With the COVID vaccine rollouts in full swing (finally!), attention is beginning to shift towards other priorities that are pressing on the new administration. By now you may be familiar with the Cybersecurity Improvement Act, which was passed bipartisan in late 2020 to help improve the state of IoT Cybersecurity in the new year. Reshifting our focus to this legislation is allowing the security industry to identify if the Act is actually effective and what its short/long term implications look like.
<p>This is effectively the Federal government saying they can’t secure their networks, so let’s pass the responsibility to the IoT manufacturers to secure the devices. This makes almost no sense since these devices still need to expose data to other applications and allow remote access from authorized users. Even if the device is completely secure, as long as it still connects to a network, the network needs to be secure, the users have to be trusted and authenticated, and devices have to be segmented from other unauthorized applications and subnets, etc. A Federal mandate like this is likely to raise the cost of IoT devices while only solving a small portion of the real network issues and perhaps conveying a false sense of security.</p>