The Internet of Things (IoT) is now part of our daily home and business life and is growing rapidly. IoT is helping increase efficiencies, reduce costs, and help us in many ways in our day-to-day lives. Our homes, business, cars and appliances are becoming connected to the Internet. IoT is here to stay. In fact, with the coming 5G networks, IoT is expected to explode exponentially.
But is IoT safe? The U.S. government doesn’t think so.
On December 4th of 2020 the Internet of Things (“IoT”) Cybersecurity Improvement Act was signed into law. This law will prevent the U.S. government from procuring, obtaining, or renewing the use of IoT devices that do not meet minimum cybersecurity standards. The new legislation references the National Institute of Standards and Technology (“NIST”) for the cyber security standards and guidelines. The federal government empowered the Office of Management and Budget (OMB) to provide oversight to ensure federal technology acquisitions adhere to the NIST standards. By March 5, 2021 NIST will publish standards and guidelines for IoT devices to address security vulnerability issues, such as secure development, identity management, patching and configuration management. NIST standards must be reviewed for updates every five years. You can read the IoT Cybersecurity Act of 2020 here. The IoT Cybersecurity act takes effect on December 5, 2022.
So what does this mean for non-federal organizations and private businesses?
Perhaps not much in the immediate future but considering the great purchasing power of the U.S. government it is likely to result in long lasting marketplace cyber security improvements. IoT cybersecurity products improvements are coming for the federal government. Any IoT product companies selling to the federal government are already developing plans on cybersecurity product improvements to meet NIST standards and guidelines. While these laws do not directly apply to the private sector, the IoT manufacturers who sell to the U.S. government will need to improve their product security to meet the NIST minimum standards. It is expected these cybersecurity improvements will carry over to non-federal organizations and private sector, but that remains to be seen.
Expect higher IoT product cost with higher cybersecurity investments.
There is not much debate that cybersecurity product improvements are needed to protect people and organizations from cyber-attacks, but these cybersecurity improvements will certainly result in increased product costs. Some relatively unsophisticated IoT products such as sensors will still be required to meet NIST standards and guidelines if sold to the U.S. government.
IoT integrators and installers require enhanced cybersecurity and networking skills.
Closing the IoT product vulnerabilities is paramount, but the traditional building technology integrator or installer also need to develop enhanced cybersecurity and networking skills. IoT systems are becoming more complex which will require integrators to invest more in cybersecurity and network training. Expect your integration partners to help you navigate the complexity of the IoT products and how to implement and maintain cybersecurity best practices. The right integrators will be able to train you on your IoT systems and help provide necessary maintenance to keep you safe.
If you would like to learn more about IoT vulnerabilities and how to close them, please contact us.
About the Author
Dale is the President and CEO of Parallel Technologies. He has 25 years of experience in technology and business, and 19 years holding executive positions in high-growth technology firms. He has transformed the cabling services company into a high-growth technology company by demonstrating to clients how IT and facility infrastructure solutions can drive strategic value. Dale’s passion is to drive a combination of proven and new infrastructure technologies to solve building and data center challenges to achieve superior performance, reduce risk and preserve capital.