SemtechのIoTサイバーセキュリティへの取り組み
27 July 2023 / by Semtech Product Security
今日の相互接続された世界では、モノのインターネット (IoT) が広く普及しています。この成長に伴い、悪意のある攻撃者によるセキュリティの脅威や悪用の試みにさらされる機会が増え、重要なインフラストラクチャオペレーターから、安全性と通信のためにIoTデバイスに依存している住宅消費者に至るまで、さまざまな顧客を脅かしています。「国家のサイバーセキュリティの向上」に対する米国政府の最近の大統領令 (EO) では、消費者向けIoT製品にサイバーセキュリティラベルを導入することでこれらのリスクに一部対応し、ベンダーがこれらの製品に備わっているセキュリティ機能や性能について、購入者に明確かつ普遍的な方法で情報を提供し、これらの製品に影響を及ぼす脆弱性についての情報に迅速にアクセスするためのメカニズムを提供します。このプログラムは、消費者がセキュリティ情報にアクセスしやすくすることで、消費者がより多くの情報に基づいてIoTを購入する決定を下し、共有が進む環境全体のセキュリティ向上につながります。
Recognizing the evolving threat landscape, Semtech continually expands and refines our Secure Development Lifecycle Programs to keep ahead of malicious actors, as well as operating a Vulnerability Management Program to ensure vulnerabilities in our products are addressed responsibly. Through our engagement with HackerOne (www.hackerone.com) to support responsible reporting of vulnerabilities and our certification as a CVE-Numbering Authority (CNA), Semtech demonstrates our continual commitment to ensuring the security of our products and our customers throughout their lifecycle. Both programs, along with our other cybersecurity initiatives, are well-aligned with the new cybersecurity labeling initiative, which makes it easier for responsible companies committed to the security of its products to empower customers with critical knowledge.
Semtech is committed to the continuous improvement of security across the sectors we support and the devices and components we manufacture. We strongly support this EO and the cybersecurity labeling for consumer IoT products and are committed to working with the U.S. government and our industry peers to define and support the criteria and conventions around cybersecurity labeling. Through the leadership of the U.S. government and the cooperation and partnership of responsible IoT manufacturers, this standard can be widely adopted in a form that reflects the spirit of the order and brings real security value to consumers.
Engaging with industry partners and governments is not new to Semtech, as evidenced by our collaborations with CISA, the Canadian Center for Cyber Security (CCCS), Infragard, CERT/CC, and consortiums like GSMA. Embarking on this journey alongside the U.S. government and others in our industry will support the continued strengthening of cybersecurity across the IoT landscape and will ensure Semtech’s products are prepared for the cybersecurity requirements of the future.
Semtech and the Semtech logo are registered trademarks or service marks of Semtech Corporation or its subsidiaries.
