By Katherine TeitlerRenegadesEarlier this week senators Mark Warner, Cory Gardner, Ron Wyden, and Steve Daines introduced a bill aimed at improving Internet of Things (IoT) device security. Long considered a problem amongst security practitioners, the cybersecurity of unmanaged internet-connected devices has risen to a level of public interest. As such, a bipartisan set of senators, with a little help from advocacy groups in the private sector, has put forth legislation that would establish guidelines for federal agency procurement of anything IoT, be it “smart” lighting, HVAC, physical security equipment, or myriad other internet-connected device types.In a succinct one-page summary, Senator Warner highlighted that, “This legislation is aimed at addressing the market failure by establishing minimum security requirements for federal procurements of connected devices.” IoW (In other words), IoT has been allowed to proliferate without significant attention paid at the design and manufacturing levels to cybersecurity consequences, yet any internet-connected device poses a risk to its users. This is not new news to the security community, and in fact, long before “IoT” was a buzzword, security professionals were touting the dangers of unmanaged technology to the masses. But back in 2013, when this segment featuring David Kennedy on the Katie Couric Show aired, security teams had some modicum of say in the technology used by the corporations that employed them. With IoT, and every product on the planet being built with internet-connected capabilities (I, personally, was just gifted a pet cam that not only allows me to watch my pet at home while I am in the office or traveling, but also allows me to record video if he does anything cute, talk to my pet, and dispense treats on demand), security is rarely involved in R&D conversations. Almost without exception, decisions around new product development happen in very different areas of the company. Just because products are now being developed with internet connectivity, business processes haven’t changed, leaving security (once again) as an afterthought. What this means is that devices are shipped to consumers with little to no security integrated, and consumers are left woefully unaware or unprepared.
Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Governance, Risk and Compliance, Compliance Management, Industry Regulations, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security
Will the Latest (Proposed) IoT Legislation Make a Difference?
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



