Finland Has A Cyber Security Standard For IoT

Finland is the first to launch a cybersecurity labelling system to inform consumers of the IoT products that meet digital safety standards. The simple, visual symbol can help consumers buy products that meet basic standards and stem the in-flow of low-quality, vulnerable devices.

The move is aimed at promoting secure-by-default IoT product lines and spreading awareness of the dangers associated with increased connectivity.

Cyber Security Guidelines
The labelling initiative, which began development late last year, will see a stamp placed on every smart device that adheres to Finland’s cybersecurity safety guidelines. A website is also available for vendors to become certified with the security badge, and for consumers to make informed purchases.

The implementation of the consumer safety initiative has been led by the National Cyber Security Centre Finland (NCSC-FI) and industry partners such as telecommunications firm DNA and smart device manufacturers Cozify and Polar Electro.
“The security level of devices in the market varies, and until now there has been no easy way for consumers to know which products are safe and which are not,” said Jarkko Saarimäki, NCSC-FI Director.

“The cybersecurity label… is a tool that makes purchase decisions easier by helping consumers identify devices that are sufficiently secure.”

IoT Security Essentials
The NCSC-FI was responsible for testing products and developing criteria for security certification, currently based on EN 303 645 (PDF), security specifications for consumer IoT devices issued by European standards agency, ETSI.
Standards of smart devices should include safe default settings, access control, and secure data transfer and storage, to name a few.

“We hope that as many manufacturers as possible want to certify their products,” Saarimäki said....Our goal is that in a few years most home electronics categories will include products with the cybersecurity label.”

In the first half of 2019, Finnish security firm F-Secure found unpatched IoT devices were increasingly targeted in malware campaigns. 

A lack of secure-by-default features – such as reliance on factory-set passwords – was said to be a continuing concern among both consumer and enterprise-grade IoT products.


“We are hoping that consumers will learn to recognise the label and actively look for it when selecting products and services.... At the same time, we will contribute to the increased availability of secure devices in the market.”Saarimäki said.

Calls for IoT regulation have spread throughout the globe, as consumers become more reliant on smart devices.
The UK has now published a voluntary code of practice for IoT manufacturers to follow earlier this year, for example.
Finland is the first European country to disseminate security certificates on IoT products. 

These labels serve as a clear signpost to customers, and incentive for vendors to strive towards basic but uniform cybersecurity standards as a result, the impact that small change could make, should not be underestimated. 

Trafficom:          TechHQ:          Portswigger

You Might Also Read: 

10 Predictions For The IoT Future:


 

« Can Small Business Beat Cyber Attacks?
Artificial Intelligence Is Already Reshaping Our Lives »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Thales

Thales

Thales provides solutions, services and products that help its customers in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

Tymlez Software & Consulting

Tymlez Software & Consulting

Tymlez Software and Consulting is a start-up specialised in blockchain technology for enterprises.

Crossword Cybersecurity

Crossword Cybersecurity

We work with research intensive European university partners to identify promising cyber security intellectual property from research that meets emerging real-world challenges.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

DerSecur

DerSecur

DerSecur has been engaged in advanced technology activities in the field of Application Security since 2011. We offer R&D technology solutions in the field of SAST, DAST and SCA analysis.

AmiViz

AmiViz

AmiViz is the first B2B enterprise marketplace focussed on Cybersecurity business in the Middle East and Africa, designed specially to serve the interests of enterprise resellers and vendors.