How secure are our devices when they connect to the Internet? This is difficult for consumers to discern. The IT security label of the German Federal Office for Information Security (BSI) now provides a solution. The eco Association welcomes this initiative and at the same time appeals to manufacturers and consumers to take responsibility for IT security.
The number of smart devices is increasing: Not only refrigerators, washing machines and voice assistants are connected to the Internet, but also cars and industrial plants. This also makes them a potential target for hackers. Different operating systems and standards offer numerous vulnerabilities that cyber criminals get to exploit. According to AV-Test GmbH, the threat level has almost doubled from 2020 to 2021. Security researchers have found that every device on the Internet of Things is exposed to several million attack attempts within 14 days.
Markus Schaffrin, IT Security Expert and Head of Member Services at the eco Association appeals to the manufacturers to plan for security in IoT devices from the outset and to incorporate it into the product design. “The requirements of the EN 303 645 standard and test specification 109 701 provide manufacturers with a good reference point for secure IoT devices. We therefore welcome the fact that these specifications form the basis for the IT security labels that manufacturers are now able to apply for,” Schaffrin continues.
IT security influences purchasing decisions
Since May 2022, manufacturers of smart cameras, smart speakers, smart cleaning and gardening robots, smart toys, and smart television products have been able to apply for the IT security label from the BSI. Since December 2021, the IT security label can already be applied for “broadband routers” and “email services”. New areas of application for the IT security label are to be added continuously.
“We are sending a clear signal to the consumer market that information security is a vital argument for the decision to buy and use IT products,” says BSI President Arne Schönbohm. “We are thus making a valuable contribution to the European debate on cybersecurity in consumer devices and are certain that the IT security label represents an essential step towards greater security and transparency in these areas.”
Taking joint responsibility for IoT security
The eco member companies also welcome the fact that, with the IT security label, there is now a harmonised procedure throughout Europe that promotes security-by-design and security-by-default approaches for IoT devices. In a short survey undertaken in March 2022 at the “Security in IoT” event, around 70 per cent of the participants were shown to be in favour of mandatory certifications. IT security, however, is a challenge for society as a whole, and making manufacturers solely responsible for it is not sufficient. “Users have to be made more aware of security risks in IoT,” says Markus Schaffrin. “It is crucial that users apply the security features provided by the manufacturers: for example, that they dispense with default passwords or set up recommended network disconnections.” Hackers will only stand no chance if manufacturers and users take joint responsibility for IT security on the Internet of Things.