The IoT cybersecurity improvement act: What does it mean, and how do we get ready for it?

Amir Haleem of Helium

Security concerns have been dominating news about IoT as of late, and with good reason. A recent survey shows that nearly half of U.S. firms using an IoT network have been hit by a security breach. With this kind of frequency, it’s no wonder the IoT Cybersecurity Improvement Act of 2017 was proposed.

Although designed primarily for vendors seeking government contracts, the bill has the potential to set key standards for the future of industry-wide IoT development, and can greatly influence the overall progress of IoT, says Amir Haleem, CEO of Helium.

The goal of the IoT Cybersecurity Improvement Act of 2017 is to “provide minimal cybersecurity operational standards for Internet-connected devices purchased by Federal agencies, and for other purposes.”

Under the proposed legislation, vendors will need to meet a number of requirements before they can contract with government agencies, including:

    • Devices must be free from any known vulnerabilities and defects
    • Devices must be able to receive regular software updates
    • Devices must not include any fixed or hard-coded credentials used for remote administration, the delivery of updates, or communication

Considering the safety and economic implications of privately owned IoT networks, however, it is entirely likely that regulations such as these could be expanded beyond government contracts. Ted Koppel has warned that an IoT attack on the U.S. power grid could cause a massive outage, and when researchers in Israel simulated an attack on “smart lightbulbs” to control lights in a city block of offices, it showed that this is not mere alarmism.

For companies, such attacks can pose existential threats–DNS provider Dyn experienced a DDoS attack that may have cost 8% of its business. So while we certainly can expect more regulation and industry standards, organisations should take their own proactive steps to secure their systems.

Steps every company should take

It should be clear that the standard approaches to securing a network–patches, firewalls, spyware detection, educating employees and so forth–are not going to be sufficient to stem IoT threats. The combination of software infrastructure and remotely deployed devices adds new dimensions to security that require a new way of thinking about it.

However, there are a few steps that companies should take in order to ensure that they can not only prevent attacks, but also comply with up-and-coming legislation:

    • Encrypt the keys on each individual device for more control over the network, as each individual device can be monitored and managed (as opposed to a gateway that controls a specific area/region)
    • Use only derivatives of encryption keys for specific functions
    • Rotate keys regularly so that even if a device is compromised, it can be used by a hacker for only a short timeframe
    • Centralise visibility and control over the system so that you can quarantine and disable suspicious devices directly
    • Leverage hardware-based security, or protection that is produced by a physical device rather than software that is installed on a computer system, a tactic which analyst Patrick Moorhead has asserted is more secure than software because it cannot be altered, and may prevent malware from infiltrating the operating system and virtualisation layer

According to IDC, IoT investment is expected to total $1.4 trillion (€1.17 trillion) by 2021. IoT systems have already taken around twenty-five billion devices online , and according to a Hewlett Packard study, 70 to 80% may lack encryption and sufficient password protection.

These are prime targets for some of the worst kind of cyber attacks imaginable, and companies need to take action now to ensure that they’re protected. However, with the right approach, companies can build IoT networks that are highly secure, ensuring that the tremendous economic potential offered by IoT comes to fruition.

The author of this blog is Amir Haleem, CEO of Helium

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


Nordic-powered smart utility access cover offers anti-theft protection and detects open/close events

Posted on: August 16, 2022

Oslo, Norway – China-based Jian-IOT has launched a smart utility access cover that can detect when the cover has been opened or closed, records water level and temperature data, identifies any damage, and includes an anti-theft system that tracks the current location of the device. The ‘Integrated Intelligent Manhole Cover’ employs Nordic’s nRF52832 SoC to both act

Read more

Helbiz to offer on-demand taxi services to widen international intermodal offering

Posted on: August 16, 2022

New York, United States – Helbiz, a global provider in micro-mobility, announced the beginning of a new chapter for its intermodal mobility offering, Helbiz Taxi. The micro-mobility company aims to integrate mobility services around the world in its app to widen the intra and extra urban mobility offerings to include vehicles from additional companies with

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox