By Mark Walker, Director, Technology Policy at CableLabs
One of the main pillars of the Open Connectivity Foundation (OCF) is security. Security is foundational to the sustained growth and adoption of IoT. Without sufficient security, connected devices pose a risk to end users and networks alike, providing ready fodder for nefarious actors to exploit. As a foundation of more than 400+ members, the OCF is continuously and tirelessly striving to create secure, reliable, and interoperable IoT for all. One of the many ways in which we are doing this is working with other organizations and providing our expertise and input to help drive increased IoT security, including the recent C2 Consensus on IoT Devices Security Baseline Capabilities, released by the Council to Secure the Digital Economy (CSDE) and spearheaded by the Consumer Technology Association (CTA).
The CSDE brings together companies from across the information and communications technology sector to “combat increasingly sophisticated and emerging cyber threats through collaborative actions.” This recent Convening of Conveners (C2) project brought together more than 20 trade associations, standards develop organizations, and industry alliances to come to agreement on both recommended and, in our case, currently-enabled security capabilities that will help address and mitigate the security threats facing the ever-growing and evolving IoT.
Collaboration is key to evolution and improvement. That is why the OCF was so pleased to work with CTA and CSDE on this project. Through our relationship with these organizations, we were able to provide our expert insights and work with some of the biggest players in the IoT industry to bring about a consensus of baseline capabilities that will drive the global market for IoT toward increased security. We not only contributed our technical materials, but our advice, support, and recommendations, including an annex to the C2 document that maps the OCF specification to the C2 Consensus security capabilities. This annex includes the following capabilities:
This annex includes details on which release of the OCF Specification currently applies to each of these capabilities and what each capability does to secure different aspects of the IoT. By providing this annex of capabilities that the OCF currently maps to and enables within the specification, the OCF is not only sharing our thoughts on what the IoT industry should be doing, but we are actually implementing and providing these capabilities today through our publicly available specification and open source implementation – IoTivity.
As IoT continues to evolve, so will the security issues it faces. No matter how small a device is, the consequence of a compromise can be substantial. By convening and sharing their expertise, groups like the OCF are seeking to address these security risks. Developing IoT security cannot be brought about by any single actor in the industry. We believe that the future of IoT will be built on cooperation, collaboration, and consensus.
Download the full C2 Consensus on IoT Devices Security Baseline Capabilities today.