The IoT cybersecurity improvement act: What does it mean, and how do we get ready for it?

Amir Haleem of Helium

Security concerns have been dominating news about IoT as of late, and with good reason. A recent survey shows that nearly half of U.S. firms using an IoT network have been hit by a security breach. With this kind of frequency, it’s no wonder the IoT Cybersecurity Improvement Act of 2017 was proposed.

Although designed primarily for vendors seeking government contracts, the bill has the potential to set key standards for the future of industry-wide IoT development, and can greatly influence the overall progress of IoT, says Amir Haleem, CEO of Helium.

The goal of the IoT Cybersecurity Improvement Act of 2017 is to “provide minimal cybersecurity operational standards for Internet-connected devices purchased by Federal agencies, and for other purposes.”

Under the proposed legislation, vendors will need to meet a number of requirements before they can contract with government agencies, including:

    • Devices must be free from any known vulnerabilities and defects
    • Devices must be able to receive regular software updates
    • Devices must not include any fixed or hard-coded credentials used for remote administration, the delivery of updates, or communication

Considering the safety and economic implications of privately owned IoT networks, however, it is entirely likely that regulations such as these could be expanded beyond government contracts. Ted Koppel has warned that an IoT attack on the U.S. power grid could cause a massive outage, and when researchers in Israel simulated an attack on “smart lightbulbs” to control lights in a city block of offices, it showed that this is not mere alarmism.

For companies, such attacks can pose existential threats–DNS provider Dyn experienced a DDoS attack that may have cost 8% of its business. So while we certainly can expect more regulation and industry standards, organisations should take their own proactive steps to secure their systems.

Steps every company should take

It should be clear that the standard approaches to securing a network–patches, firewalls, spyware detection, educating employees and so forth–are not going to be sufficient to stem IoT threats. The combination of software infrastructure and remotely deployed devices adds new dimensions to security that require a new way of thinking about it.

However, there are a few steps that companies should take in order to ensure that they can not only prevent attacks, but also comply with up-and-coming legislation:

    • Encrypt the keys on each individual device for more control over the network, as each individual device can be monitored and managed (as opposed to a gateway that controls a specific area/region)
    • Use only derivatives of encryption keys for specific functions
    • Rotate keys regularly so that even if a device is compromised, it can be used by a hacker for only a short timeframe
    • Centralise visibility and control over the system so that you can quarantine and disable suspicious devices directly
    • Leverage hardware-based security, or protection that is produced by a physical device rather than software that is installed on a computer system, a tactic which analyst Patrick Moorhead has asserted is more secure than software because it cannot be altered, and may prevent malware from infiltrating the operating system and virtualisation layer

According to IDC, IoT investment is expected to total $1.4 trillion (€1.17 trillion) by 2021. IoT systems have already taken around twenty-five billion devices online , and according to a Hewlett Packard study, 70 to 80% may lack encryption and sufficient password protection.

These are prime targets for some of the worst kind of cyber attacks imaginable, and companies need to take action now to ensure that they’re protected. However, with the right approach, companies can build IoT networks that are highly secure, ensuring that the tremendous economic potential offered by IoT comes to fruition.

The author of this blog is Amir Haleem, CEO of Helium

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

IoT set to overtake cloud computing as primary Industry 4.0 technology, Inmarsat research reveals

Posted on: October 14, 2021

New research by Inmarsat, the provider of global mobile satellite communications, reveals that investment in the Internet of Things (IoT) is set to overtake cloud computing, next generation security, big data analytics and other digital transformation technologies in the near future.

Read more

IDTechEx looks at the setbacks and explores how to move forward

Posted on: October 14, 2021

Bill Gates backed a Belmont smart city in the Arizona desert little has happened beyond a land purchase. Authorities demand that the Colorado river’s diminishing water supply is unharmed. Arizona suffers historic water shortage. The Southwest and much of the West is suffering from an intense 22-year drought, resulting in increasingly low water levels, dry

Read more