Seems non-sensical as a title but this is the conclusion that months of work have led to. What appeared a year ago like a novel idea to work on a trustmark for #iot looks more like one of a multitude of players in the space. So far we have found trustmark-like efforts everywhere. This includes:
Statements of intent, blog posts & manifestos
- Adafruit IoT Bill of Rights
- Adam Greenfield’s Everyware Principles
- Arduino IoT Manifesto
- Thingscon Trustmark for IoT
- Better Things
- Calm Technology Principles
- IoT Manifesto
- Seimens Charter of Trust
- Crowdsupply Proclamation of User Rights
- doteveryone trustworthy tech mark
- ENISA Baseline Security Recommendations for IoT
- Automotive Cyber Safety Program
- Ind.ie ethical design manifesto
- IoT Security Foundation Principles
- Making of an IoT Trustmark
- Secure by Design paper by DCMS
- Securing consumer trust in IoT by Consumers International
- Security Checklist for IoT by Particle
- Seven propeties of highly secure devices by Microsoft Research
- IoT Privacy Certificates by TÜV Rheinland
- IoT Security recommendations by Projects by If
Registered trustmarks or standards
- IoT Security Foundation Best Practice User Mark
- BSI’s Kitemark
- IEEE Standard for Harmonization of Internet of Things (IoT) Devices and Systems
- IEEE Standard for Privacy and Security Architecture for Consumer Wireless Devices
See the whole list of what we’ve found so far. This is a bit daunting. We are an organic group of people, limited in resources but wanting to make a difference. So on June 13th at our next face to face meeting, we’ll discuss the future of the project. This is my take:
- Open #iotmark needs to be financially accessible if not free. We know most of the players in #iot are micro SMEs with little resources. Why don’t we make our principles and assessment criteria free to use and cheap to implement. That will beat certification processes which cost tens of thousands and often act as trade barriers. We want companies to do the right thing and design connected products well, why don’t we act as the one place you can plan your product for free.
- Open #iotmark should connect startups with security professionals. Much of the cybersecurity problems in #iot happen because micro SMEs don’t work with large expensive security vendors. 10 years ago you could barely find freelance electronics engineers and the #iot market created a new market for electronics graduates. Open #iotmark should kickstart this in cyber and hardware security. We should help connect freelance security experts with young #iot startups who want to implement our principles.
- Open #iotmark should champion those who implement the principles. A nice list, nothing too formal. If someone can share with us the output of our assessment criteria, we should champion them internationally, no matter who they are and where they are.
If we really want to be a useful tool for others, accessibility is key and I can’t see that happen with a formal process of certification where we have to battle it out with much more formal and expensive process. On a good day, a company that implements our principles, as they grow, will find it no trouble at all to get the other certificates, but at least we’ll be there when they have no money and no resources which is when all the design work tends to happen.
Please join us in London on June 13th to share your take on what we’re trying to do!