A consortium of leading tech firms including BT and Vodafone have joined forced to create the Internet of Things Security Foundation (IoTSF), designed to ensure the security of IoT devices and respond to a rising cyber threats.
The foundation, which has been set up as a non-profit body, also includes Imagination Technologies, Royal Holloway University of London, Copper Horse Solutions, Secure Thingz, NMI and PenTest Partners as founding members.
John Moor, director of the IoTSF, said the foundation was set up to meet an urgent need.
“With so many concerns and a new complexity of security in IoT, it is important that we now start the necessary work in earnest to address known, yet not always addressed, and emerging vulnerabilities,” he said.
“The scale and scope of the issues are formidable and as such they require a formidable response. This can only be achieved effectively by working together.”
The rapid adoption of IoT devices means they are becoming an increasingly attractive target for cyber criminals. Indeed, a recent report from Intel McAfee Labs found that the volume of IoT devices is growing far faster than predicted, creating the “perfect security storm”.
Ben Azvine, global head of security research and innovation at BT, said the foundation would help IoT technologies to go mainstream without undermining privacy.
“It will help to accelerate adoption of the technology and protect privacy and confidentiality of information. IoT Security Foundation has an important role to play in achieving this,” he said.
Darin Welfare, vice president EMEA at security firm WinMagic, agreed, saying the creation of the foundation was a “significant step” towards the widespread adoption of IoT.
“The new industry body, which will vet internet-connected devices for vulnerabilities and flaws, will encourage manufacturers to consider security of connected devices at the hardware level,” he said.
“By setting stringent security standards for connected devices, businesses will also be encouraged to adopt IoT devices that help drive growth and improve business processes.
“IoT security standards today vary widely depending on device manufacturer and OS. However, the Internet of Things is still in its early stages and, historically speaking, all new technology is initially weak on security as manufacturers and developers assess functionality and vulnerability limits,” he added.
Simon Moffatt, a director at software firm ForgeRock, described the arrival of the IoTSF is an important moment in the evolution of the IoT.
“As the IoT stabilises from a technical perspective, the potential for data loss and security breaches on a larger scale will inevitably increase, meaning more effective policing will be required,” he warned.
“From individual devices through to full-scale smart city deployments, collaborative knowledge sharing combined with the ability to identify and authenticate IoT devices will be pivotal in quickly assessing whether the data being generated is trustworthy and if the system/device in question remains secure.”