NTIA Participants Agree on Recommendations for Informing Consumers About IoT Security
Participants in an NTIA multistakeholder initiative to address IoT device security upgrades agreed to a final draft document that recommends what information manufacturers and vendors should convey to consumers before they buy a product. During a Tuesday virtual meeting, the…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
group reached "consensus" on the draft, which recommended elements companies should consider in informing buyers about whether devices receive security updates; whether they're done automatically, by a user or professionally; and how long a device would receive such support. The draft talks about how a user should be notified about updates and what happens after a device is no longer supported. Harley Geiger, Rapid7 director-public policy, said that this document could become part of a larger government effort to deal with botnets and automated threats. He said the working group hasn't thought about a strategy for promoting adoption of the document but said it would be good to see it "in the wild" with some companies using it. The document was drafted by a working group in the NTIA-driven process, which has met three times since October. NTIA plans a Sept. 12 meeting in Washington to possibly reach consensus on other drafts presented by working groups on a catalog of existing IoT security documentation; technical capabilities of providing upgrades; and incentives for companies to provide updates.