"Google Proposes List of Five Principles for IoT Security Labeling"

Google has proposed a set of five principles for Internet of Things (IoT) device security labeling, with the goal of increasing security and transparency for Internet-connected electronic devices. While acknowledging that there has been increased focus among policymakers, partners, developers, and public interest advocates in the last year, Google points out that IoT product labeling has been lacking, including in the definition of labeling. Other areas of concern and debate include what labeling should convey to consumers regarding security and privacy, where the label should be located, and how to achieve consumer acceptance. Under Google's proposed standards, a label or a digital representation of the product's security or privacy status must be printed to inform consumers. A labeling scheme should define, manage, and monitor label use, whereas an evaluation scheme should publish, manage, and monitor digital product security claims against security requirements and related standards. According to Google, the five principles, which begin with a printed label, should not imply trust. Digital security labels must be "live" labels conveying security and privacy status on a centrally maintained website, ideally on the same site that hosts the evaluation scheme. Google says a physical label should only be used if it encourages users to visit a website to get real-time status. Labels must also reference strong international evaluation schemes, ensuring that the level references security, privacy status, and posture maintained by a trustworthy security and privacy evaluation scheme. In order to establish an important minimum bar for digital security, a minimum security baseline must be combined with security transparency. Google's fourth proposed principle is that broad-based transparency is as important as a minimum bar. The final principle is that without adoption incentives, labeling schemes are useless. Google proposes national labeling schemes, with mandates capable of driving improved behavior at scale when they reference broadly acceptable, high-quality standards and schemes developed by nongovernmental organizations. This article continues to discuss Google's proposed list of five principles for IoT security labeling. 

SiliconANGLE reports "Google Proposes List of Five Principles for IoT Security Labeling"