A multi-stakeholder statement supports consumer IoT device security baseline

Through the World Economic Forum’s Council of the Connected World, leaders from Consumers International, the Cybersecurity Tech Accord, and I Am the Cavalry, representing more than 400 organisations, launched a statement of support around five key capabilities that can set a baseline for consumer IoT security: (1) No universal default passwords; (2) Implement a vulnerability disclosure policy; (3) Keep software updated; (4) Secure communications; and (5) Ensuring that personal data is secure. These five device capabilities can establish a minimum level of security which should form the basis of all consumer IoT cyber security standards, specifications, and guidelines. The statement asks governments to promote these capabilities to further harmonise standards around the needs of consumers and call on IoT device manufacturers and vendors to (1) Take action to ensure the implementation of these capabilities and develop a plan for adopting IoT baseline standards guidelines, or best practices. (2) Take steps to ensure consumers are aware of security information.