September 25, 2020

1294 words 7 mins read

Senate passes minimum security standards for federal IoT devices

Senate passes minimum security standards for federal IoT devices

The US Senate has unanimously passed a new piece of legislation that will create minimum cyber security standards for government purchased, internet-connected devices. The Internet of Things (IoT) Cybersecurity Improvement Act (H.R. 1668), introduced by Congresswoman Robin Kelly (D-Illinois), would oblige all internet-connected devices purchased by the federal government to conform to a set of min

imum security recommendations issued by the National Institute of Standards and Technology. SEE MORE Why the Internet of Things needs security by design SEE MORE Will hack-resistant chips really work? SEE MORE UK gov to offer £400k for IoT security schemes Private companies that sell devices to the federal government would also be required to notify agencies if the internet-connected device has a vulnerability that could leave the government open to attacks. The act would require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices. It would also direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines. The act would also make NIST to work with cyber security researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems. Congresswoman Kelly said in a statement that that the act would make sure that “the U.S. government purchases secure devices and closes existing vulnerabilities to protect our national security and the personal information of American families.” The legislation was unanimously approved by the House in September, and passed on the Senate floor by unanimous consent on the evening of 17 November. “While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” said Sen. Mark Warner, D-Va., in a statement. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell. I urge the President to sign this bill into law without delay.”  The bill now heads to the president to be signed into law. Paul Bischoff, privacy advocate at Comparitech.com, told IT Pro that the establishment of minimum-security standards for government owned IoT devices is long overdue. “I think it was wise to put NIST, a reputable non-partisan standards body, in charge of drafting guidelines and auditing devices, as opposed to writing fixed standards into law that would only be made obsolete in a few years’ time. Although government-level security standards might not be necessary on all devices, it would be helpful for consumers and businesses to know which devices meet NIST’s standards,” he said. Andrea Carcano, co-founder at Nozomi Networks, said that this is an important first step by the federal government to help ensure IoT device makers improve the security of their products. “At the same time, you can never guarantee zero risk…that’s why enterprise and industrial organizations must put additional security measures and technologies in place to shore up their IoT security,” he said. “That includes using AI-powered solutions that can quickly identify the hundreds or even thousands of IoT devices connected to the network and assess their level of risk or vulnerability to help prioritize fixes and response. By effectively managing vulnerabilities of their IoT devices, security teams are one step closer to protecting against cyber threats and the risk of downtime due to cyberattacks.”

Date: 2020-11-20

URL: http://feeds.itpro.co.uk/~r/ITPro/Today/~3/5u-ZtprUiM8/senate-passes-minimum-security-standards-for-federal-iot-devices

itpro.co.uk
Almost three-quarters of businesses now use automation technologies (2020-11-25) The number of organisations now using automation technologies has risen from just under half 48% in 2019 to almost three-quarters73% in 2020 according to new research from Deloitte This includes the use of robotics machine learning and natural language processing Deloittes survey of 441 executives from 29 countries also found that the number of organisations deploying automation at scale has incre..
Four ways CIOs can drive digital transformation (2019-09-20) By now most organisations recognise the importance of digital transformation 2020 has certainly proved that it pays to have reliable yet flexible technology baked into the core of your business model Digital transformation gives CIOsan opportunity to play a crucial part in ensuring their organisations can stay relevant competitive and navigate disruption Despite the positives many CIOs struggle to..
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate (2020-11-25) You wouldnt begrudge Huawei if it celebrated Donald Trumps election defeat given the damage his administrations sanctions have caused The Chinese firm is now on its third smartphone without Google Play services and its sales in the west are starting to lag There is no guarantee that the new president-elect Joe Biden will lift the sanctions but Huawei remains undaunted Its continuing to invest heav..
What is virtualisation? (2019-09-23) Virtualisation is the process of taking physical computing objects such as servers and network gear and turning them into software-based alternatives These virtual equivalents help businesses reduce IT equipment expenses and physical footprint and help to increase efficiency and agility Virtualisation has transformed how businesses operate and how their employees work day-to-day Besides from freei..
What is blockchain? (2019-09-13) Blockchain is one of the biggest buzz words in the tech industry but beyond the hype is a seriously disruptive technology It is a form of distributed ledger technology made famous because it is the system on which Bitcoin and other cryptocurrencies are built upon But as we are slowly finding out there is more to it than just digital money There are a number of different use cases being explored an.. What is blockchain?
Apple looks set to launch first ARM-based MacBooks next week (2020-11-03) Apple is reportedly gearing up to launch a new range of MacBooks that will feature the companys own processors for the first time in the 36-year history of the Mac The company on Monday announced that it will hold a special event on 10 November with an invitation that features Apples famous one more thing tagline While Apple didnt reveal any further details it looks likely that we can expectthe an..
What is a Trojan? (2019-08-14) What was once the name for a wooden horse that was used to sneak Greek soldiers inside the walls of Troyis now a term that puts IT professionals on edge A Trojan often referred to as a Trojan horseis a form of malware disguised as legitimate software that either causes damageto a users device or enables external access to it As theirnamesake suggests Trojans prefer toremain undetected on a usersma..
Compact and bijou: Shrinking IT infrastructures (2020-11-19) To manage the rapid changes taking place across the commercial landscape adding more IT infrastructure has become the norm However in a post-cor world reverting to a leaner IT infrastructure thats better suited to the new normal of work has moved to the top of the IT agendas of many companies Speaking to IT Pro Tim Pieters platinion manager at the Boston Consulting Group explains: Have no doubt CO.. Compact and bijou: Shrinking IT infrastructures
Asus Zenbook Duo UX481 review (2020-12-02) Innovation that comes at a cost
Facebook may finally launch its Libra cryptocurrency in early 2021 (2020-11-27) The embattled Libra cryptocurrency built by Facebook will make its long-awaited launch as early as January after a tumultuous two years in developmentand rising scepticism among backers and regulators The social media giant announced its own stablecoin in June 2019 backed by a host of big names in the finance sector as a means for customers to send and receive payments without the need for a banki..
iot security cyber security network
E&T Innovation Awards 2020: who will the winners be?

E&T Innovation Awards 2020: who will the winners be?

August 21, 2020

While the black ties and cocktail dresses may remain in the wardrobe for this year’s ET Innovation Awards, the change in circumstances opens up the event to the entire engineering and technology community. This year, everyone is invited. For free. All you need to do is register online - it’s free. It is an event that not only rewards industry’s finest, it also inspires. The shortlisted companies a
Requirements for the New Era of IoT Security

Requirements for the New Era of IoT Security

September 24, 2020

IoT security must be powerful enough to protect global enterprises and carrier networks, yet light enough to be embedded on an IC. Only approaches that utilize a silicon/cloud solution can leverage the cloud and mobile edge computing to deliver a security stack on small devices, reducing the cost and complexity of security while increasing speed and performance.
Palo Alto Networks launches 5G-native security

Palo Alto Networks launches 5G-native security

September 7, 2020

The roll out of 5G will open up fast connections to millions of devices, bringing with it opportunities to transform industries and allowing for massive adoption of the IoT. But with this connectivity also comes extra risk. To address this Palo Alto Networks is launching the industry’s first 5G-native security offering combining mobile expertise with its experience in securing highly-distributed c
Medigate Announces Clinical Security Operations Center Solution with Splunk

Medigate Announces Clinical Security Operations Center Solution with Splunk

September 2, 2020

NEW YORK–(BUSINESS WIRE)– #IoT–Medigate announced a Clinical SOC solution to help Splunk users identify and respond to threats from connected medical and IoT devices on a network.
Most organizations arent tracking their IoT assets

Most organizations arent tracking their IoT assets

September 1, 2020

According to a new report, most organizations aren’t tracking their IoT assets, and cost was a key reason. According to the 2020 State of IoT Asset Tracking Report from Helium, Digital Matter and Semtech, over half of respondents (52 %) reported having no tech-based asset tracking, despite the urgency and high demand to do so. Of those not using or searching for tracking solutions, a quarter of th
Trumps election defeat isnt going to get Huawei back in the UK

Trumps election defeat isnt going to get Huawei back in the UK

August 30, 2020

The UK’s government has u-turned on so many things in 2020 that it’s hard to know which decisions -if any - it will actually stick to. It almost resembles a Lazy Susan, slowly changing firm rebuffs into pitiful acceptances within a month or so. And, like lockdowns, furloughs and feeding poor children, Huawei seems to sense its own reprieve coming around. Clearly emboldened by the electoral defeat
New partnership with National Broadband Network Australia annouced

New partnership with National Broadband Network Australia annouced

August 23, 2020

Orange Business Services (OBS) has just announced a partnership with nbn Australia, which will now allow it to add domestic managed services to its offerings for Australian enterprises, including satellite and fixed Internet.{loadads} Orange Business Services has announced a partnership with nbn (National Broadband Network) Australia, through which it can now add domestic managed services, includi
Global Demand for Cloud-Native Autonomous Cybersecurity Platform Elevates Valuation to More Than $3 Billion

Global Demand for Cloud-Native Autonomous Cybersecurity Platform Elevates Valuation to More Than $3 Billion

August 22, 2020

SentinelOne, the autonomous cybersecurity platform company, today announced it had raised $267 million in Series F funding led by Tiger Global Management, with participation from Sequoia Capital Global Equities and existing investors, including Insight Partners and Third Point Ventures.{loadads} The significantly oversubscribed round will allow SentinelOne to continue accelerating hypergrowth dri
Global Cable Operator Markets 2020-2025 by Technology Residential Services Wireless Internet Entertainment Security Home Automation and IoT based Apps SMB and Enterprise Applications - ResearchAndMarketscom

Global Cable Operator Markets 2020-2025 by Technology Residential Services Wireless Internet Entertainment Security Home Automation and IoT based Apps SMB and Enterprise Applications - ResearchAndMarketscom

August 16, 2020

DUBLIN–(BUSINESS WIRE)–The “Cable Operator Market by Technology, Residential Services (Wireless, Internet, Entertainment, Security, Home Automation, and IoT based Apps), SMB and Enterprise Applications 2020 - 2025” report has been added to ResearchAndMarkets.com’s offering. This report evaluates Cable MSO ecosystem players, technologies, solutions, and market opportunities This includes traditio