NIST hopes to implement cybersecurity standard

The Cyber Shield Act lays out a voluntary cybersecurity certification program for IoT hardware.

By Max Burkhalter
February 20, 2018

The internet of things is fueling an expansion of data and productivity. It is also, however, opening up an uncertain future regarding cybersecurity. Gartner data anticipated roughly 11.2 million IoT devices will be in use in 2018. This number is up noticeably from 2017's 8.4 million. While the numbers may not be 100 percent accurate, one thing is clear: the IoT is here to stay and it is growing.

The National Institute of Standards and Technology recently released a report detailing cybersecurity concerns in the coming year. This document stresses the need for mandated, enforced regulations, especially as IoT-enabled devices like driverless vehicles are expected to become more prevalent as 2018 develops. With this in mind, the U.S. Federal Government hopes to create a security standard to reduce the risk of successful cyberattacks on these devices.

On the heels of this announcement, the U.S. legislative branch is once again pushing to pass such a standard. Dubbed the Cyber Shield Act, this bill was first introduced late last year and lays out a voluntary cybersecurity certification program for IoT hardware.

"The hope is to push every IoT product into wanting Cyber Shield certification."

The Cyber Shield Act
Spearheaded by Representative Ted Lieu and Senator Ed Markey, The Cyber Shield Act promotes data security standards, guidelines, best practices, methodologies, procedures and processes in IoT devices. If passed, the Act would create an advisory committee to create such a label and to pass along recommendations to the Secretary of Commerce as to which devices qualify and which do not.

While the Cyber Shield Act is voluntary, the hope is to push every IoT product into wanting this certification. Companies, especially industries with sensitive data like health care and finance, need every assurance that their networks will be protected. IoT devices that meet Cyber Shield certification would be in higher demand and be more reputable.

While the measure would allow consumers to grasp an immediate understanding of the security of certain hardware, some are skeptical of the proposed measure. Security Week outlined concerns in how the rating system would work, especially across products that were radically different. Groups attached to the Act suggest that most of the calculation and score assessment could be done by an artificial intelligence to reduce the likelihood of error.

Cybersecurity in the age of IoT
Security concerns remain prevalent among IoT-enabled hardware. Numerous large-scale attacks have been launched against corporations through IoT exploits. ZDNet chronicled five of the larger recent disasters, including a DDoS attack in Finland where hackers remotely shut off heating to a couple of buildings for several days. Given the extreme low temperature, this placed the staff and all contained equipment in considerable jeopardy.

IoT-enabled thermostats can be accessed by outside sources if the user is not careful. IoT-enabled thermostats can be accessed by outside sources if the user is not careful.

McKinsey & Company highlighted four chief concerns in IoT security. The firm noted a general gap in technical sophistication, meaning that the security tech lagged behind the maturity of the devices themselves. The lack of regulations was also a concern as larger companies can be slow-acting in terms of creating and enforcing security mandates.

McKinsey & Company also found that consumers, whether personal or business, did not want to pay for cybersecurity solutions, or if they did, wanted to outsource the issue to the cheapest bidder. Lastly, the firm concluded that many are still unable to simply understand the full importance of IoT cybersecurity. This is in line with a 2016 BAE Systems report, which found that almost half of executives stated that they did not properly understand cybersecurity documents.

More oversight means a higher level of security
Until a regulation is passed to mandate IoT cybersecurity levels, it will remain up to the organizations themselves to regulate an ever-growing number of devices. Being able to oversee the whole network is an advantage, especially for larger companies. This lets the IT staff better monitor situations as they develop and detect incidents earlier.


Remote management can be established through a stronger network framework, one that supports giving power to the administrators and other specialists. Do not expect that many companies will wait for the Cyber Shield Act or similar legislation. Organizations are already moving to secure their networks against cyberattacks. Consult with Perle today to learn about how we can help strengthen your network infrastructure, giving control only to the right people.

Hi!

Have a Question? Chat with a live Product Specialist!

Have a Question?

We can provide more information about our products or arrange for a price quotation.


email-icon Send an Email
contactus-icon Send an Email callus-icon Call Us
×

Send us an Email