Senate passes minimum security standards for federal IoT devices
The US Senate has unanimously passed a new piece of legislation that will create minimum cyber security standards for government purchased, internet-connected devices. The Internet of Things (IoT) Cybersecurity Improvement Act (H.R. 1668), introduced by Congresswoman Robin Kelly (D-Illinois), would oblige all internet-connected devices purchased by the federal government to conform to a set of min
imum security recommendations issued by the National Institute of Standards and Technology. SEE MORE Why the Internet of Things needs security by design SEE MORE Will hack-resistant chips really work? SEE MORE UK gov to offer £400k for IoT security schemes Private companies that sell devices to the federal government would also be required to notify agencies if the internet-connected device has a vulnerability that could leave the government open to attacks. The act would require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices. It would also direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines. The act would also make NIST to work with cyber security researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems. Congresswoman Kelly said in a statement that that the act would make sure that “the U.S. government purchases secure devices and closes existing vulnerabilities to protect our national security and the personal information of American families.” The legislation was unanimously approved by the House in September, and passed on the Senate floor by unanimous consent on the evening of 17 November. “While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” said Sen. Mark Warner, D-Va., in a statement. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell. I urge the President to sign this bill into law without delay.” The bill now heads to the president to be signed into law. Paul Bischoff, privacy advocate at Comparitech.com, told IT Pro that the establishment of minimum-security standards for government owned IoT devices is long overdue. “I think it was wise to put NIST, a reputable non-partisan standards body, in charge of drafting guidelines and auditing devices, as opposed to writing fixed standards into law that would only be made obsolete in a few years’ time. Although government-level security standards might not be necessary on all devices, it would be helpful for consumers and businesses to know which devices meet NIST’s standards,” he said. Andrea Carcano, co-founder at Nozomi Networks, said that this is an important first step by the federal government to help ensure IoT device makers improve the security of their products. “At the same time, you can never guarantee zero risk…that’s why enterprise and industrial organizations must put additional security measures and technologies in place to shore up their IoT security,” he said. “That includes using AI-powered solutions that can quickly identify the hundreds or even thousands of IoT devices connected to the network and assess their level of risk or vulnerability to help prioritize fixes and response. By effectively managing vulnerabilities of their IoT devices, security teams are one step closer to protecting against cyber threats and the risk of downtime due to cyberattacks.”
Date: 2020-11-20
itpro.co.uk
Almost three-quarters of businesses now use automation technologies (2020-11-25) | The number of organisations now using automation technologies has risen from just under half 48% in 2019 to almost three-quarters73% in 2020 according to new research from Deloitte This includes the use of robotics machine learning and natural language processing Deloittes survey of 441 executives from 29 countries also found that the number of organisations deploying automation at scale has incre.. |
Four ways CIOs can drive digital transformation (2019-09-20) | By now most organisations recognise the importance of digital transformation 2020 has certainly proved that it pays to have reliable yet flexible technology baked into the core of your business model Digital transformation gives CIOsan opportunity to play a crucial part in ensuring their organisations can stay relevant competitive and navigate disruption Despite the positives many CIOs struggle to.. |
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate (2020-11-25) | You wouldnt begrudge Huawei if it celebrated Donald Trumps election defeat given the damage his administrations sanctions have caused The Chinese firm is now on its third smartphone without Google Play services and its sales in the west are starting to lag There is no guarantee that the new president-elect Joe Biden will lift the sanctions but Huawei remains undaunted Its continuing to invest heav.. |
What is virtualisation? (2019-09-23) | Virtualisation is the process of taking physical computing objects such as servers and network gear and turning them into software-based alternatives These virtual equivalents help businesses reduce IT equipment expenses and physical footprint and help to increase efficiency and agility Virtualisation has transformed how businesses operate and how their employees work day-to-day Besides from freei.. |
What is blockchain? (2019-09-13) | Blockchain is one of the biggest buzz words in the tech industry but beyond the hype is a seriously disruptive technology It is a form of distributed ledger technology made famous because it is the system on which Bitcoin and other cryptocurrencies are built upon But as we are slowly finding out there is more to it than just digital money There are a number of different use cases being explored an.. What is blockchain? |
Apple looks set to launch first ARM-based MacBooks next week (2020-11-03) | Apple is reportedly gearing up to launch a new range of MacBooks that will feature the companys own processors for the first time in the 36-year history of the Mac The company on Monday announced that it will hold a special event on 10 November with an invitation that features Apples famous one more thing tagline While Apple didnt reveal any further details it looks likely that we can expectthe an.. |
What is a Trojan? (2019-08-14) | What was once the name for a wooden horse that was used to sneak Greek soldiers inside the walls of Troyis now a term that puts IT professionals on edge A Trojan often referred to as a Trojan horseis a form of malware disguised as legitimate software that either causes damageto a users device or enables external access to it As theirnamesake suggests Trojans prefer toremain undetected on a usersma.. |
Compact and bijou: Shrinking IT infrastructures (2020-11-19) | To manage the rapid changes taking place across the commercial landscape adding more IT infrastructure has become the norm However in a post-cor world reverting to a leaner IT infrastructure thats better suited to the new normal of work has moved to the top of the IT agendas of many companies Speaking to IT Pro Tim Pieters platinion manager at the Boston Consulting Group explains: Have no doubt CO.. Compact and bijou: Shrinking IT infrastructures |
Asus Zenbook Duo UX481 review (2020-12-02) | Innovation that comes at a cost |
Facebook may finally launch its Libra cryptocurrency in early 2021 (2020-11-27) | The embattled Libra cryptocurrency built by Facebook will make its long-awaited launch as early as January after a tumultuous two years in developmentand rising scepticism among backers and regulators The social media giant announced its own stablecoin in June 2019 backed by a host of big names in the finance sector as a means for customers to send and receive payments without the need for a banki.. |