국가전략정보포털

Title page

Contents

EXECUTIVE SUMMARY 4

ACKNOWLEDGMENTS 4

1. INTRODUCTION 6

The Current State of IoT Risk 7

IoT Products, Industry Segments, and Their Insecurity 9

2. POLICY CHALLENGES TO ADDRESSING IOT RISK 11

UK: Mandatory Minimum Security Standards 11

Singapore: IoT Product Labeling 12

US: State Initiatives & Government Procurement 13

Australia: Starting with Voluntary Best Practices 14

Industry: Certification Models and Security Standards 15

Summarizing Challenges 18

State IoT Security Challenges 18

Private Sector IoT Security Challenges 19

User IoT Security Challenges 20

3. CREATING A SYNTHESIZED FRAMEWORK 22

4. TOWARD A CONSOLIDATED APPROACH 26

Overcoming Widespread Risks 26

The Shape of a Consolidated Approach 27

What Does the Label Look Like? 29

A Note on Ambitions 30

5. RECOMMENDATIONS 31

Measuring Success 39

What's Next for Labeling 40

CONCLUSION 41

APPENDIX 1. COUNTRY-SPECIFIC IMPLEMENTATION PLANS 42

UK 42

Singapore 43

Australia 44

United States 45

Table 1. Challenges with Current IoT Security Models 18

Table 2. Synthesized IoT Security Framework 22

Figure 1. Thirteen Principles of Consumer IoT Security 11

Figure 2. Singapore's CLS Four Security Provisions Tiers 13

Figure 3. Overview of the IoT Cybersecurity Improvement Act of 2020 15

Figure 4. Overview of Government and Industry Frameworks 24

Figure 5. Overview of IoT Security Tiers 28

Figure 6. Overview of Actors and Actions to Improve IoT Security 31

Figure 7. Setting the Baseline of Minimally Acceptable Security (Recommendation 1) 32

Figure 8. Setting the Baseline of Minimally Acceptable Security (Recommendation 2) 33

Figure 9. Incentivizing Above the Baseline (Recommendation 3) 35

Figure 10. Incentivizing Above the Baseline (Recommendation 4) 36