Security and Connectivity for IoT Devices

Menu

IoT Cybersecurity Improvement Act 2020 – Business Perspective

Home / IoT Cybersecurity Improvement Act / IoT Cybersecurity Improvement Act – Business Perspective

Let's Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

Let's Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

The Business Perspective

The proliferation of IoT devices within government agencies, and within the economy in general, is happening fast. The use of sensors and other IoT devices for monitoring and collecting data is growing exponentially because of the tremendous value that technologies offer in terms of productivity and quality of life.

With the passage of the IoT Cybersecurity Act, the federal government has taken the first step in ensuring there is uniformity in the security standards related to this burgeoning technology.

Managing the Act

With this act, the government is signalling that security of IoT ecosystems is being taken seriously, and that compliance is a pre-requisite to competing for the massive government agency market opportunity.

But as with most legislation, the ability to strictly enforce the requirements laid out in HR 1668 is lagging. There is no governing process in place, such as the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and 140-3.

This will of course change over time as the ability to verify catches up with the legislation. The responsibility for developing the verification process belongs to the Office of Management and Budget (OMB), and it has until December, 2022, two years after the legislation was passed, to have this mechanism in place.

As it stands now, the accepted path to compliance is a top down approach, with IoT device manufacturers adhering to the NIST guidance as it emerges, both technical (8259 A) and non-technical (8259 B).

While this infrastructure is being developed, the regulators are focused on creating awareness about the legislation, gaining acceptance from IoT technology providers, and securing endorsement from industry participants to exert pressure on the manufacturers.

What this Means for Business

There is general agreement that standardizing security standards is good for all stakeholders. Everyone wants the full value potential of IoT ecosystems to be realized, and this requires effective, across the board IoT security practices.

However, there will likely be push-back as the regulations are being implemented.

The challenge lies in the current IoT product development processes that are designed to maximize innovation, commercialization and speed to market. The concern is that the top down approach being espoused by the legislation will slow things down, and increase costs and time to market.

Most IoT technology providers are using the fastest and most nimble development methods to bring new products to market such as agile software development. This is an iterative, fail fast and fail often model that is built for innovation, flexibility and speed, and is counter to a “one step at a time” top down approach. The question is, how do the requirements of the Cybersecurity Act, such as Secure by Design, documentation and procurement of security components work within an agile framework?

Everyone recognizes the need for security, but this must be balanced with not bogging down the pace of new and increasingly life changing technologies that are being made available in real world applications.

DevOps and DevSecOps must also reconcile how to evolve their technology architectures to support the new regulatory environment.

The likely result is that in the short term there will be push back, difficulty in verifying compliance and the normal confusion that occurs when new regulatory standards are introduced.

But in the longer term, once the growing pains are dealt with, the push to standardize IoT security rules and gain widespread adoption from IoT manufacturers will be good for all stakeholders.

The Allegro Cryptographic Engine Listed as a CMVP Module in Process by NIST

Allegro is pending review for FIPS 140-3 validation from NIST for the Allegro Cryptography Engine – ACE™. Allegro has been added to the Modules in Process List (MIP), which highlights the modules that the NIST Cryptographic Module Validation Program (CMVP) is actively...

Allegro Joins The Medical Device Software Development Summit

As a leading provider of embedded software solutions, Allegro is pleased to announce its attendance at the Medical Device Software Development Summit 2023. This event is set to take place in Boston, Massachusetts, from May 16th to May 18th, 2023. The Medical Device...

Nielsen Case Study: IoT Device Security for A Multi-Billion Dollar International Company

IoT device security is especially important for a huge, multi-national company like Nielsen, to ensure their data is legitimate and accurate.

Best Practices for Managing IoT Related Risks

Allegro’s “Best Practices” document addresses the topic of IoT security related risks by taking a closer look at Critical Requirements and Functional Implementation.

7 Key Elements of Proactive IoT Security

All types of Internet of Things (IoT) devices are under attack. They are routinely recruited as unwitting members of botnets used for Distributed Denial of Service (DDOS) attacks, hosting various malware, and extracting sensitive data. Why are hackers drawn to these...

Open Source Issues in Mergers and Acquisitions

Open Source Issues in Mergers & Acquisitions In a merger or acquisition in which a technology company is the target, the target company’s software is often a material – and perhaps even the principal – asset of the deal. Often, this software was developed using...
Our Resources

Learn How We Can Help You Improve Your IoT Security

Download Allegro’s Playbook

  • This field is for validation purposes and should be left unchanged.

Contact Us Today

  • This field is for validation purposes and should be left unchanged.