Security and Connectivity for IoT Devices

Menu

IoT Cybersecurity Improvement Act 2020

Home / IoT Cybersecurity Improvement Act

Let's Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

Let's Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

Introduction

This past December the US Federal Government passed the IoT Cybersecurity Improvement Act 2020, the first Internet of Things (IoT) legislation designed to ensure federal agencies purchase only IoT devices that meet specific security protocols.

Why Regulation

IoT devices and ecosystems have become truly transformative, improving our daily lives in innumerable ways. Allegro refers to the potential impact of these technologies as the IoT Axiom: The Value of IoT Ecosystems is equal to the data provided times the resulting actions taken.

Value is therefore dependent on accurate, “clean” data, making it imperative to safeguard these devices and systems so actions are not unduly influenced by compromised data.

This is precisely why the federal government has enacted the IoT Cybersecurity legislation. The stakes have become too high to do nothing.

Why Now?

IoT cybersecurity has not traditionally been a priority for device manufacturers, and this oversight has resulted in countless data breaches, system disruptions and organizations being forced to pay ransoms to recover data. This is especially worrisome in industries such as health care and military where this can literally put lives in danger.

Prior to the federal government taking action, California and Oregon crafted their own IoT security legislation, and several states such as Illinois, Kentucky and Massachusetts are in various stages of creating their own rules.

While this is encouraging because it means the issue is now being taken seriously, this “every state for themselves” approach causes confusion and a lack of consistency for device manufacturers.

With each state having separate task forces, and each looking at IoT cybersecurity from their own perspective, there is a lack of a cohesive security policy. This means requirements will differ from state to state, making compliance with varying sets of rules difficult for device manufacturers.

Now that the federal government has stepped in and passed the IoT Cybersecurity Improvement Act, providing corresponding documentation and reporting requirements, device manufacturers have the guidance they need to be in alignment with government procurement policies.

The hope is that these standards will be universally applied so IoT device manufacturers willingly comply with regulations that make IoT ecosystems extremely secure.

The Allegro Cryptographic Engine Listed as a CMVP Module in Process by NIST

Allegro is pending review for FIPS 140-3 validation from NIST for the Allegro Cryptography Engine – ACE™. Allegro has been added to the Modules in Process List (MIP), which highlights the modules that the NIST Cryptographic Module Validation Program (CMVP) is actively...

Allegro Joins The Medical Device Software Development Summit

As a leading provider of embedded software solutions, Allegro is pleased to announce its attendance at the Medical Device Software Development Summit 2023. This event is set to take place in Boston, Massachusetts, from May 16th to May 18th, 2023. The Medical Device...

Nielsen Case Study: IoT Device Security for A Multi-Billion Dollar International Company

IoT device security is especially important for a huge, multi-national company like Nielsen, to ensure their data is legitimate and accurate.

Best Practices for Managing IoT Related Risks

Allegro’s “Best Practices” document addresses the topic of IoT security related risks by taking a closer look at Critical Requirements and Functional Implementation.

7 Key Elements of Proactive IoT Security

All types of Internet of Things (IoT) devices are under attack. They are routinely recruited as unwitting members of botnets used for Distributed Denial of Service (DDOS) attacks, hosting various malware, and extracting sensitive data. Why are hackers drawn to these...

Open Source Issues in Mergers and Acquisitions

Open Source Issues in Mergers & Acquisitions In a merger or acquisition in which a technology company is the target, the target company’s software is often a material – and perhaps even the principal – asset of the deal. Often, this software was developed using...
Our Resources

Partnering with IoT Security Experts

Download Allegro’s Playbook

  • This field is for validation purposes and should be left unchanged.

Contact Us Today

  • This field is for validation purposes and should be left unchanged.