Another Set Of IoT Security Principles Introduced

The effort to bring better security to the Internet of Things continues, as another alliance has developed its own set of security principles.

The Smart Card Alliance recently introduced its set of IoT security principles, which are modeled after government security standards

The alliance’s principles focus on maintaining security throughout the entire lifecycle of IoT products and suggest use cases for hardware and software-based solutions. Similar to several other IoT security guidelines, the alliance recommends establishing industry standards for types of security hardware to embed into IoT devices.

For example, embedded secure elements could be used for authentication. This type of hardware has been used in smartphones to enable secure contactless payments.

“Too often, security is an afterthought in emerging markets experiencing rapid growth, like the IoT, that are lacking strong standards and regulations,” said Randy Vanderhoof, executive director of the Smart Card Alliance.

“As the number of connected devices continues to rapidly increase, the need for security solutions is urgent,” Vanderhoof said.

Unlike some other guidelines, which broadly recommend implementing more security directly into IoT devices from the beginning, the Smart Card Alliance acknowledges that implementing security is a sliding scale.

When approaching security in general, it needs to be ‘balanced with cost, implementation effort and end user convenience,’ according to the alliance.

Other security guidelines and principles have recently been developed by the U.S. Department of Homeland Security, as the IoT Daily reported (U.S. Issues Guidelines For IoT Security) and the Broadband Internet Technical Advisory Group (Internet Industry Group Issues IoT Security Guidelines).

On the regulation side, the FCC has its eye on the Internet of Things and intends to step in if the market doesn’t naturally address the area of security, as the IoT Daily recently reported (Now FCC Stepping In On IoT Regulations).

Other government agencies involved in the Internet of Things include the Department of Commerce and the Federal Trade Commission.