Hikvision Senior Cybersecurity Director on US IoT Cybersecurity Improvement Act Becoming Law
Protect Your IoT Devices with 3 Hikvision Tips to Address IoT Vulnerabilities
An important step toward securing the Internet was achieved on December 4, 2020, when President Trump signed an IoT (Internet of Things) security bill into law. The Internet of Things Cybersecurity Improvement Act of 2020 has been in the works since 2017 and was passed by the U.S. House of Representatives in September 2020 and by the U.S. Senate in November 2020.
The bi-partisan team that backed the IoT bill included Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Tex.), and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.), and was backed by multiple tech companies, including BSA (The Software Alliance), Cloudflare, CTIA, Mozilla, Rapid7, Symantec, and Tenable, according to SecurityWeek.
This new IoT security law calls for the National Institute of Standards and Technology (NIST) to publish within 90 days, a set of “standards and guidelines for the federal government on the appropriate use and management by agencies of Internet of Things devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices.” This includes but is not limited to secure development, identity management, patching and configuration management.
The law also requires the U.S. Office of Management and Budget (OMB) to publish recommendations within 180 days, based on the NIST publication and consultation with cybersecurity researchers and private sector industry experts.
It is not just the federal government who is looking to fix this problem with legislation. According to BTB Security, “A growing number of state legislatures are concerned about the lack of security posed by Internet-of-Thing (IoT) devices. California was the first to pass a law mandating better IoT security in 2018 and Oregon has followed suit this year while Illinois, Kentucky, Massachusetts, Maryland, New York, Rhode Island, Vermont and Virginia are considering similar legislation.”
Legislation is an important step in securing the rapidly growing number of IoT devices on the Internet. The risk of unsecured IoT devices is not news. In 2019, Hikvision’s senior director of cybersecurity, Chuck Davis, called for IoT standards and legislation in an Enterprise Security magazine article called “Attack of the Light Bulbs.” Poorly secured IoT devices continue to be one of the greatest threats to the Internet and our collective digital security. According to Statista, there will be more than 75 billion IoT connected devices in use by 2025.
3 Tips to Better Protect Your IoT Devices
If you own IoT devices, here are a few tips you can follow to better secure and protect your devices and your network.
- Ensure that your IoT devices are regularly patched. You might have to do this manually for some devices that do not have automatic updates.
- Make sure your IoT devices are behind a firewall. Port forwarding means that the device is directly accessible from the Internet and it will be attacked.
- Put IoT devices on a separate network in your home or office. To do this, follow the recommendations to address potential vulnerabilities in the Hikvision article, “Cybersecurity at Home: Hikvision Cybersecurity Director Talks Network Security and Network Segmentation.”