Finland Has A Cyber Security Standard For IoT

Finland is the first to launch a cybersecurity labelling system to inform consumers of the IoT products that meet digital safety standards. The simple, visual symbol can help consumers buy products that meet basic standards and stem the in-flow of low-quality, vulnerable devices.

The move is aimed at promoting secure-by-default IoT product lines and spreading awareness of the dangers associated with increased connectivity.

Cyber Security Guidelines
The labelling initiative, which began development late last year, will see a stamp placed on every smart device that adheres to Finland’s cybersecurity safety guidelines. A website is also available for vendors to become certified with the security badge, and for consumers to make informed purchases.

The implementation of the consumer safety initiative has been led by the National Cyber Security Centre Finland (NCSC-FI) and industry partners such as telecommunications firm DNA and smart device manufacturers Cozify and Polar Electro.
“The security level of devices in the market varies, and until now there has been no easy way for consumers to know which products are safe and which are not,” said Jarkko Saarimäki, NCSC-FI Director.

“The cybersecurity label… is a tool that makes purchase decisions easier by helping consumers identify devices that are sufficiently secure.”

IoT Security Essentials
The NCSC-FI was responsible for testing products and developing criteria for security certification, currently based on EN 303 645 (PDF), security specifications for consumer IoT devices issued by European standards agency, ETSI.
Standards of smart devices should include safe default settings, access control, and secure data transfer and storage, to name a few.

“We hope that as many manufacturers as possible want to certify their products,” Saarimäki said....Our goal is that in a few years most home electronics categories will include products with the cybersecurity label.”

In the first half of 2019, Finnish security firm F-Secure found unpatched IoT devices were increasingly targeted in malware campaigns. 

A lack of secure-by-default features – such as reliance on factory-set passwords – was said to be a continuing concern among both consumer and enterprise-grade IoT products.


“We are hoping that consumers will learn to recognise the label and actively look for it when selecting products and services.... At the same time, we will contribute to the increased availability of secure devices in the market.”Saarimäki said.

Calls for IoT regulation have spread throughout the globe, as consumers become more reliant on smart devices.
The UK has now published a voluntary code of practice for IoT manufacturers to follow earlier this year, for example.
Finland is the first European country to disseminate security certificates on IoT products. 

These labels serve as a clear signpost to customers, and incentive for vendors to strive towards basic but uniform cybersecurity standards as a result, the impact that small change could make, should not be underestimated. 

Trafficom:          TechHQ:          Portswigger

You Might Also Read: 

10 Predictions For The IoT Future:


 

« Can Small Business Beat Cyber Attacks?
Artificial Intelligence Is Already Reshaping Our Lives »

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Bitdefender

Bitdefender

Bitdefender provide anti-virus and anti-malware products for home and business/enterprise users.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

Operational Center for Information Systems Security (COSSI)

Operational Center for Information Systems Security (COSSI)

COSSI is responsible for the detection and mitigation of cyber attacks directed at French Government information systems.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

Privasec

Privasec

Privasec is an independent security, governance, risk, and compliance consulting firm.

Quoscient

Quoscient

Quoscient provide comprehensive and modular security solutions that deliver maximum security against all types of cyber threats.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

Cymatic

Cymatic

Cymatic has engineered a new approach to web security, designed and built to overcome the limitations of today’s siloed and ineffective security solutions.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

Mosaic Technologies Group

Mosaic Technologies Group

MOSAIC’s Cyber solutions provide the analytics, planning, technologies, and operations support to protect our clients’ systems, our warfighters, and the nation’s joint cyber mission.