IoT Insider Editor Kristian McCann speaks with Jason Blake, IOT Security Certification Manager at IASME, on the incoming regulation coalescing around IoT security standards across the world.
Blake has a varied background, ranging from IT support to a prison guard. But if there is one thing that links these separate fields, it’s security. Having joined IASME in January 2023, Blake has worked tirelessly to inform companies in the UK of the upcoming regulation surrounding IoT security that they have to be aware of.
As a result, he has a deep understanding of what is over the horizon when it comes to regulation, why it has come, and what companies can do to prepare. PSTI, EU Cyber Resilience Act, US Cyber Trust Mark – all share aims of increased IoT security, but not all are implemented the same way or cover the same things, yet the reasoning for it remains clear.
“When you look at the number of IoT devices around the world, that number has grown rapidly; it’s estimated to reach 75 billion connected devices around the world by 2030. So, I think that’s where the governments thought, with this level of devices there has to be some level of control and guidance to be brought in.”
Where they differ, however is in implementation. The UK’s PSTI Bill, for instance, is mandatory, where as the US Cyber Trust Mark, is voluntary. Blake believes that the reasoning for such distinction taken by the UK government may come down to consumer understanding. A 2023 global study by Utimaco stated only only 24% of respondents thought that they’d be able to define what ‘The Internet of Things’, despite the majority of those surveyed using at least one type of smart device.
Yet Blake believes these legislations, like the PSTI bill, aren’t definitive. “PSTI took the top three recommendations from the 13 ETSI standard and put them in the bill,” says Blake. “Yet, one thing I think it could have done with is taking more consideration on the resilience of these devices.”
Blake points out to the fact that some devices, like smart locks, should have a base level of operation. For instance, if someone has smart locks on their home, and there is a power outage, that person may be locked out of their home. Therefore, IoT devices maintaining a certain level of function during that power outage, is important, Blake asserts.
In the podcast, Blake goes on to discuss other things legislation would bring, like longer support of smart devices software, greater device security, and examples of good, bad, and best practice for companies trying to conform to the legislation.
Jason Blake will in October be hosting a Webinar with a panel of IoT experts where they further discuss the upcoming legislation.
Incoming IoT regulation: the whats, whys and whens – IoT Unplugged
If the idea of appearing on the podcast to talk about IoT inspires you, feel free to reach out to us and pitch a topic you want to talk about and help us unplug the potential of IoT and explore the limitless opportunities it presents.