skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

A bill has been introduced into the US Congress aiming to require certain security standards for Internet of Things (IoT) devices sold into the US government. This is a good first step, raising the issue in the minds of manufacturers and potentially setting a de facto standard.

Legislation raising the profile of IoT security is good news

The distributed denial-of-service (DDoS) attack on DNS service provider Dyn in October last year resulted in significant portions of the internet being offline in North America and parts of Europe for several hours. It was also the first major DDoS exploit to use a botnet of IoT devices, namely thousands of CCTV cameras and printers infected with the Mirai virus, and dramatically demonstrated how insecure devices can and will be harnessed by cybercriminals.

We have also seen, over the last two years, attacks on critical infrastructure in Ukraine by what security researchers believe to be the Russian group Sandworm, resulting in a cessation of electrical supply to entire sections of the country in the depths of winter.

These episodes demonstrate a growing risk of attacks launched from the IoT, but also of attacks on internet-connected operation technology devices (aka the Industrial IoT, or IIoT). Thus, the US initiative is a welcome first move in the direction of obliging vendors and practitioners of IoT to build security into their devices and networks.

The Internet of Things Cybersecurity Improvement Act of 2017 (IoT-CIA), which was introduced into the US legislative branch last week, aims to ensure that manufacturers of equipment to be sold and deployed into federal government IoT networks meet security standards. There is provision, among other things, for guaranteeing patchability and avoiding default passwords, all of which is a positive move that should spur other governments to think along similar lines.

Appendix

Further reading

"Concerns around security and privacy continue to haunt the smart home market," TE0003-001015 (April 2017)

"Nokia addresses the need for IoT security through its NetGuard IoT security solution," IT0012-000200 (March 2017)

Security Implications of the Internet of Things, IT0022-000277 (December 2014)

Author

Rik Turner, Principal Analyst, Infrastructure Solutions

rik.turner@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

  • Enterprise Decision Maker, Enterprise IT Strategy and Select...

    2017 Trends to Watch: Big Data

    By Tony Baer 21 Nov 2016

    The breakout use case for big data will be fast data. The Internet of Things (IoT) is increasing the urgency for enterprises to embrace real-time streaming analytics, as use cases from mobile devices and sensors become compelling to a wide range of industry sectors.

    Topics Big data and analytics IoT

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now