Security and Connectivity for the IoT Edge

+1 978-264-6600


IoT Cybersecurity Improvement Act 2020 – Business Perspective

Home / IoT Cybersecurity Improvement Act / IoT Cybersecurity Improvement Act – Business Perspective

The Business Perspective

The proliferation of IoT devices within government agencies, and within the economy in general, is happening fast. The use of sensors and other IoT devices for monitoring and collecting data is growing exponentially because of the tremendous value that technologies offer in terms of productivity and quality of life.

With the passage of the IoT Cybersecurity Act, the federal government has taken the first step in ensuring there is uniformity in the security standards related to this burgeoning technology.

Managing the Act

With this act, the government is signalling that security of IoT ecosystems is being taken seriously, and that compliance is a pre-requisite to competing for the massive government agency market opportunity.

But as with most legislation, the ability to strictly enforce the requirements laid out in HR 1668 is lagging. There is no governing process in place, such as the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and 140-3.

This will of course change over time as the ability to verify catches up with the legislation. The responsibility for developing the verification process belongs to the Office of Management and Budget (OMB), and it has until December, 2022, two years after the legislation was passed, to have this mechanism in place.

As it stands now, the accepted path to compliance is a top down approach, with IoT device manufacturers adhering to the NIST guidance as it emerges, both technical (8259 A) and non-technical (8259 B).

While this infrastructure is being developed, the regulators are focused on creating awareness about the legislation, gaining acceptance from IoT technology providers, and securing endorsement from industry participants to exert pressure on the manufacturers.

What this Means for Business

There is general agreement that standardizing security standards is good for all stakeholders. Everyone wants the full value potential of IoT ecosystems to be realized, and this requires effective, across the board IoT security practices.

However, there will likely be push-back as the regulations are being implemented.

The challenge lies in the current IoT product development processes that are designed to maximize innovation, commercialization and speed to market. The concern is that the top down approach being espoused by the legislation will slow things down, and increase costs and time to market.

Most IoT technology providers are using the fastest and most nimble development methods to bring new products to market such as agile software development. This is an iterative, fail fast and fail often model that is built for innovation, flexibility and speed, and is counter to a “one step at a time” top down approach. The question is, how do the requirements of the Cybersecurity Act, such as Secure by Design, documentation and procurement of security components work within an agile framework?

Everyone recognizes the need for security, but this must be balanced with not bogging down the pace of new and increasingly life changing technologies that are being made available in real world applications.

DevOps and DevSecOps must also reconcile how to evolve their technology architectures to support the new regulatory environment.

The likely result is that in the short term there will be push back, difficulty in verifying compliance and the normal confusion that occurs when new regulatory standards are introduced.

But in the longer term, once the growing pains are dealt with, the push to standardize IoT security rules and gain widespread adoption from IoT manufacturers will be good for all stakeholders.

Amazon FreeRTOS Developers Improve IoT Device Security with FIPS Validated Cryptography and TLS v1.3 from Allegro Software

Amazon FreeRTOS Developers Improve IoT Device Security with FIPS Validated Cryptography and TLS v1.3 from Allegro Software Pre-Integrated with Onica’s IoTanium hardware, software, and analytics platform for rapid prototyping and accelerated deployment of your IoT...

Allegro Software Expands IoT Edge Framework with Support for TLS 1.3

Allegro Software Expands IoT Edge Framework with Support for TLS 1.3 Securing IoT edge devices with the latest advanced data-in-motion encryption standard for TLS BOXBOROUGH, MA and SAN FRANCISCO, CA February 24, 2020 - At the RSA® Conference 2020 in San Francisco,...

Allegro Software Announces TLS API Compatibility Layers to Speed IoT Development with TLS v1.3 and FIPS 140-2

Allegro Software Announces TLS API Compatibility Layers to Speed IoT Development with TLS v1.3 and FIPS 140-2 API compatibility with ARM’s Mbed TLS and OpenSSL provides developers with access to latest TLS v1.3 and FIPS Validated Cryptography BOXBOROUGH, MA and SAN...

Best Practices for Managing IoT Related Risks

Allegro’s “Best Practices” document addresses the topic of IoT security related risks by taking a closer look at Critical Requirements and Functional Implementation.

7 Key Elements of Proactive IoT Security

All types of Internet of Things (IoT) devices are under attack. They are routinely recruited as unwitting members of botnets used for Distributed Denial of Service (DDOS) attacks, hosting various malware, and extracting sensitive data. Why are hackers drawn to these...

Open Source Issues in Mergers and Acquisitions

Open Source Issues in Mergers & Acquisitions In a merger or acquisition in which a technology company is the target, the target company’s software is often a material – and perhaps even the principal – asset of the deal. Often, this software was developed using...
Our Resources
Verkada Breach Highlights IoT Device Security Vulnerabilities

Verkada Breach Highlights IoT Device Security Vulnerabilities

In March, Silicon Valley start up Verkada suffered a significant breach when hackers compromised nearly 150,000 of the company’s cloud-based security cameras. Intruders were able to access camera data collected from schools, prisons, hospitals, and several companies, including Tesla and Cloudflare.

read more
Podcast: IoT Cybersecurity Improvement Act 2020

Podcast: IoT Cybersecurity Improvement Act 2020

The intent of the IoT Cybersecurity Improvement Act 2020 is to ensure IoT technologies purchased and deployed by the U.S. Government meet well-understood security standards. The legislation is based on recommendations developed by the National Institute of Science and...

read more
IoT Security in Healthcare

IoT Security in Healthcare

The Internet of Things (IoT) has become prevalent in the healthcare industry due to the benefits derived from sharing patient data and treatment information through connected devices. This convergence of physical assets and digital technologies is the way of the...

read more

Let’s Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.