Trustworthy Source: Traficom in Finland has launched a cybersecurity label that guarantees labeled devices have basic information security features built in. The label can be awarded to networking smart devices if the devices meet certain certification criteria. Traficom aims to raise consumer awareness of information security and the safe use of connected devices.

Trustworthy Source: Traficom in Finland has launched a cybersecurity label that guarantees labeled devices have basic information security features built in. The label can be awarded to networking smart devices if the devices meet certain certification criteria. Traficom aims to raise consumer awareness of information security and the safe use of connected devices.

Smart Business

Cybersecurity Labeling in Finland: A Sure Sign of Safety

One approach to cybersecurity for connected consumer devices is to introduce a Cybersecurity labeling scheme to help buyers make educated choices and increase market pressure on manufacturers to meet higher standards. Finland is the first country in the EU to introduce such a scheme and it’s based on the ETSI EN 303 645 standard. The program has several features; participation is voluntary but obtaining a label relies on the product being tested by a third party.

 

Cybersecurity Labeling - LOGO

Trustworthy Source: Traficom in Finland has launched a cybersecurity label that guarantees labeled devices have basic information security features built in. The label can be awarded to networking smart devices if the devices meet certain certification criteria. Traficom aims to raise consumer awareness of information security and the safe use of connected devices.

The approach has been to set the baseline requirements, using a threat model relevant to consumers, says Saana Seppänen, senior specialist at the Finnish Transport and Communications Agency (Traficom), which administers the scheme. “We want to tackle the mass attacks that come from the networks and that make it possible, for example, to create botnets or very easily endanger privacy. At the same, if you have a lightweight product which doesn’t pose a great threat to the user, it doesn’t make sense for it to be certified in a very heavy way, so we want to tackle the most common threats without causing unnecessary cost to companies,” she says. Traficom originally considered allowing companies to self-certify, as specifed by the CSA, but “companies didn’t find it credible and our surveys found that consumers see authorities as a trustworthy source of certification, they can trust that it means something,” she explains. When it comes to impact, Seppänen says surveys have shown that consumers in Finland are very concerned about security: “Over half of the people that we interviewed said they were willing to pay more for the devices and services that were found to be secure.”

 

Over half of the people are willing to pay more for secure devices and services.
Saana Seppänen, Finnish Transport and Communications Agency (Traficom)
{bqalt}

 

Nonetheless, if an EU-wide approach to device cybersecurity is rolled out, the Finnish scheme may have to wind down to comply, admits Seppänen. Not all consumer advocates are in favor of a labeling scheme, noting that a better approach could be to ensure that all products sold to consumers are sufficiently secure, meaning there is no need for labels in the first place.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

*