Security Laws Are Inferior To Security Measures, According To Cios

Security Laws Are Inferior To Security Measures, According To Cios

Gov CIO Outlook | Tuesday, July 05, 2022

Security laws can no longer address evolving security threats, so processes, tools, and strategies are needed.

Fremont, CA: Laws are great starting points when security is concerned. Still, these are far behind in addressing IoT security concerns. First-ever, the U.S. Senate fixed minimum security needs for federal procurements of connected devices by inserting the Internet of Things Cybersecurity Improvement Act of 2017. Government security managers must regard IoT security and protect their devices and networks.

Why do hackers target IoT Devices?

IoT devices are the best focus for hackers because a single exploit from one connected device can outcome in a more massive breach. There is a wide spectrum of connected devices, from computers and smartphones to smart kitchens and televisions. Each weakness in the device can potentially give hackers an easy pathway into other devices connected to the network. The vulnerability is great when these devices are designed for convenience and speed without considering security.

How should security managers secure IoT devices?

When security managers effort to protect their devices, they also safeguard everything connected to them. They should trust that the government’s baseline security recommendations can no more supported and thus embrace more robust measures. Some steps to be accepted by government CIOs to improve security measures.

Make sure patching and updating are a part of the daily routine.

With the new and developing vulnerabilities, devices must be protected by continually patching and updating, concentrating on the long-term security of linked devices. The IoT(Internet of Things) Cybersecurity Improvement Act of 2017 needs vendors to make their IoT devices patchable. Verifying security measures with a keen eye is essential before applying them to other devices. Once applied, CIOs ought to ensure that the updates are genuine.

Adopt continuous monitoring

Weapons such as SQL injection and cross-site scripting are common threats that hackers can utilize to tap into IoT devices and target web-founded applications. To safeguard devices against this, CIOs continuously monitor traffic that passes to and from a device, sending the alert, reporting, and automatically addressing any potentially harmful anomalies.

Consider essential credential management.

In IoT devices, consumer authentication and credential management should be reviewed by CIOs, like the ways someone will interact with the device, to ensure the right person with valid authorization is accessing the device, and more. When a user login session takes numerous attempts, it indicates attackers are trying to invade the systems. While IoT devices cannot monitor the user session, modern IoT devices must be built with these capabilities. This ability should allow maintaining, viewing, and deleting a log when the device is not in use.

Shortly, bills are a good start. Though they are not enough to protect government networks against devices, tools should be introduced to eliminate the threats.



Weekly Brief

Read Also