Tackle IoT Device Safety, Security ‘in Tandem,’ Cybersecurity Coalition Urges CPSC

standards for IoT devices are inextricably linked and should be addressed in tandem,” said May 2 comments (document ID CPSC-2018-0007-0031) posted Monday in docket CPSC-2018-0007 and "withdrawn" on Wednesday because it was deemed a "duplicate of material" previously submitted. “A common feature across all IoT devices is their ability to communicate across information networks and to act on the physical world, which makes securing these communications and controlling access to device functionality central to maintaining both the safety and security of the device, said the coalition, whose members include AT&T, Cisco, Intel, McAfee, Microsoft, Mozilla and Symantec. For example, shipping an IoT device to consumers with a factory-default password or other “known vulnerabilities” is both a security risk, “as this could give attackers access to consumers’ information,” and a safety risk “if attackers are able to gain control of device functionality,” it said. The coalition has a long history of “using a voluntary, consensus-based, industry-led approach to setting security standards,” and encourages CPSC to “use this approach to set safety standards for IoT devices,” it said. Comments in CPSC's review are due June 15, and a hearing is planned for Wednesday. The agency said it will use the feedback to better “inform future Commission risk management work.”