CSAResearch

It's not like you can write an "Internet of Things Law". That said, it would take a combination of government, SDOs, and Industry to devise cohesive regulations. #CSAResearch @cloudsa

(edited)

By SDOs, I am referring to Standards Development Organizations such as ENISA, IEEE, NIST, ISO, etc. #NIST #IEEE #IoT #IOTsecurity #ISO #CSAResearch

(edited)

Interesting concept however, why couldn't you write a "law", it would just standardize regulations regarding security features etc. Maybe that's needed for billions of devices. They did it for cars.

Don't forget the #California IoT Cybersecurity Improvement Act of 2017. But I do think that industry organizations like @cloudsa has an opportunity to outline a security framework for IoT that can serve as a baseline for most Enterprises adopting IoT.

@HeideSean A regulatory framework isn’t well defined and Government agencies will likely need to work together as cases arise that expose the potential downsides of widespread connectivity. This is where orgs such as @cloudsa can bridge the gap #CSAResearch

(edited)

Agreed. I believe South Carolina privacy law requires all IoT *manufacturers* build-in security to all IoT devices. Enforcement will be difficult. #CSAResearch

@FLDougEgan I agree, putting security features into these devices does not mean continuous practice necessarily. When you say build in, is this things such as firewalls, password encryption etc?

Manufacturing of IoT devices in China and @huawei devices must compliance with common criteria CC and GDPR EU to market in CE stamp

@HeideSean I will need to re-visit the legislation to be sure of the details Sean. I will post the details soon. #CSAResearch

@HeideSean The #CCPA requires manufacturers of devices to embed “reasonable” security features, focusing entirely on password authentication. #CSAResearch

What about other threats to IoT devices? IMHO automatic firmware updates should also be required.

Remember the mandatory of PbD & Default in IoT Devices design phase. #CSAResearch

with the IoT, we need to ensure that not just anyone can access our data. IoT devices generate lots of personal data. Including Personally Identifiable Information (PII) like name, address, passwords, and even location. #CSAResearch

Medical devices the confidentiality PII is High

@ramoncod That is one of the biggest risks with moving forward with medical devices in my opinion. There is SO much information for a single person.

@HeideSean of course 🧐 Completely agree

All IoT medical devices with (PHI & PII) must be out. Be careful with the use of @apple like a medical devices and connect to Big data without compliance with HIPAA.

completely agree

A lot of the application protocols that run these cities and devices are insecure by design. Meaning M2M that utilize all of these devices within a smart city as well as large scale have possible flaws that could create a larger risk.

with @commmaritimehub infrastructure the latency is very low at the sea, into 200 NM. We have had a good experience with. #csaresearch

The edge is still just geographically located servers for these devices. With that said, with the proximity to a multitude of devices, security responses may have to act more diligently and be in place.