The IoT Trust Framework is only a draft right now, but has potential if it manages to gain support among manufacturers

Sep 5, 2015 09:17 GMT  ·  By

The Online Trust Alliance, an informal industry group and charity organization, has announced it will be releasing a special framework that aims to aid manufacturers in creating safer IoT-capable (Internet of Things) devices.

This new framework, named the IoT Trust Framework, is still a draft right now, and companies and organizations are encouraged to join and help shape its content with their expertise.

The Internet of Things is not at all protected

This is extremely needed right now since IoT manufacturers seem to have a problem with securing their smart devices. Only in recent months, hackers and researchers hacked their way into sniper rifles, electric skateboards, gas stations, fridges, baby monitors, and smart cars.

Even John McAfee, founder of McAfee antivirus, has mentioned the weak state of the IoT industry in his recent Reddit AMA, calling it "a dangerous situation."

Because of these very same concerns, previously this week, automobile makers in the US united to create an Information Sharing and Analysis Center (ISAC) to prevent and help mitigate attacks on their infrastructure and Internet-enabled cars.

This comes on the trail of a June announcement, when the World Wide Web Consortium (W3C), responsible for Web standards like HTML and CSS, also set up a new division for the "exploration and creation of dedicated security standards for technologies used inside Internet-connected cars," through its Automotive Working Group.

So what is the IoT Trust Framework?

While right now the IoT Trust Framework is nothing more than five pages of text inside a PDF, this is about the most advanced action anyone has ever taken into improving the security of IoT devices, overall.

These attempts at trying to establish security standards for the IoT domain show that manufacturers have realized the (legal) danger in which they're putting themselves by not creating properly protected products.

The IoT Trust Framework aims to improve overall IoT security by putting a set of standards in place. These deal with the encryption of any personal information, the proper disclosure of privacy policies and the storage of personal data, along with the enforcement of penetration tests for each product before release.

Additionally, the framework also deals with breach response mechanisms, how security updates will be handled, and how passwords should safely be recovered.

While very generic right now, the IoT Trust Framework can serve as a guideline for any manufacturer that wants to slap a network interface on a toaster, and start calling it a smart toaster, without thinking he may expose the customer's home to various types of Internet-based attacks.