When it comes to the Internet of Things (IoT), there is no more prevalent concern than security. And that concern holds water. According to Gartner Research, there are an estimated 8.4 billion IoT devices in use and the company expects that number to exceed 20 billion by the year 2020. With those sorts of numbers, security should stay at the forefront.
But, as pointed out in a recent article from Nextgov, the industry lacks universal cybersecurity standards for the internet-connected devices it creates. Some lawmakers believe that by “adopting cybersecurity standards for the internet-connected devices it purchases, the federal government can drive the tech industry into building safer and better-protected products for the internet of things.”
The federal government in the United States holds an incredible amount of influence in addressing this cybersecurity disparity. They believe the root cause is a lack of incentive to spend time and resources on safe products with a high level of security. Considering they are one of the bigger customers in this space, their opinion brings weight. As such, there is legislation in the Senate that would require IoT devices to meet a number of basic cyber hygiene and security standards before federal agencies can purchase them. The hope is that this legislation will push IoT development companies to ensure their product security is up to snuff to win those federal contracts.
According to Nextgov, in a meeting to discuss what these guidelines should look like, “Witnesses stressed device patching as one of the most important aspects of IoT cybersecurity. Many devices on the market lack the basic capability to have software and systems updated to close any exploitable security holes, said Ray O’Farrell, chief technology officer at VMware. A simple patching requirement would’ve completely eliminated the WannaCry malware attack that crippled hundreds of thousands of computers around the world, he noted.”
While there is no way to secure every device from every attack, being able to catch the majority of problems and having the ability to catch and fix them as they arise is an obviously critical step.
Regular readers of this blog know that we’ve touted time and again (link to IoT security blogs) the need for top-level security with IoT devices. And we believe the best way to find that security it through standards developed in an open and transparent forum – particularly if it abides by the Modern Standards Paradigm.
How do you feel about the government’s involvement in IoT device security? Will it help or hinder the cause? Leave your thoughts below!