Regulation to protect from vulnerability
In order to secure the vast and highly hackable network of the Internet of Things (IoT), we may need our government to step in and set guidelines.
Unfortunately, security incentives are expensive. Companies may not feel motivated to take on the cost, leaving devices incredibly vulnerable to malware, identity theft, denial of service attacks, and other inconveniences and dangers.
Taking an engineering-based approach
The Obama administration is on the right track. The White House, in collaboration with the National Institute of Standards and Technology (NIST), has released a set of security standards that they’ve developed over the past four years (in fact, it’s 257 pages long). As of right now, the guidelines are voluntary, but they will be immediately applied to IoT usage by government agencies and contractors.
The release was scheduled for the end of the year, but insiders suspect the White House announced the new guidelines ahead of schedule in response a large-scale denial of service hacking that occurred last month.
U.S. Chief Information Security Officer Greg Touhill said the guidelines, which take an “engineering-based approach,” would “set the flight plan” for future IoT developments. Unlike previous guidelines, these lay out a step-by-step plan encouraging manufacturers to build cybersecurity features directly into devices.
Six hacker-proofing principles
Around the same time that NIST released their guidelines, the Department of Homeland Security (DHS) released a separate cybersecurity policy for IoT devices, including six strategic principles to stop hackers.
The Federal Communications Commission has said that they will not issue mandatory standards for IoT devices.
Nonetheless, some experts suspect that legally mandated security measures, especially in crucial infrastructural industries such as power, transportation, and medical technology, will eventually become inevitable.
“We have a rapidly closing window to ensure security is accounted for at the front end of the Internet of Things phenomenon,“ said Robert Silvers, an assistant secretary for Cyber Policy at the DHS. “These principles will initiate longer-term collaboration between government and industry.”