10 February, 2020
Let us get ready for the IoT laws
Article: IoT
A new set of IoT laws are in the making to rule the new world of the Internet of Things.
Think about any Hollywood sci-fi.
Walking robots, flying cars, outer space settlements looked too entertaining in our childhood.
But what about self driven cars, self operated switches and wireless kitchen burners working at your wish, identifying the user's mental waves?
Too good to be true, but that is the world that is about become, ruled by the IoT or the Internet of Things.
But technology comes with its own tragedy. If the IoT devices are not monitored by a strict set of laws, it is bound to break barriers and go bananas.
More and more laws ensuring security of usage of IoT are being brought into power by one country after the other. USA accepted the requirement of legal bindings over IoT usage at first, though after a little dilly dallying followed by UK and many other nations of the world.
California has recently passed a legislation that bans weak default passwords on internet-connected devices sold in the region.
It is called the "Information privacy: connected devices" bill, which is the first Internet-of-Things (IoT) cyber security law in the United States. Under this manufacturers of different internet-connected gadgets will have to enable their products with "reasonable security features".
What this means is that each device will either have to be shipped with a password that is unique to it or that each device will need to contain "a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time". In the latter case, users must be able to choose their own passwords.
While most of the other countries are still fence sitting over the matter it is becoming increasingly imperative that federal bindings are most important for optimum utilization of the IoT to ensure its safe and secure utilization.
The original steps to operate any IoT device are not complicated. It only requires the latest owner to change the default login password when logging in for the first time. It is the basic requirement and is easy to implement also.
The challenge with IoT devices is that each one of them is differently made by different manufacturers. Hence the unique firmware, protocols and architecture of each of the IoT products have to checked and understood individually. The devices are prey to their individual vulnerabilities and imperfect security measures. Hence it's advisable to draw a diagram of the device to pre- plan the faults in the system (serial ports, the UART controller, flash drives, filtering modules, JTAG interfaces, etc) and how to combat security issues by intercepting traffic, analyzing whether the information is encrypted, and seeing how it can be manipulated.
The UK lawmakers seem to force the companies to maintain a security point-of-contact which is quite impossible to find especially in smaller companies.
Will this legislation slow innovation?
To an extent, but probably the proposed changes would only require moderate efforts from good actors to implement. Further in the wake of the recent legal changes manufacturers cannot but take note of the same to modify their products.
ISOAH has been the 'go to' institute of anti hacking corporate audits which solves the remotest of bugs in IT infrastructure of any magnitude.
Read on to know more about IoT securities: www.isoah.com/biggest-cyber-security-risks-involved-with-IoT-how-to-diminish-them.php
