IoT References & Resources I IoTSA White Paper I Design Principles I Press Release I Overview PPT I Webinar
IoT Safety Architecture & Risk Toolkit Updated Addressing Hazardization
Recalibrated to the evolving regulatory landscape
October 18, 2018 – Austin, Texas – Today at the International Association of Privacy Professionals, Privacy, Security Risk conference, the Agelight Digital Trust Advisory Group, released a major update to the IoT Safety Architecture and Risk Assessment Toolkit (IoTSA). First released over six months ago, the IoTSA has been updated to reflect real-world feedback from dozens of stakeholders, regulators and device manufacturers. The IoTSA has been expanded to map to the evolving regulatory landscape including the EU GDPR, California IoT Security Act, the California Consumer Privacy Act (CACPA) and the UK’s Code of Practice for Consumer IoT security.
The IoTSA helps to accelerate the adoption of high-value and high-impact security and privacy practices delivering trustworthy devices to the market and supporting them through their lifecycle. At its core it was designed to address the confusion and at time conflicting narratives of existing frameworks. Many of which look at security, data privacy and product safety in isolation.
Leveraging National Cyber Security Awareness month, the IoTSA advocates that IoT safety must be “by design” and part of everyone’s responsibility from product conception through a product’s life-cycle. Not unlike an automobile, IoT devices require continued updating and patching and at a certain point need to be retired for the safety of the user and society at-large.
The IoTSA includes 45 actionable principles and uniquely includes a scoring model to help organizations complete risk assessments and prioritization. Applying the IoTSA aids device manufactures and developers to enhance the lifecycle security and data privacy of their solutions. In addition, enterprises can apply the IoTSA to assess the safety of the devices they have installed and retailers can apply the IoTSA to their product merchandising decisions.
"The IoTSA provides a blueprint to realize the promise of IoT and help avoid the pitfalls," said Craig Spiezle, Managing Director of the Agelight Digital Trust Advisory Group. “Organizations that adopt the IoTSA can maximize user safety, while making security and privacy a part of their brand promise. Those that fail risk placing society and users at risk.”
As the connected home, auto and lifestyle has been woven into the fabric of our lives, society is at risk due to the threat of device hazardization creating life safety and physical harms. Left unabated connected devices may flip our lives upside down if proper security, safety and privacy measures are not implemented. The following guiding tenets were applied and weighted for inclusion in the IoTSA;
- Address root causes of risks and vulnerabilities at-scale
- Promote practices which are feasible to adopt
- Reduce user risk and support burden
- Drive supply chain / ecosystem improvements
- Provide incentives for product/brand differentiation
- Provide users the ability to evaluate and compare products
- Be applicable globally
The IoTSA weighted risk model incorporates six fundamental criteria impacting device manufacturers and developers. Based on an organization’s risk tolerance, engineering and development efforts can be prioritized. Scoring criteria includes:
- The impact to the user
- The impact to the ecosystem and society at large
- Financial and performance impact
- Hazardization, or risks related to physical and life safety
- Development costs and impact to market timing
- Regulatory and liability risk
To learn more, attend the session entitled IoT Risk Assessment, Prioritization and Scoring at IAPP Privacy. Security. Risk 2018, on Friday October 19 at 11:45, during a panel with Justin Brookman, Director, Consumer Privacy and Technology Policy, Consumers Union and Aaron Weller, VP Strategy, Sentinel LLC.
“In a world populated by devices from smart fridges to driverless cars, it is vitally important that we embed privacy and security into the devices, large and small, that help us with everything from the mundane to the vital,” said Aaron Weller, VP of Strategy at Sentinel. “The IoTSA is a valuable tool for organizations to evaluate their risks and prioritize efforts. Those organizations that act now will not only avoid potentially significant issues but also send a strong message to their customers about the value that they place on doing the right thing.”
The IoTSA incorporates many practices advocated by the European Union’s General Data Protection Regulation (GDPR), the EU Agency for Network and Information Security (ENISA), the U.K. Department for Digital Culture, Media and Sport. the U.S. Consumer Products Safety Commission (CPSC), the U.S. Department of Commerce, the National Telecommunication and Information Administration (NTIA) the National Institute of Standards and Technology (NIST) the U.S. Department of Homeland Security, the U.S. Federal Communication Commission, the U.S. Federal Trade Commission (FTC) and other governmental agencies and regulatory bodies.
About The Agelight Advisory Group
The Agelight Digital Trust Advisory Group helps organizations accelerate the adoption of security- and privacy-enhancing practices and policies and navigate the complex regulatory environment while promoting innovation and the importance of self-regulation. AgeLight’s Managing Director Craig Spiezle offers more than two decades of product development and management expertise and is recognized as an authority on the intersection of online trust, security, privacy and product safety. For information on IoT consulting services including licensing the IoT Trust & Safety Architecture© visit https://agelight.com/iot.html or email firstname.lastname@example.org.