“Security by Labeling”
Communications of the ACM, September 2022, Vol. 65 No. 9, Pages 23-25
By Andreas Kuehn
“Consumer cybersecurity can no longer be ignored.”
Empowering consumers to make risk-informed purchasing decisions when buying Internet-of-Things (IoT) devices or using digital services is a principal thrust to advance consumer cybersecurity. Simple yet effective labels convey relevant cybersecurity information to buyers at the point of sale and encourage IoT vendors to up their cybersecurity game as they now can recoup their security investments from risk-aware buyers. These dynamics benefit consumers and the industry alike, resulting in better, more resilient cybersecurity for all.
Consumers are insufficiently aware of risks emanating from IoT and are ill-equipped to manage them. For all the much-heralded benefits of consumer IoT to come true, the industry must ensure all the smart home appliances, connected thermostats, and digital services are secure and can be trusted. The industry has for long been criticized for not paying sufficient attention to the cybersecurity of its products. Concerns over security were pushed aside, yielding precedence to shorter time-to-market and higher corporate profits. Less time for testing translates into insecure products in residential homes.
The full cost of insecurity is on display when consumers, industry, and governments must respond to and clean up after cyber incidents. The toll of consumer cybercrime alone adds up to more than 100 billion USD per year globally. The industry, with support from government, must find ways to put IoT security front and center and make the necessary up-front investments that enhance consumer cyber-security and lower cost to everyone.
About the Author:
Andreas Kuehn is Senior Fellow at the Observer Research Foundation America, Washington, D.C., USA