India must take a cue from Europe and Singapore to adopt the best IoT security standards
As the IoT device market picks up—India is also witnessing an explosion of smart refrigerators, smart home security systems, robotic cleaners, smart speakers, etc, especially after the pandemic—there is a need to define what standards devices must follow. (Representative image)
With internet usage deepening as well as getting wider, the government should require manufacturers of digital devices to display security ratings, quite in the manner companies are asked to display energy efficiency. Security standards are yet to become mainlined in quality standards for devices—Europe announced such standards for consumer IoT devices only last year, while Singapore talked of assigning labels based on security testing only earlier this year. The European standards mandate removal of universal passwords from all devices, while the Singaporean ones mandate a four-stars system, wherein devices passing basic security checks get one star. Devices that have passed penetration testing get four.
As the IoT device market picks up—India is also witnessing an explosion of smart refrigerators, smart home security systems, robotic cleaners, smart speakers, etc, especially after the pandemic—there is a need to define what standards devices must follow. More important, these devices are also storing and collecting more information about the user and relaying it back to device manufacturers. Take the case of smartwatches or other wearables that collect critical health information about users. This certainly calls for security compliance to ensure user data privacy is actively protected. In an article in this newspaper, Kanishk Gaur had highlighted that the risks for Indian consumers are far greater as most devices are imported from countries like China, especially when industry IoT growth is expected to outpace consumer IoT. With consulting firm Zinnov expecting Indian IoT devices to grow tenfold, to 2 billion by 2021, and the market to soar to $15 billion, there is an urgent need to define standards. This will ensure that companies and consumers increasingly reliant on digital technologies are not left vulnerable to attacks.