Mirai and being drafted into botnet armies and misused to launch DDoS attacks.
“This specification can significantly increase the IT security level of these devices. In this way, we are systematically continuing the path we have taken with the Router-TR (“Technical Guideline”) to better protect end users and the Internet infrastructure,”stated BSI President Arne Schönbohm.
In addition, he added that this would “create a valuable basis for designing the IT security label introduced by the Federal Government in the course of the IT Security Act 2.0.” Yes, it sounds like smart devices may get a security sticker somewhat similar to the energy efficiency that comes on your refrigerator, dishwasher, or even your car
Schönbohm also added that there is the possibility that they would transfer their new specs over to a European standardization project. This statement raises a few questions. Germany is already a bit behind on setting smart device standards. Earlier this year, the Technical Committee on Cybersecurity of the European Telecommunications Standards Institute released ETSI TS 103 645, 16 pages of security standards for the Internet of Things. This built on an earlier effort by a UK government agency. It is certain that there will be an overlap on much of the new specs with those of the 13 suggested guidelines in the ETSI proposal. For example, for making IoT smart devices more secure such as “no default passwords” and “communicate securely.”
“It is not going to be a fast implementation of either standard, but it is certainly a start and a good move for really everyone.” said Andrei Petrus, IoT Director at Avira. “I’m especially interested in their efforts to promote security-by-design and security-by-default. So far, we’ve seen that IoT device manufacturers are ready to overlook the security basics in their rush to market. It’s time for recognizable standards.”