refirm labs
  • Company
    • Leadership
    • Partners
    • Careers
    • News
    • Announcements
  • Products
    • Binwalk Enterprise (Centrifuge)
    • Binwalk Open Source
    • Product Comparison
  • Solutions
    • Enterprise IT
    • Industrial IoT
    • Telecom Providers
    • Device Manufacturers
    • Binwalk for Educators
  • Resources
  • Blog
  • Contact
  • Login
    • Binwalk Enterprise
    • Partner Portal
  • Get a DemoNew
refirm labs
refirm labs
  • Company
    • Leadership
    • Partners
    • Careers
    • News
    • Announcements
  • Products
    • Binwalk Enterprise (Centrifuge)
    • Binwalk Open Source
    • Product Comparison
  • Solutions
    • Enterprise IT
    • Industrial IoT
    • Telecom Providers
    • Device Manufacturers
    • Binwalk for Educators
  • Resources
  • Blog
  • Contact
  • Login
    • Binwalk Enterprise
    • Partner Portal
Get a Demo

IoT Cybersecurity Act 2020

November 24, 2020

Introduction

While the cybersecurity headlines over the past few weeks here in the US have been focused on unfounded claims of voting machine hacking and turmoil at CISA, the top of the agency in charge of protecting the nation’s infrastructure from cyber attacks, there has been some good news on the IoT Security front.

Last week the US Senate unanimously approved the IoT Cybersecurity Improvement Act of 2020, passing the bill onto the President for his signature.  Why is this important?

Nobody is Asking for IoT Security

We are told regularly by some IoT device manufacturers that the reason they are not prioritizing investment in cybersecurity is because their customers don’t ask for it. Given tight margins, competitive markets and rapidly moving roadmaps, the end result is insecure products, botnets, and compromised networks.

The new bill takes an important step to address this issue. Under the bill, NIST is tasked with defining recommendations and best practices for building and deploying secure IoT devices. NIST has a robust program for defining IoT Standards and compliance

No IoT Security… Then No Business for You

What is important about this bill is Section 7a, “Prohibition on Procurement and Use” – where the Federal Government is required to only purchase IoT devices that conform to the new NIST IoT Security Standards. The way to get the device manufacturers’ to fix poor cybersecurity practices is to limit their access to markets for their products.

Expect to see other industries adopt these standards as part of their procurement processes as well. As we wrote this summer – vendors need to embrace IoT Security Compliance or Die a Slow Death.

While a good step, this change will still take some time to come into effect. And we look to NIST to release strong, objective standards.

It’s Time for Device Vulnerability Management

As we’ve said many times before, having conference phones or security cameras from top tier vendors that have 10 year-old unpatched network vulnerabilities is not acceptable – and the IoT Cybersecurity Improvement Act of 2020 is an important step forward to address the problem.

Additional reading:
https://www.theregister.com/2020/11/18/us_iot_security/
https://fcw.com/articles/2020/11/18/iot-cyber-bill-passes-senate.aspx
https://threatpost.com/iot-cybersecurity-improvement-act-passed/161396/
https://www.cyberscoop.com/congress-iot-cybersecurity-bill-contractors/

Share Post
ReFirm Labs Named a 2020 SINET...
2020 Sinet 16 Innovator
ReFirm Labs Joins IoXt Allianc...

Recent Posts

  • Doorbells and IoT Security Certification: Retailers Need to Step Up

    February 4, 2021

    Backdoors in popular consumer doorbells and security cameras made by Merkury/Geeni are still available from top trusted retailers in the US such as Walmart, Amazon, ...
  • Florida Tech Cybersecurity Researchers Discover Hidden Vulnerabilities in Wireless Doorbells, Cameras

    February 4, 2021

    The market for internet-connected smart doorbells and security cameras has grown substantially over the last couple of years. We recently discovered four significant vulnerabilities in ...
  • IoT Security Compliance and Enforcement

    January 4, 2021

    IoT devices will need to adopt the same basic security requirements and compliance seen in traditional IT systems. Read to learn more.
See All >
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 10
  • >>

refirm labs Logo

8110 Maple Lawn Blvd.
Suite 200
Fulton, MD 20759

info@refirmlabs.com
Call +1 (240) 389-2443
Popular
  • About Us
  • Products
  • Resources
  • Blog
Solutions
  • Enterprise IT
  • Industrial IoT
  • Telecom Providers
  • Device Manufacturers

Facebook

  • Privacy Policy
  • Terms of Use

ReFirm Labs, Inc.