from the lets-not-unfairly-start-assigning-labels-now dept.
United Kingdom to introduce Security Labelling on connected devices
In a press release from the UK government on January 27th 2020 called "Government to strengthen security of internet-connected products", the new law and its implications are clearly outlined. The measures taken and plans going forward are indeed promising for the security of consumers of IoT devices in the UK.
One implication of this law is the introduction of a new labeling system. The idea is that similar to how bluetooth and wifi labels help consumers feel confident their products will work with these wireless communication protocols, a Security label will instill confidence in consumers that their device is safe and secure according to standards.
Singapore to introduce Security Labelling on routers and smart home Hubs
Following the UK release, Singapore this week released their Cybersecurity Labelling Scheme. In the announcement it reads:
"Despite the growth in number of IoT products in the market, many consumer IoT products have been designed to optimise functionality and cost over security. As a result, many of them have little to no security features built-in. This poses cybersecurity risks such as the compromise of consumers' privacy and data."
More information about the Labelling scheme can be read here.
[ . . . ] "While consumers may want to choose a more secure product, information on the amount of security built into a device is often not made known by manufacturers. Thus, consumers are unable to make informed decisions."
[ . . . ] Starting off softly then tightening the rope
Both the UK and Singaporian approach start off with a soft scheme hoping that the industry itself will find and join forces with regards to best practise for the labelling.
[ . . . ] Are consumers ignorant, or can there be a differentiator here?
As a manufacturer of connected devices, there are two main approaches to embrace this tidal wave brewing.
It would be helpful if labels disclosed all of the built in vulnerabilities known at time of manufacture.
(Score: 0) by Anonymous Coward on Saturday March 14 2020, @11:03AM (4 children)
Every device needs a label on it!
(Score: 1, Touché) by Anonymous Coward on Saturday March 14 2020, @11:06AM (1 child)
I will be providing label updates.
(Score: 0) by Anonymous Coward on Saturday March 14 2020, @11:41AM
NO! NO! NO! I don't want Label 10!!
(Score: 2) by driverless on Monday March 16 2020, @05:50AM (1 child)
If you read the PR it doesn't say anything about what the labels will be, just there There Will Be Labels. So you could print up a batch of labels that say "This label is present to meet the regulatory requirement that a label be present" and slap those on.
(Score: 0) by Anonymous Coward on Monday March 16 2020, @10:53PM
"Don't panic"
(Score: 3, Funny) by takyon on Saturday March 14 2020, @11:14AM (1 child)
Just slap an Intel Inside sticker on it.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Insightful) by canopic jug on Saturday March 14 2020, @12:04PM
I notice that none of the computers at the big box stores come with warnings that they are infected with Windows any more. They disappeared a few years ago. Will this labelling requirement bring those warning stickers back?
Money is not free speech. Elections should not be auctions.
(Score: 2) by Gaaark on Saturday March 14 2020, @12:31PM
If you liked ring, then you shoulda put a label on it.
--Beyondme Knowsless
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 4, Disagree) by SparkyGSX on Saturday March 14 2020, @12:35PM (7 children)
If the lawmakers think there is such a thing as "amount of security", and that is what makes a device more or less secure, the game is over already.
If you do what you did, you'll get what you got
(Score: 0) by Anonymous Coward on Saturday March 14 2020, @01:51PM (2 children)
such a thing as "amount of security"
Of course there is: I bought 3kg of security from Amazon this very morning.
FYI, I chose the mint flavour.
(Score: 2) by Runaway1956 on Saturday March 14 2020, @02:09PM (1 child)
"Depends" brand?
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 1) by khallow on Sunday March 15 2020, @03:05PM
(Score: 1, Funny) by Anonymous Coward on Saturday March 14 2020, @03:24PM
You don.t understand, the label IS the security.
(Score: 2) by maxwell demon on Saturday March 14 2020, @08:16PM
Of course there's an amount of security. That's why you regularly need to download security updates: Because the security that got delivered with the product gets used up over time, and you need to resupply. :-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Insightful) by dry on Sunday March 15 2020, @05:10AM
You don't think a device with all its ports open is less secure then a device with no visible ports?
(Score: 2) by TheRaven on Sunday March 15 2020, @05:19PM
Zinaida [tf.fau.de] has done a bunch of research on this looking at how it impacts customer buying decisions. Her work fed into some of this policy making. Vendors are required to specify for how long the device will get updates and the maximum amount of time between a vulnerability being reported and it being patched. If a vendor doesn't meet their stated levels of support, customers may be entitled to a full refund.
sudo mod me up
(Score: 0) by Anonymous Coward on Saturday March 14 2020, @01:02PM
https://m.youtube.com/watch?v=mEB7WbTTlu4 [youtube.com]
(Score: 2) by fido_dogstoyevsky on Saturday March 14 2020, @10:14PM
But Shirley labels that big would accelerate deforestation - a thumbdrive would be better (for now).
It's NOT a conspiracy... it's a plot.