Despite new act brought to the Senate, the Internet of Things still poses a security threat to users.
The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 bodes well for the future of IoT security – but for now, both private and professional users need to make an effort to enhance their security, or otherwise be left vulnerable.
More and more users are buying Internet of Things (IoT) devices for their homes and workplaces, and even devices that they carry with them, that require a connection to the Internet; and typically, that connections provided via wireless, such as WiFi or Bluetooth connection.
The ever-expanding network of IoT devices offers a range of convenient benefits to consumers, and offers exciting applications in the business world as well, from office space management to agriculture weather monitoring.
But at the same time? IoT devices are becoming a more and popular target for cybercriminals.
What is the Internet of Things and how could it be unsafe?
A popular new arena for technology, it’s estimated that there will be 64 billion IoT devices worldwide by 2025. IoT is a natural evolution of the Internet, consisting of a myriad of new “smart” and “connected” products and technologies for the commercial, consumer, and government environments.
As a so far unregulated aspect of the IT world, IoT devices have been developed with minimal or nonexistent security features, despite the fact that they often connect over networks to sensitive data.
Whether it’s a smart fridge in the home, a smart display sign out front of a McDonalds, or the smart console in a user’s car, IoT devices are a part of a network and have to be treated the same as other network devices.
That is, they need the same level of security and scrutiny applied to them as one would a server, a desktop computer, or mobile device used in the workplace.
Is anything being done to secure IoT devices?
New this year, the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 has been introduced in the senate and house of representatives, mandating the follow security standards for IoT devices:
- Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices.
- Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, and charge OMB with reviewing these policies at least every five years.
- Require any Internet-connected devices purchased by the federal government to comply with those recommendations.
- Direct NIST to work with cybersecurity researchers and industry experts to publish guidance on coordinated vulnerability disclosure to ensure that vulnerabilities related to agency devices are addressed.
- Require contractors and vendors providing IoT devices to the U.S. government to adopt coordinated vulnerability disclosure policies so that if a vulnerability is uncovered, that information is disseminated.
How can users improve IoT security right now? Try these 3 steps to make IoT devices more secure.
Despite how well the IoT Cybersecurity Improvement Act of 2019 bodes for security efforts, Statistica estimates that only 28% of business executives are intending to invest further in IoT-based security.
Users that are concerned about the security of their IoT devices and networks can start to improve their defenses simply by treating their devices like they would any others, and follow these three key cybersecurity best practices:
Just as a user shouldn’t leave the default administrator login and password set on their router, their laptop, or other hardware, they shouldn’t do so with the smart fridge they just bought for the office break room either.
IoT users should make sure to set unique and complex passwords for all their devices and update them every 90 days.
Given that IoT devices are connected to a network, whether it’s private Wi-Fi at home or an enterprise solution at work, that network needed to be observed properly to spot any attempts by external parties to break into it.
Investing in a network monitoring solution, or outsourcing it to a third party IT Company will help to protect networks that include IoT devices.
Update and Patch Management
Just as patches and updated need to be applied for conventional software and hardware in use, the same is true of IoT devices. The firmware that these devices operate on will need to be kept up to date with the latest patches issues by developers to make sure that they are kept secure against recently discovered vulnerabilities.
While those are individual steps that users can take to enhance IoT security independently, it is potentially beneficial to approach the effort holistically, by working with a managed IoT provider. For example, Pulse is operating the first nationwide IoT network, overseeing the security of the devices as well as offering further benefits of a holistically managed network.