BITAG has released an Internet of Things security measures guide which should help users and producers maintain and update the privacy and security of their devices.
BITAG or the Broadband Internet Technical Advisory Group is an alliance formed by quite a number of technology industry players.
Amongst its members, the alliance includes the Internet giant Google, Microsoft, Verizon, Intel and other such industry members.
BITAG was formed back in 2010 and seeks to ensure the usage of the best practices so as to ensure broadband security.
Earlier this week, on Tuesday, the alliance released a guideline with a series of rules so as to ensure the privacy of IoT devices and their users.
IoT or the Internet of Things devices have started to become increasingly more common. Their usage is very varied as it can include anyone from the tech lovers to uninterested or non-technical consumers.
As such, the IoT devices could come to have a very widespread usage, which will, in turn, make them more exposed to threats.
The recent DDoS or Distributed Denial of Service attack which took place this October is a proof of their vulnerability.
IoT devices were then used to launch botnets targeting the web traffic manager company Dyn Inc. The company manages websites such as Spotify, Twitter, Reddit, or Netflix.
As such, the cyber attack was spotted quite quickly but also affected quite a large number of users.
The new guideline was released so as to help prevent such potential future occurrences. It also targets to prevent potentially undetected monitoring and surveillance and protect against them.
Other targets of the BITAG advices seek to prevent unauthorized access gains and controls of the IoT devices.
Device or system failures are also addressed as are the disturbance or harassment of the devices’ owners or authorized users.
The BITAG guidelines are mostly addressing the Internet of Things device producers and manufacturers.
As such, they recommend that the devices should have up-to-date software when there are shipped to the user. They should also include a secure and automated software update mechanism or process.
Another recommendation points out the high necessity of a default password protection system. Such a system should have and provide a “Strong authentication”.
The guidelines point out that producers and developers should follow the best available security and cryptography practices.
The IoT devices should also keep functioning even if their cloud backends fail. And producers are also advised to conduct security tests for quite a number of configurations.
Some of the producer advices are also targeting the device user as they urge the introduction of new or clearer user options.
As such, the guides advise the release of more easily understandable product privacy policies. They should also come with clearer bug and error report and fixing options and should allow user resets.
The BITAG guidelines are seen as a market effort of ensuring safer, more secure IoT products. But the alliance is not a regulatory body and cannot enforce these new rules so as to become laws.
However, they should help raise both user and producer awareness to the IoT devices and their strengths and vulnerabilities.
Image Source: Wikimedia