IoT Cybersecurity Act 2020

				<div>
			
			
			
			<div>
				<h1>IoT Cybersecurity Act 2020</h1>
			</div>
			
		</div>
			
			
		</div> <div>
			
			
			
			
				<div>
			<div>
			
			
			<div>
			
			
			<div><h2>Introduction</h2>

While the cybersecurity headlines over the past few weeks here in the US have been focused on unfounded claims of voting machine hacking and turmoil at CISA, the top of the agency in charge of protecting the nation’s infrastructure from cyber attacks, there has been some good news on the IoT Security front.

Last week the US Senate unanimously approved the IoT Cybersecurity Improvement Act of 2020, passing the bill onto the President for his signature.  Why is this important?

Nobody is Asking for IoT Security

We are told regularly by some IoT device manufacturers that the reason they are not prioritizing investment in cybersecurity is because their customers don’t ask for it. Given tight margins, competitive markets and rapidly moving roadmaps, the end result is insecure products, botnets, and compromised networks.

The new bill takes an important step to address this issue. Under the bill, NIST is tasked with defining recommendations and best practices for building and deploying secure IoT devices. NIST has a robust program for defining IoT Standards and compliance.

No IoT Security… Then No Business for You

What is important about this bill is Section 7a, “Prohibition on Procurement and Use” – where the Federal Government is required to only purchase IoT devices that conform to the new NIST IoT Security Standards. The way to get the device manufacturers’ to fix poor cybersecurity practices is to limit their access to markets for their products.

Expect to see other industries adopt these standards as part of their procurement processes as well. As we wrote this summer – vendors need to embrace IoT Security Compliance or Die a Slow Death.

While a good step, this change will still take some time to come into effect. And we look to NIST to release strong, objective standards.

It’s Time for Device Vulnerability Management

As we’ve said many times before, having conference phones or security cameras from top tier vendors that have 10 year-old unpatched network vulnerabilities is not acceptable – and the IoT Cybersecurity Improvement Act of 2020 is an important step forward to address the problem.

Additional reading:
https://www.theregister.com/2020/11/18/us_iot_security/
https://fcw.com/articles/2020/11/18/iot-cyber-bill-passes-senate.aspx
https://threatpost.com/iot-cybersecurity-improvement-act-passed/161396/
https://www.cyberscoop.com/congress-iot-cybersecurity-bill-contractors/

			<div>
			
			
			<div>Recent Posts</div>
		</div> <div>
			
			
			<div>
				
		

			<a href="https://www.refirmlabs.com/iot-cybersecurity-act-2020/" rel="noreferrer" target="_blank"><img alt="IoT Cybersecurity Act 2020" height="675" src="https://www.refirmlabs.com/wp-content/uploads/2020/11/love-locks-505878_1920-1080x675.jpg" width="1080" /></a>
													<h2><a href="https://www.refirmlabs.com/iot-cybersecurity-act-2020/" rel="noreferrer" target="_blank">IoT Cybersecurity Act 2020</a></h2>
			
				<p>Nov 24, 2020</p><div><div><p>Last week the US Senate unanimously approved the IoT Cybersecurity Improvement Act of 2020, passing the bill onto the President for his signature.  Why is this important?</p>
			<a href="https://www.refirmlabs.com/embrace-iot-security-compliance-or-die-a-slow-death/" rel="noreferrer" target="_blank"><img alt="Embrace IoT Security Compliance or Die a Slow Death" height="675" src="https://www.refirmlabs.com/wp-content/uploads/2020/07/IoT-Compliance-1080x675.jpg" width="1080" /></a>
													<h2><a href="https://www.refirmlabs.com/embrace-iot-security-compliance-or-die-a-slow-death/" rel="noreferrer" target="_blank">Embrace IoT Security Compliance or Die a Slow Death</a></h2>
			
				<p>Jul 29, 2020</p><div><div><p>IoT Security Compliance. IoT Security Standards. IoT Security Frameworks. All new buzzwords that are picking up steam. So imagine our surprise when we talk to IoT device manufacturers about why they continue to ship products with bad security and the reason they don’t fix it.</p>
			<a href="https://www.refirmlabs.com/how-to-compare-two-different-binary-files/" rel="noreferrer" target="_blank"><img alt="How to Compare Two Different Binary Files" height="675" src="https://www.refirmlabs.com/wp-content/uploads/2020/06/cmp-file-differencing-1080x675.png" width="1080" /></a>
													<h2><a href="https://www.refirmlabs.com/how-to-compare-two-different-binary-files/" rel="noreferrer" target="_blank">How to Compare Two Different Binary Files</a></h2>
			
				<p>Jun 23, 2020</p><div><div><p>One of our favorite new capabilities in the Centrifuge Spring ‘20 release is Firmware Differencing. This is how to compare two binary files quickly and efficiently for Linux, QNX, and VxWorks. But that’s not all it compares!</p>
			<div><div>
<div><a href="https://www.refirmlabs.com/feed/page/2/?et_blog" rel="noreferrer" target="_blank">« Older Entries</a></div>
<div></div>
		</div> 
			
			
		</div> 
			
			
		</div> 

The post IoT Cybersecurity Act 2020 appeared first on ReFirm Labs.

Article Link: https://www.refirmlabs.com/iot-cybersecurity-act-2020/