John Yeoh3
A2 One challenge with government regulation with IoT is the politics with international boundaries. Many IoT devices are manufactured in China for other Nation-state markets. Can this be properly regulated? #csaresearch #iot #iotsecurity
Shamun Mahmud
It's not like you can write an "Internet of Things Law". That said, it would take a combination of government, SDOs, and Industry to devise cohesive regulations. #CSAResearch @cloudsa
(edited)
Shamun Mahmud
By SDOs, I am referring to Standards Development Organizations such as ENISA, IEEE, NIST, ISO, etc. #NIST #IEEE #IoT #IOTsecurity #ISO #CSAResearch
(edited)
Sean Heide
Interesting concept however, why couldn't you write a "law", it would just standardize regulations regarding security features etc. Maybe that's needed for billions of devices. They did it for cars.
John Yeoh
Don't forget the #California IoT Cybersecurity Improvement Act of 2017. But I do think that industry organizations like @cloudsa has an opportunity to outline a security framework for IoT that can serve as a baseline for most Enterprises adopting IoT.
Shamun Mahmud
@HeideSean A regulatory framework isn’t well defined and Government agencies will likely need to work together as cases arise that expose the potential downsides of widespread connectivity. This is where orgs such as @cloudsa can bridge the gap #CSAResearch
(edited)
Doug Egan
Agreed. I believe South Carolina privacy law requires all IoT *manufacturers* build-in security to all IoT devices. Enforcement will be difficult. #CSAResearch
Sean Heide
@FLDougEgan I agree, putting security features into these devices does not mean continuous practice necessarily. When you say build in, is this things such as firewalls, password encryption etc?
Doug Egan
@HeideSean I will need to re-visit the legislation to be sure of the details Sean. I will post the details soon. #CSAResearch
Doug Egan
@HeideSean The #CCPA requires manufacturers of devices to embed “reasonable” security features, focusing entirely on password authentication. #CSAResearch
Doug Egan
What about other threats to IoT devices? IMHO automatic firmware updates should also be required.
ramon
Remember the mandatory of PbD & Default in IoT Devices design phase. #CSAResearch