Homeland Security issues call to action on IoT security

Homeland Security issues call to action on IoT security

U.S. Department of Homeland Security’s Robert Silvers says his purpose in speaking at the Security of Things Forum in Cambridge on Thursday wasn’t to scare anyone, but then he went ahead and called on everyone in the room to “accelerate everything you’re doing” to secure the internet of things. As the Assistant Secretary for Cyber Policy at DHS says, IoT security is a public safety issue that involves protecting both the nation’s physical and cyber infrastructures.

Acknowledging a growing national dependency on the internet of things, be it in the medical, utility or transportation fields, Silvers says IoT has his department’s full attention. And a straightforward undertaking it is not, he says.

MORE: 7 cool Internet of Things companies to watch

“The challenge of addressing IoT security on the front end is outweighed only by the far greater challenge of trying to bolt on or patch on security on the back end once an ecosystem is deployed,” he says. “So we all need to think about what we can do right now to get this architecture built the right way.”

Long-term and parallel short-term solutions are needed, says Silvers, who adds that DHS is attempting to synch its efforts with ongoing work by NIST (Cyber-Physical Architecture), the Food & Drug Administration (on medical device security), the Department of Transportation (autonomous vehicles) and in the private sector.

More specifically, DHS is formulating a series of unifying principles – and best practices -- relating to IoT security, including how to patch stuff that’s already in the field and not relying on an unsustainable physical recall process. Building security into the cloud will also be an option. While much of this will wind up being non-technical and just plain common sense for those who work full time in the security industry, awareness needs to be ratcheted up in the mainstream, Silvers says (he didn’t specify when the principles would be released, only that it would be after lots of “extensive consultation” with industry stakeholders).

“The undeniable fact is that there are companies out there that are not accountable for these best practices and approaches,” he says. “The undeniable fact is that there is product being pushed to market right now that has not benefited from best practice security planning.”

The feds will be pushing for everyone from manufacturers to consumers to tech vendors to share IoT security approaches with each other, keeping in line with a broader effort by the Obama administration on information security sharing.

Not that this is a U.S.-only issue, of course, Silvers says. "Everything in cybersecurity is transnational, but IoT especially so," where you might have a device designed in the United States, built in China and deployed in Germany. "It's a global issue," he says, and coming up with policies to secure the disaggregated world of IoT will require serious diplomatic efforts.

IDG Insider


«Yahoo data breach affects at least 500 million users


Impending cumulative updates unnerve Windows patch experts»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Will Kotlin overtake Java as the most popular Android programming language in 2018?