Excerpts from a GCN.com article by Derek Major:
Even as the number of Internet-enabled devices flowing into the market seems unstoppable, policymakers debate government’s role in managing the risk they present.
Allan Friedman, director of cybersecurity initiatives in the Department of Commerce, said that there are still many unanswered questions about the risks related to the Internet of Things.
“How do we make sure the risk is managed? Whether it’s patching over time or making sure that you de-permission the previous user of a device, that’s something we have to figure out,” Friedman said at a panel on managing IoT risk hosted by the Center for Strategic and International Studies. “Another question is how do we make sure that devices are field upgradeable? And if they’re not, how do we communicate the risk back to the consumer that they’re buying it with no way to secure it?”
One way to bolster IoT security is through regulation.
Last year Sen. Edward Markey (D- Mass.) introduced a bill that would require makers of wireless access points on connected cars to conduct penetration testing and would call for car manufacturers or security vendors be able to detect and respond to hacking attempts in real time.
Brian Witten, a senior director with Symantec, acknowledged that hacks and vulnerabilities are becoming more prevalent, but he said he believes they will lead to security consensus from manufacturers and consumers.
“We see month by month increasing active exploitation of IoT devices; we see cars being stolen based on security mistakes in keyless ignition systems,” Witten said. “But my hope is that this will lead to more transparency on how much security is built into these things.”
Discussion Questions
What are your concerns with IoT device?
What kind of regulation would you want to see that could mitigate risks?