IT security labels for digital devices?

28. June, 2021

Improved consumer protection is one of the core objectives of the first BSI report specifically focused on consumers for digital security and data protection. One way to achieve this could be via an IT security label to support end users in their purchasing decisions for digital products such as smart home systems or digital assistants.[1] Cybersecurity in healthcare was selected as a particularly topical application area. A detailed look at various healthcare applications was already published in May.[2]

The “digital consumer”

The daily use of apps on smartphones or tablets and the now all-pervasive data processing in all kinds of systems and gadgets pose new dangers and challenges. From smart home systems to fitness wristbands, Alexa or Siri to cars, more and more systems are equipped with IoT functions. Two essential components here are data protection and IT security. Every user becomes a source of data that usually does not seem transparent and controllable for the individual.

More security incidents on the Internet of Things

During the 2020 review period, security incidents related to apps and IoT applications were increasingly reported. The largest collections of potential vulnerabilities have become known under Ripple20 and Amnesia33. The BSI report assumes that although awareness is increasing, the increased integration of IT functions and data processing via cloud/internet will lead to a sharp rise in security incidents.

 “Security by Design “

Suppose the BSI has the decision, as many products as possible should have an IT security label in the future. The security features of IT devices should be recognizable to users. Manufacturers must take security aspects into account as early as the product development stage and integrate them fixedly. The safe operation must be made possible over the service life of the device.[3]

Currently, the situation is mostly humble: Once delivered, updates are often not provided for “smart” devices, or the process is too burdensome and too complex for standard users. An IT security label seems a sensible way to enable users to make an informed choice. Of course, quality and implementation are essential here so that users are not lulled into a false sense of security in the worst case. The BSI argues, “Digitization can only succeed if information security is thought through from the start.” Ideally, this applies to manufacturers and curricula to introduce future users to the conscious and secure use of networked devices.

Sources:

[1] https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/dvs-bericht_2020.pdf?__blob=publicationFile&v=6/

[2] https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/gesundheitsapps.pdf?__blob=publicationFile&v=2/

[3] https://www.computerweekly.com/de/ratgeber/IT-SIG-20-Was-bringt-eine-Sicherheitskennzeichnung/

HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download