skip to main content
Close Icon

In order to deliver a personalized, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. By continuing to use this site and access its features, you are consenting to our use of cookies. To find out more about the way Informa uses cookies please go to our Cookie Policy page.

Global Search Configuration

Ovum view

Summary

A bill has been introduced into the US Congress aiming to require certain security standards for Internet of Things (IoT) devices sold into the US government. This is a good first step, raising the issue in the minds of manufacturers and potentially setting a de facto standard.

Legislation raising the profile of IoT security is good news

The distributed denial-of-service (DDoS) attack on DNS service provider Dyn in October last year resulted in significant portions of the internet being offline in North America and parts of Europe for several hours. It was also the first major DDoS exploit to use a botnet of IoT devices, namely thousands of CCTV cameras and printers infected with the Mirai virus, and dramatically demonstrated how insecure devices can and will be harnessed by cybercriminals.

We have also seen, over the last two years, attacks on critical infrastructure in Ukraine by what security researchers believe to be the Russian group Sandworm, resulting in a cessation of electrical supply to entire sections of the country in the depths of winter.

These episodes demonstrate a growing risk of attacks launched from the IoT, but also of attacks on internet-connected operation technology devices (aka the Industrial IoT, or IIoT). Thus, the US initiative is a welcome first move in the direction of obliging vendors and practitioners of IoT to build security into their devices and networks.

The Internet of Things Cybersecurity Improvement Act of 2017 (IoT-CIA), which was introduced into the US legislative branch last week, aims to ensure that manufacturers of equipment to be sold and deployed into federal government IoT networks meet security standards. There is provision, among other things, for guaranteeing patchability and avoiding default passwords, all of which is a positive move that should spur other governments to think along similar lines.

Appendix

Further reading

"Concerns around security and privacy continue to haunt the smart home market," TE0003-001015 (April 2017)

"Nokia addresses the need for IoT security through its NetGuard IoT security solution," IT0012-000200 (March 2017)

Security Implications of the Internet of Things, IT0022-000277 (December 2014)

Author

Rik Turner, Principal Analyst, Infrastructure Solutions

rik.turner@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Enterprise Decision Maker, Enterprise IT Strategy and Select...

    2017 Trends to Watch: Big Data

    By Tony Baer 21 Nov 2016

    The breakout use case for big data will be fast data. The Internet of Things (IoT) is increasing the urgency for enterprises to embrace real-time streaming analytics, as use cases from mobile devices and sensors become compelling to a wide range of industry sectors.

    Topics Big data and analytics IoT

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 7770704398 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now