I Am The Cavalry is among the organizations leading an effort to raise the bar for IoT minimum security standards by connecting technically literate voices of reason from the hacker community to a way to engage through the World Economic Forum’s Council on the Connected World.
Today, more than 100 organizations have signed on to a Statement of Support to establish a minimum level of security for all consumer IoT cybersecurity standards, specifications, and guidelines, drawn from the UK Code of Practice for Consumer IoT Security and the ETSI EN 303 645 standard. These documents were developed, in part, with the help of several hackers, including I Am The Cavalry members. The baseline security capabilities the World Economic Forum statement outlines include:
- No universal default passwords
- Implement a vulnerability disclosure policy
- Keeping software updated
- Securely communicating
- Ensuring that personal data is secure
As our dependence on connected technology has grown faster than our ability to secure it, human life and public safety are increasingly at risk when devices fail to meet these minimum standards of care. I Am The Cavalry seeks to ensure that the technology we depend on is worthy of the trust we place in it.
While today’s Statement of Support focuses on consumer-grade IoT devices, these are frequently used in safety-critical environments, such as hospitals, energy companies, and airports. Furthermore, components, suppliers, and practices are frequently shared between consumer-grade devices and those with more severe consequences, such as cars, medical devices, and trains.
I Am The Cavalry is paving pathways among disparate stakeholder communities, building on the work of others who have come before, so the hacker community can more readily engage where bits and bytes meet flesh and blood. It is our goal that the World Economic Forum’s Council on the Connected World, and similar groups, will seek out hackers and bring them to the table for future conversations and that hackers know how to engage in these conversations and trust others in the cyber ecosystem.
This latest Statement of Support is an important step in connecting hackers and other diverse stakeholders so we can be safer, sooner, together.