The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers.
Published by the German Federal Office for Information Security (BSI), the rules have been put together with input from router vendors, German telecoms, and the German hardware community.
Once approved, router manufacturers don't have to abide by these requirements, but if they do, they can use a special sticker on their products showing their compliance.
Also: Cheat sheet: How to become a cybersecurity pro TechRepublic
The 22-page document, available in English here, lists tens of recommendations and rules for various router functions and features. We possibly couldn't list all rules for this article, since some are really technical, but we selected a few of a greater importance:
These are just some of the BSI recommendations, and you'll find more in the above-linked document.
The reason why Germany is taking steps to standardize router security has something to do with an incident that took place at the end of 2016 when a British hacker known as "BestBuy" attempted to hijack Deutsche Telekom routers, but bungled a firmware update and crashed nearly a million routers across Germany.
The BSI's efforts to regulate SOHO routers haven't pleased all parties involved. In a blog post last week, the Chaos Computer Club (CCC), a well-known community of German hackers, has criticized the first draft of these recommendations, calling them "a farce."
CCC said it attended the BSI meetings on this topic together with members of OpenWrt, a software project that provides open-source firmware for SOHO routers, and they say telecom lobby groups have put considerable effort into sabotaging the rules as a whole.
The two groups raised two issues that they say were not included in the BSI recommendations, rules that were of crucial importance.
Also: The best facial recognition cameras you can buy today CNET
One was that all routers should come with an expiration date for the firmware that must be visible to users before they purchase the device. Second, after the vendor stops supporting a model's firmware, vendors should allow users to install custom firmware on abandoned and EOL devices.
Talks on the BSI rules are expected to continue. In October, the state of California passed state legislation that established a strict set of rules for passwords used by Internet-connected (IoT) devices, marking this the first IoT-specific regulation in the world. While Germany isn't passing official laws, it will become the first country that tries to pass any kind of router-specific guidelines.