The growing adoption of Internet of Things (IoT) technology affects consumers around the world in significant ways. Not only are we becoming more deeply connected through IoT devices, we’re now putting more of our lives and trust in the hands of digital technology. Yet, the IoT industry still lacks a global harmonized way for measuring the security quality of connected products, which means consumers may not have the visibility they need into whether their IoT devices protect their data.
Today, Google participated in a White House strategic discussion on IoT Security Labeling to discuss the future of connected device security and shared additional steps we’re taking to secure more of our IoT products.
IoT security today is in the early stages of standardization. We are encouraged by the US government’s efforts to accelerate that process, and to give people more transparency in the security of the IoT products they use every day. Achieving standardized security best practices and consumer transparency at scale could be a tide that raises all boats – giving consumers the ability to understand the level of security in IoT products, choose accordingly, while driving demand for “healthier” security choices from IoT device manufacturers.
Moving IoT security and transparency forward
Since Google began our "helpful home" IoT device journey over a decade ago, we’ve learned a lot and continue to work to deliver even more helpful and secure connected devices — and the software that supports them — to our users. Today, we are excited to announce additional steps that we’re taking to make connected IoT devices safer for consumers.
- Google is helping lead industry efforts to create a functional, clear, and harmonized cybersecurity label for IoT devices that can help consumers make better device decisions, in an ongoing dialogue with government leaders in cybersecurity, including at NIST, CISA and the White House.
- Google is extending its commitment to conduct security assessments to Fitbit devices. Announced last year for Nest and Pixel devices, we validate the security of our devices and publish the results. This gives consumers even more transparency by allowing them to review the results while demonstrating our commitment to developing the strongest security protections for our users across all of our IoT products.
Our unwavering commitment to security
We don’t take these commitments to security and transparency lightly. We see these steps as an opportunity to increase transparency and help improve the cybersecurity baseline for the entire ecosystem. And we’ll continue to encourage the community to leverage the security enhancements we continually make to the operating systems we maintain, the open source libraries and tools, and our first-party products which often act as reference implementations to help our broader ecosystem steadily improve their cybersecurity hygiene.
We’re also committed to partnering with organizations working to advance IoT security. Google welcomes the approach taken by the Connectivity Standards Alliance (CSA) to build a harmonized global certification program that addresses the requirements set forth in the major global IoT baselines. We believe a global and harmonized approach will raise the bar on IoT security for both enterprise and consumer devices.
As the IoT market continues to mature and adoption grows, we look forward to working with U.S. policymakers, industry partners, developers and public interest advocates to drive strong, standardized IoT security practices and transparency for everyone.