Security News Petition to secure the Internet of Things in the EU

[Windows_Security]

Dear Members,

The US prepares a bill to secure the Internet of Things (link). In the EU an experts work group starts 20th of October with a kickoff to address this issue also. As with most EU programs it will take 1 to 3 years before they have put any recommendation on paper. So why not take the fast lane and adopt the US Internet of Things Cybersecurity Improvement Act of 2017 for the European Union.

All we ask are minimal security standards like:
· Protect configuration settings with a user changeable password
· Facilitate security updates through a secure connection
· Protect user and usage data according privacy legislation

Exclude devices which don't meet this minimal standards from governmental and critical infrastructure contract per 1-1-2018 and for consumer products per 1-1-2019 (people can vote with their wallet earlier by not buying insecure smart products).

Here is the link to the petition: Secure the Internet of Things (IoT)

When you sign this petition you choose to show your name or show anonymous (see picture below)

regards Kees

 

[Windows_Security]

Nobody is signing this petition. So in Europe we will be facing lousy security for next three years.

Some questions:
1. My Sony TV from 2009 (not a Smart TV) updates over non secure line by passing the router, what brand TV do you have?
2. My Humax settop box does use my (wireless) network for interactive TV, but also bypasses router for firmware updates (at least over HTTPS), does your settopbox also uses secure connection?
3. My fitness watch (Garmin) with hart monitor by default does submits my user ID plus running geo data (can be set to record), do you know what your fitness device broadcasts?

 

[SHvFl]

Thing is it will be nice but i don't trust this kind of bills not having ways to let them do other stuff. Your privacy is already protected and those that break those rules in EU are paying a nice amount so they don't try it again. I am more worried of them not they passing the right to repair bill which is vastly more important.

 

[Windows_Security]

Thing is it will be nice but i don't trust this kind of bills not having ways to let them do other stuff. Your privacy is already protected and those that break those rules in EU are paying a nice amount so they don't try it again. I am more worried of them not they passing the right to repair bill which is vastly more important.

Privacy is not the issue, The third bullet is about protecting this private data. In 2016 over 1.8 million identities were exposed due to bad security practices. Now the vendors can come away with this lacking care for sensitive data with the "reasonable effort" clause. When EU and US commit to this IOT security bill we are talking about a market of 500 million plus people. This will push most vendors to adopt their smart products for basic security. Although repair bill is important, I disagree respectfully. We have to cross the 'minimal security' bridge first.

 

[brod56]

This is a serious issue. Here in Europe almost every smart device outside of phones/tablets/computers has no security measures, which may lead them vulnerable to an attack.