New Cyber Standards for IoT Ease – But Won’t Solve – Security Challenge
The first independent standard for cybersecurity for the Internet of Things (IoT) was approved earlier this month, following two years of debate and discussion over how to measure and secure such devices.
The American National Standards Institute (ANSI) approved UL 2900-1, General Requirements for Software Cybersecurity for Network-Connectable Products, as a standard on July 5. The effort was spearheaded by Underwriters Laboratories (UL), which is preparing two more standards to follow: UL 2900-2-1, which defines requirements for network-connectable components of healthcare systems, and UL 2900-2-2, which does the same for industrial control systems.
The three establish the first standard security protocols for software-controlled IoT devices, such as access controls, industrial controls for lighting and mechanical systems, internet-connected medical devices and more. They also offer potential answers to major worries about the lack of security built into such devices thus far. (Read More)
Are Smartphones Threatening the Security of our IoT Devices?
By 2020, the number of Internet of Things devices is estimated to surpass 20 billion. From smart fridges to coffee makers and Barbie dolls, connected things will soon fill our households. Many of these devices are, and will continue to be, accessed via our smartphones. While this is very convenient for users, there are weaknesses in smartphone security that can be exploited to turn smart objects against us. While many of us are now well acquainted with best practice when it comes to using laptops or desktops, it is easy to be somewhat lax when it comes to our phones.
Recent years have seen an upsurge in internet-connected medical devices and fitness trackers, many of which feed data to or can be controlled via apps on our phones. This means that such devices now contain valuable data about our health and wellbeing that are vulnerable to cyberattacks. IoT objects increasingly rely on smart devices with sensors built in and applications to support them. (Read More)
Mocana Teams Up with Gemalto to Secure IoT from End to End
Mocana, a provider of critical security solutions for industrial control systems (ICS) and the Internet of Things (IoT) and Gemalto, a leader in IoT and digital security, have together announced a new partnership to bring connectivity, security and monetization to IoT deployments. The two companies will provide an end-to-end solution for IoT security lifecycle management, including interoperability of Mocana’s IoT Security Platform and Gemalto’s digital security products to protect data and digital identities across endpoint devices, gateways and clouds. Combining the companies’ respective areas of expertise makes it easier for manufacturers, enterprises and service providers to build strong security into IoT devices and critical infrastructure that are vulnerable to cyber-attacks.
Gemalto and Mocana will leverage their solutions and global ecosystems with the goal of making it easier to embed advanced cybersecurity technologies into IoT devices, industrial control systems, and machine-to-machine (M2M) networks. (Read More)