Tag Archive for: standards

The U.S. Government is Creating Security Standards for IoT Devices



The U.S. Government is Creating Security Standards for IoT Devices
The U.S. Government is Creating Security Standards for IoT Devices

A new security bill is awaiting signature by President Trump. It directs the National Institute of Standards and Technology (NIST) to create minimum cybersecurity standards for IoT devices owned or controlled by the U.S. government. The standards will include use and management of IoT devices, as well as coordinated disclosure of vulnerabilities.

Let’s take a look at how the security bill will benefit organizations that use IoT devices.

 


Bringing (some) order to IoT device security chaos


The lack of security standards has been an issue since IoT devices became popular a decade ago, with their widespread usage outpacing the industry’s ability to agree on how to protect them.

The failure to agree hasn’t been for lack of trying. For the last few years, several industry and government groups created standards to improve interoperability and security of IoT devices, including:


In spite of these groups’ efforts, there hasn’t been sufficient incentive for the industry to align around a single set of standards. The result has been a patchwork of guidelines that address only some aspects of IoT device security.

For example, the European Union Agency for Cybersecurity (ENISA) performed a gap analysis on the existing standards related to IoT security and found that “…it is possible to deliver a device to the market that can authenticate its user, that can encrypt data it transmits, that can decrypt data it receives, that can deliver or verify the proof of integrity, but which will still be insecure.”

The current lack of standards on IoT vulnerability reporting and handling means that vendors aren’t under any obligation to disclose or remediate vulnerabilities, leaving millions of vulnerable devices at risk of…

Source…

Insecure IoT devices could be banned and destroyed if they fail to meet UK security standards

IoT devices could be banned from sale and destroyed if they fail to meet basic security standards, according to proposals put forward by the UK Government.

Read more in my article on the Bitdefender BOX blog.

Graham Cluley

Why Are Internet Security Standards Badly Deployed and What to Do About It?

In 2019 under the aegis of the Internet Governance Forum, a pilot project was conducted into the causes of and solutions for the, in general, slow deployment of internet security standards. Standards …
internet security – read more

NIST seeks industry feedback as Internet of Things cybersecurity standards take shape – Federal News Network

NIST seeks industry feedback as Internet of Things cybersecurity standards take shape  Federal News Network

The internet of things covers a wide range of devices, from smart speakers to medical devices, but the National Institute of Standards and Technology is looking …

“internet security news” – read more