In today’s interconnected world, the Internet of Things (IoT) is ubiquitous. With this growth comes increasing exposure to security threats and exploitation attempts by malicious actors, threatening customers ranging from critical infrastructure operators to residential consumers who rely on IoT devices for safety and communications. The U.S. government’s recent Executive Order (EO), “Improving the Nation’s Cybersecurity,” responds to these risks in part by introducing cybersecurity labeling for consumer IoT products, offering vendors a clear and universal way to inform purchasers of their products of the security features and capabilities present in those products, as well as a living mechanism to quickly access information about any vulnerabilities affecting those products. By making security information more accessible to consumers, this program will lead to more informed consumer IoT purchasing decisions and improved security across a landscape we increasingly share.
Recognizing the evolving threat landscape, Semtech continually expands and refines our Secure Development Lifecycle Programs to keep ahead of malicious actors, as well as operating a Vulnerability Management Program to ensure vulnerabilities in our products are addressed responsibly. Through our engagement with HackerOne (www.hackerone.com) to support responsible reporting of vulnerabilities and our certification as a CVE-Numbering Authority (CNA), Semtech demonstrates our continual commitment to ensuring the security of our products and our customers throughout their lifecycle. Both programs, along with our other cybersecurity initiatives, are well-aligned with the new cybersecurity labeling initiative, which makes it easier for responsible companies committed to the security of its products to empower customers with critical knowledge.
Semtech is committed to the continuous improvement of security across the sectors we support and the devices and components we manufacture. We strongly support this EO and the cybersecurity labeling for consumer IoT products and are committed to working with the U.S. government and our industry peers to define and support the criteria and conventions around cybersecurity labeling. Through the leadership of the U.S. government and the cooperation and partnership of responsible IoT manufacturers, this standard can be widely adopted in a form that reflects the spirit of the order and brings real security value to consumers.
Engaging with industry partners and governments is not new to Semtech, as evidenced by our collaborations with CISA, the Canadian Center for Cyber Security (CCCS), Infragard, CERT/CC, and consortiums like GSMA. Embarking on this journey alongside the U.S. government and others in our industry will support the continued strengthening of cybersecurity across the IoT landscape and will ensure Semtech’s products are prepared for the cybersecurity requirements of the future.
Semtech and the Semtech logo are registered trademarks or service marks of Semtech Corporation or its subsidiaries.