December 24, 2019
Today, there are more than 21 billion connected Internet of Things (IoT) devices and sensors in operation globally, the equivalent of nearly three devices for every human on earth.
While IoT offers consumers many benefits – uniformity in tasks enhances communication, frees up time and hands – the widespread and growing use of connected devices and systems also provides an attractive platform for targeted cyberattacks by hackers and other unscrupulous operators. In 2018 alone, cyberattacks involving IoT devices increased more than 200% over the prior year, resulting in more than 32 million attacks.
Consumers are understandably concerned about cybersecurity threats to their IoT devices and systems. According to one survey, 69% of consumers with smart devices in their homes are worried about their connected devices being hacked. More importantly, 90% of those surveyed believe that IoT device manufacturers have the responsibility to build security into their products.
Security concerns related to IoT devices are also getting increased attention from regulators. New laws scheduled to go into effect in both California and Oregon in January 2020 will require manufacturers to design connected devices with “reasonable security features.” But the concept of “security” is hard to quantify and the nature of cyber threats is constantly changing.
So how can manufacturers demonstrate that their IoT devices deliver the security they claim to deliver? And what steps can they take to help retailers and consumers choose smart devices that provide security consistent with their expectations?
Long active in the fight against cyberthreats, UL technical experts have now developed a rating system to objectively assess the security features that manufacturers state are part of their IoT devices. Introduced in May, the UL IoT Security Rating is based on a thorough assessment of more than 40 essential aspects of device security intended to identify and address common attacks and known vulnerabilities.
“To date, most cybersecurity efforts have focused on the critical infrastructure and other vulnerable industry sectors,” notes Laurens van Oijen, a cybersecurity assurance specialist with UL’s Identity Management and Security group. “Our IoT Security Rating is the first effort to objectively assess the security of consumer IoT devices and has already gained the attention of a number of major device manufacturers seeking to make their devices more secure.”
Devices that successfully complete the IoT Security Rating assessment are categorized in one of five levels (Bronze, Silver, Gold, Platinum or Diamond), based on the extent to which they address the specified device security capabilities, and are eligible to display the UL Verification Mark on the product or its packaging, or online. Rated products are also subject to bi-annual inspections by UL to verify that the security features claimed by manufacturers continue to be present in products.
According to van Oijen, the IoT Security Rating offers manufacturers an effective way to demonstrate to both retailers and consumers a company’s commitment to the security of their products. “The IoT Security Rating brings greater clarity for consumers about the level of security that a given IoT device provides,” he says. “Increased transparency makes it easier for consumers to choose IoT devices consistent with their own security concerns.”
“And retailers benefit as well,” van Oijen notes. “In today’s competitive retail environment, the ability to offer consumers connected devices that bear the UL IoT Security Rating Verification Mark signals a retailer’s commitment to the security of its customers.”
Demonstrate your commitment to product security. Learn more about UL’s IoT Security Rating services