- CTIA, the wireless industry trade group, will offer a cybersecurity certification program for internet of things (IoT) devices, which it says will create a "more secure foundation" for smart cities, smart grids, connected cars and other IoT applications.
- The certification will be based on security recommendations from the National Telecommunications and Information Administration (NTIA) and the National Institute of Standards and Technology (NIST). Companies can begin submitting devices for certification starting in October.
- "America’s wireless industry has long been a leader in cybersecurity best practices and establishing an industry-led cybersecurity certification program for IoT devices is a major step in building a trusted, secure wireless ecosystem for the Internet of Things,” Tom Sawanobori, CTIA chief technology officer, said in a statement.
As IoT devices become more prevalent, so do concerns about their security and privacy. When everything from cars to refrigerators can be connected through the internet, there are also plenty of potential pressure points for hacks or cyberattacks. The data from IoT devices can also be more sensitive if breached.
CTIA says its certification will ensure that devices are built with security in mind from the ground up, helping to assure consumers and cities that the devices are safe for use.
The announcement of a CTIA certification comes as federal officials have started eying potential regulations. A bill in the U.S. House of Representatives, which has passed the Energy and Commerce Committee, would direct the Department of Commerce (which contains NTIA and NIST) to study IoT devices and study best practices and potential regulations for the industry. Rep. Robert Latta, R-OH, said at a hearing on the State of Modern Application, Research and Trends of IoT (SMART IoT) Act, that the technology has the "potential to improve the lives of many Americans," but that "light-touch regulation" could be required.
Cities are being forced to increasingly think about how to prevent cyberattacks as more IoT devices come online, after high profile ransomware attacks in Atlanta and Baltimore shut down city functions. Andrew Salkin, senior vice president for city solutions at 100 Resilient Cities, told Smart Cities Dive earlier this year that cities need to think beyond "we’re going to protect ourselves from attacks," and instead "think about the services that the city has that are connected to technology that can be enhanced, protected and leveraged to help the city do a lot of different things."