{"id":3798,"date":"2019-08-21T07:15:28","date_gmt":"2019-08-21T07:15:28","guid":{"rendered":"https:\/\/dolcera.com\/?p=3798"},"modified":"2019-08-21T07:15:28","modified_gmt":"2019-08-21T07:15:28","slug":"iot-legislation-is-this-hinting-iot-prediction-heady-again","status":"publish","type":"post","link":"https:\/\/www.dolcera.com\/web\/iot-legislation-is-this-hinting-iot-prediction-heady-again\/","title":{"rendered":"IoT Legislation: Is this hinting IoT prediction heady again?"},"content":{"rendered":"<p><span style=\"font-weight: 400\">While IoT devices and technology were all you heard about for a while, the buzz has dimmed. According to Google Trends, <\/span><a href=\"https:\/\/www.itprotoday.com\/iot\/future-iot-devices-question\"><span style=\"font-weight: 400\">interest in IoT peaked toward the end of 2016<\/span><\/a><span style=\"font-weight: 400\">. Interest has ebbed and flowed since then, while slowly regressing toward pre-2016 levels. Also, in 2017 analysts were <\/span><a href=\"https:\/\/www.itprotoday.com\/iot\/future-iot-devices-question\"><span style=\"font-weight: 400\">predicting that the IoT market<\/span><\/a><span style=\"font-weight: 400\"> would be worth $457 billion by 2020, sources from 2018 forecast the market reaching only $318 billion by 2023. <\/span><b>One of the reasons for this slowdown is IoT security<\/b><span style=\"font-weight: 400\"> which remains a persistent challenge for IoT devices and technology.<\/span><\/p>\n<p><span style=\"font-weight: 400\">It&#8217;s relatively easy to deploy an IoT device; it is much harder to secure it and the data it sends and receives. Indeed, examples of poorly secured IoT devices proliferate. Compared with PCs and smartphones, IoT devices and software have a long way to go to reach a reliable level of security.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Fortunately, <\/span><b>Legislation on IoT is finally coming <\/b><span style=\"font-weight: 400\">and we may see IoT becoming more trustworthy. Over the years, several bills have been proposed, but significant legislation aimed at IoT has failed to pass. However, with the recent success of security in industry information technology (IT) networks for DoD contractors, there is a template for legislators to follow.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/iotbusinessnews.com\/2019\/07\/28\/20088-the-rise-of-iot-legislation\/\"><span style=\"font-weight: 400\">The bill would accomplish four things<\/span><\/a><span style=\"font-weight: 400\">. First, it clarifies the role of NIST as the lead organization to set IoT standards, rather than leaving each respective agency to set its own. Second, it requires vendors selling IoT devices to the federal government to self-report cybersecurity issues. Third, it requires federal agencies to procure IoT devices using NIST standards. Finally, it requires NIST to report and update IoT standards.<\/span><\/p>\n<p><span style=\"font-weight: 400\">NIST also released draft security feature recommendations for IoT devices. The <\/span><a href=\"https:\/\/www.nist.gov\/news-events\/news\/2019\/08\/nist-releases-draft-security-feature-recommendations-iot-devices\"><span style=\"font-weight: 400\">Core Baseline provides a list of six recommended security features<\/span><\/a><span style=\"font-weight: 400\"> that manufacturers can build into IoT devices, and that consumers can look for on a device\u2019s box or online description while shopping.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The <\/span><a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2019\/08\/nist-seeks-industry-feedback-as-internet-of-things-cybersecurity-standards-take-shape\/\"><span style=\"font-weight: 400\">NIST sought feedback<\/span><\/a><span style=\"font-weight: 400\"> from industry partners on an <\/span><a href=\"https:\/\/www.us-cert.gov\/ncas\/current-activity\/2019\/06\/26\/nist-releases-report-managing-iot-risks\"><span style=\"font-weight: 400\">internal report released in June<\/span><\/a><span style=\"font-weight: 400\"> that focused on next steps for IoT security and privacy.\u00a0<\/span><\/p>\n<p><b>Some of the recently announced and existing IoT security standards\/guidelines<\/b><span style=\"font-weight: 400\"> &#8211;\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Security Evaluation Standard for IoT Platforms (<\/span><b>SESIP):<\/b><span style=\"font-weight: 400\"> The <\/span><a href=\"https:\/\/www.trustcb.com\/iot\/sesip\/\"><span style=\"font-weight: 400\">SESIP<\/span><\/a><span style=\"font-weight: 400\"> defines a standard for trustworthy assessment of the security of the IoT platforms, such that this can be re-used in fulfilling the requirements of various commercial product domains.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/www.enterprise-cio.com\/news\/2019\/aug\/19\/global-cyber-alliance-launches-first-cybersecurity-development-platform-iot-products\/\"><span style=\"font-weight: 400\">Global Cyber Alliance (GCA)<\/span><\/a><span style=\"font-weight: 400\">: The Global Cyber Alliance (GCA) recently launched a cybersecurity development platform for IoT products, called the Automated IoT Defence Ecosystem (AIDE), which allows small businesses, manufacturers, service providers and individuals to detect vulnerabilities, reduces risks and secure IoT devices.<\/span><\/p>\n<p><a href=\"https:\/\/fidoalliance.org\/fido-alliance-announces-id-and-iot-initiatives\/\"><span style=\"font-weight: 400\">FIDO Alliance<\/span><\/a><span style=\"font-weight: 400\">: The group sets security standards for online authentication, and recently, announced that it&#8217;s expanding to develop security standards for IoT devices. The FIDO Alliance aims to provide a comprehensive authentication framework for IoT devices and has formed the IoT Technical Working Group (IoT TWG).<\/span><\/p>\n<p><a href=\"https:\/\/openconnectivity.org\/business\/ocf-security\"><span style=\"font-weight: 400\">Open Connectivity Foundation (OCF)<\/span><\/a><span style=\"font-weight: 400\">: The OCF Security Framework provides various strength levels of device-to-device authentication methods to ensure that IoT nodes only communicate with authorized entities.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/guide-to-the-iot-security-controls-framework\"><span style=\"font-weight: 400\">Cloud Security Alliance (CSA)<\/span><\/a><span style=\"font-weight: 400\">: The Guide to the IoT Security Controls Framework provides instructions for using the companion CSA IoT Security Controls Framework spreadsheet.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/tools.ietf.org\/html\/rfc8576\"><span style=\"font-weight: 400\">IETF &#8211; RFC 8576<\/span><\/a><span style=\"font-weight: 400\">: RFC 8576 provides a detailed summary of all the IETF efforts towards making the Internet of Things more secure.<\/span><\/p>\n<p><a href=\"https:\/\/www.etsi.org\/deliver\/etsi_ts\/103600_103699\/103645\/01.01.01_60\/ts_103645v010101p.pdf\"><span style=\"font-weight: 400\">ETSI TS 103 645:<\/span><\/a><span style=\"font-weight: 400\"> A standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.<\/span><\/p>\n<p><a href=\"https:\/\/www.gsma.com\/iot\/introduction-gsma-iot-security-guidelines-assessment\/\"><span style=\"font-weight: 400\">GSMA IoT Security Guidelines<\/span><\/a><span style=\"font-weight: 400\">: The GSMA IoT Security Guidelines provide best practice for the secure design, addressing typical cybersecurity and data privacy issues associated with IoT services, a step-by-step process to securely launch IoT solutions to market and keep them secure throughout their lifecycles.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While IoT devices and technology were all you heard about for a while, the buzz has dimmed. According to Google Trends, interest in IoT peaked toward the end of 2016. Interest has ebbed and flowed since then, while slowly regressing toward pre-2016 levels. Also, in 2017 analysts were predicting that the IoT market would be [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[43],"tags":[],"_links":{"self":[{"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/posts\/3798"}],"collection":[{"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/comments?post=3798"}],"version-history":[{"count":2,"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/posts\/3798\/revisions"}],"predecessor-version":[{"id":3800,"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/posts\/3798\/revisions\/3800"}],"wp:attachment":[{"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/media?parent=3798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/categories?post=3798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dolcera.com\/web\/wp-json\/wp\/v2\/tags?post=3798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}