IoT Cybersecurity Act places security onus on device makers
The IoT Cybersecurity Act is a good start for IoT pros to implement more security features on devices. However, securing assets through proactive measures, including vulnerability assessments and disclosure programs are options that could back the wider builder community in the fight against bad actors.
Signed into law in December 2020, the bipartisan legislation forces any Internet of Things (IoT) device purchased with government money to meet minimum security standards.
While the law means governments can expect more secure IoT devices, the onus is on builders and device makers to bolster device security.
Builders Need to Act Now to Secure Devices
Implementing security measures has become more essential for those supplying to the government, even though the wider IoT landscape is sometimes characterized as the Wild West given its lack of rigorous, common security standards.
Despite that, however, it is critically important that device makers implement cybersecurity measures now, stressed founder and CEO of IoT security software company BG Networks, Colin Duggan. He warned that IoT devices are prime targets for malicious activity.
There is absolutely no doubt that now and in the future criminals and adversarial nation states are looking for and exposing weaknesses in IoT devices that are networked connected – just like they are currently exposing weaknesses in IT systems, he said.
Duggan suggested that malicious actors constantly test the limits of their targets .The recent Verkada security camera hacks highlight that these actors don’t need clear motive intent behind them, as an alleged ideological viewpoint drove a desire to penetrate devices.
The U.S. National Institute of Standards and Technology (NIST) has laid out the Cybersecurity Framework, but it isn’t a one-size fits all approach.
To read the complete article, visit IoT World Today.