With today’s IoT Code of Practice from the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC), wanted to share insight from Canonical – the company behind Ubuntu – around the need to instil a culture and OS rooted in security.
Below Jamie Bennett, VP of IoT and Devices at Canonical commented, focused on why the Code is a good start, but could go further.
Jamie Bennett, VP of IoT and Devices at Canonical:
“IoT devices are now a staple of modern life, and the DCMS and NSCS’ Code of Practice is a welcome addition to consumer security. The very nature of software means there’s no such thing as a flawless device – only devices with undiscovered flaws. From hard-coded device passwords to static legacy software, holes can be located in an IoT devices’ defence with frightening ease. Treated as an afterthought, patching vulnerabilities will be a never-ending battle; no sooner is one addressed than another appears.
Putting regulatory weight behind IoT security, therefore, will install greater confidence in consumers, especially in today’s climate of data sensitivity. But the fact this Code is voluntary means consumers will continue to be at risk, because mistakes or negligence do happen – that’s the nature of software. Businesses need to be at the forefront of security and adopt a culture of ongoing protection from the point of design and manufacture. That means buying into a standardised operating system – tailored to IoT – and making the most of new and intuitive security methods like automatic updates and roll-back on failure to place more emphasis on the manufacturer rather than the consumer. If the government does go the extra step to actively enforce the 13 guidelines then even better, but every IoT manufacturer should start with the OS and build from there with security in mind.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.