This post is also available in: עברית (Hebrew)
While IoT devices and the data they collect and transmit present enormous benefits to consumers and industry, the relative insecurity of many devices presents enormous challenges. Sometimes shipped with factory-set, hardcoded passwords and oftentimes unable to be updated or patched, IoT devices can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack.
The nature of these threats is illustrated by the Mirai botnet attack, in which simple, unsecured devices such as IP cameras were turned into remotely controlled ‘bots’ to perform large-scale Distributed Denial of Service (DDoS) network attacks that managed to make much of the Internet unavailable for millions of people. These devices were easily taken over in part because their owners had not changed their passwords from the defaults hardcoded by the manufacturer, according to the IoT Security Foundation.
In the face of these increasing security threats, the US government has launched efforts to regulate IoT security. Two major initiatives were taken during 2017:
The 2017 Cyber Shield Act would require IoT devices to be labeled with a security grade.
It was introduced to help the IoT industry focus on making their products more secure through voluntary certification. The program would lead to the establishment of a committee to identify the best practices, methods, procedures, and processes for IoT security. Critics say the act will not be useful in increasing cybersecurity in IoT devices, however, it could succeed at least in raising awareness of the issue, according to allaboutcircuits.com.
The other initiative is the 2017 IoT Cybersecurity Improvement Act introduced in August. The Act specifically addresses the security of connected devices purchased by the U.S. government and contractors’ responsibility to maintain this security, according to allaboutcircuits.com.
Under the terms of the bill, vendors who supply the U.S. government with IoT devices would have to ensure that their devices are patchable, do not include hard-coded passwords that can’t be changed, and are free of known security vulnerabilities, among other basic requirements.
The bill also promotes security research by encouraging the adoption of coordinated vulnerability disclosure policies by federal contractors and providing legal protections to security researchers abiding by those policies, according to warner.senate.gov.
The latest technological innovations in the IoT field in defense, security and law enforcement, smart city/safe city, industry, etc. will be the focus of the forthcoming IoT 2017 Conference and Exhibition organized by iHLS.
The event that will be held on December 25th, 2017 at the Lago Conference Center in Rishon LeZion will serve as a meeting point to all the leading members of the IoT ecosystem in Israel and abroad: experts, industries, startups and entrepreneurs, integrators, and officials from the defense and security, law enforcement and first responders sectors, and many more.