Security laws can no longer address the evolving security threats, and therefore processes, tools, and strategies are needed.
Fremont, CA: Laws are good starting points when security is concerned. However, these are far behind in addressing IoT security concerns. For the first time, the U.S. Senate established minimum security requirements for federal procurements of connected devices by introducing the Internet of Things Cybersecurity Improvement Act of 2017. Government security managers must consider IoT security and protect their devices and networks.
Why do hackers target IoT Devices?
IoT devices are the favorite targets for hackers because a single exploit from one connected device can result in a more massive breach. There is a broad spectrum of connected devices ranging from computers and smartphones to smart kitchens and televisions. Each weakness in the device can potentially provide hackers with an easy pathway into other devices that are connected to the network. The vulnerability is high when these devices are designed for convenience and speed without taking security into account.
How should security managers secure IoT devices?
When security managers attempt to protect their devices, they are also safeguarding everything connected to the devices. They should believe that the government’s baseline security recommendations can no longer support and therefore embrace more robust measures. Here are some steps to be adopted by government CIOs to enhance security measures.
Ensure patching and updating a part of the daily routine
With the new and evolving vulnerabilities, devices need to be protected by regularly patching and updating, focusing on the long-term security of connected devices. The Internet of Things Cybersecurity Improvement Act of 2017 demands vendors to make their IoT devices patchable, and it is essential to verify security measures with a keen eye before applying them to other devices. Once applied, CIOs ought to make sure that the updates are genuine.
Adopt continuous monitoring
Weapons like SQL injection and cross-site scripting are common threat vectors that hackers can use to tap into IoT devices and target web-based applications. To protect devices against this, CIOs employ continuous monitoring of traffic that passes to and from a device, thereby sends alert, report, and automatically addresses any potentially harmful anomalies.
Consider basic credential management
In IoT devices, user authentication and credential management should be considered by CIOs, such as the ways someone will interact with the device, methods to make sure if the right person with valid authorization is accessing the device, and more. When a user login session takes many attempts, then it indicates attackers trying to invade the systems. While IoT devices do not have the capabilities to monitor the user session, modern IoT devices have to be built with these capabilities. This ability should enable maintaining, viewing, and deleting a log when the device is not in use.
In short, bills are a good start. However, they are not enough to protect government networks against devices, and therefore, tools should be introduced to eliminate the threats.
Check this out: Top Homeland Security Technology Companies