ICSA Labs, nowadays a division of Verizon, has a long history in the world of testing and certification (and is a longstanding member of AMTSO). The company has come up with rather a good idea: security certification for the disparate range of devices and sensors that make up the Internet of Things. There’s no doubt that anything that might help in raising IoT security standards is worth a cheer or three.
Unfortunately, at the time of writing I can’t seem to access the ICSA Labs web site, but there’s an article by Richard Chirgwin for The Register that goes into a little more detail – ICSA Labs wants IoT industry to seek security certification – though he’s sceptical as to how much interest there’ll be. The article links to an announcement here, and a white paper describing the programme here, and I’ll be taking a look at those as soon as I can.
Chirgwin also mentions a somewhat similar programme announced by the Underwriters Laboratories (UL): UL Launches Cybersecurity Assurance Program. The announcement claims that:
New UL 2900 Series of Standards Offer Testable Cybersecurity Criteria for Network-Connectable Products & Systems
Clearly also worth a look.
I may come back to this topic in the near(-ish) future.