Tag Archives: standards

IoT Cybersecurity Improvement Act calls for deployment standards

Proponents of a proposed federal bill are seeking the development of security standards for all government-purchased Internet-connected devices — a move that could spur improved security for IoT deployments across non-government entities as well.     

The IoT Cybersecurity Improvement Act of 2019, co-sponsored by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas), would require the National Institute of Standards and Technology (NIST) to issue guidelines for the secure development, configuration and management of IoT devices. It would also require the federal government to comply with these NIST standards. 

Perhaps more significantly, the bill would likely reach beyond the federal government if passed and made into law. Security experts predict that NIST standards would help elevate IoT security throughout private industry and during development of consumer products.

“Our bill establishes baseline cybersecurity standards for government purchased and operated IoT devices,” Rep. Kelly said in an emailed response to questions about the proposed legislation. “Right now, we are focused on securing government IoT devices. I think the most relevant piece to executives would be the ability to use NIST’s Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks as a model for internal standards.”

She added, “Our goal remains securing government IoT devices. If these standards are helpful to the private sector then that’s an additional benefit.”

IoT: Speed to market offsets cybersecurity

Security leaders said there’s a need for improved IoT security: Vendors work fast to bring IoT products to market, while enterprise leaders have moved just as quickly to capitalize on IoT deployments. In both cases, the desire for speed typically trumps security concerns, they said.

Now these security concerns are gaining new attention.

“People have been saying for at least three years that there’s a problem and we need to fix it,” says David Alexander, digital trust expert at PA Consulting.

Others agreed, adding that they think NIST is the right entity to take the lead on establishing security standards.

“We need government intervention,” said Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance at the Graduate School at the University of Maryland University College.

Our bill establishes baseline cybersecurity standards for government purchased and operated IoT devices.
Robin Kelly U.S. Representative (D-Ill.)

Dasarathy said the ripple effect from federal action on IoT legislation would improve product security for consumers and private industry alike. It would also give appropriate IoT security guidance to chief information security officers (CISOs) and other organizational executives.

“Right now many CISOs struggle to determine adequate security,” Dasarathy said.

Weak IoT security has had significant consequences. The Mirai botnets, for example, exploited vulnerabilities in networked devices and led to a massive distributed denial of service attack in 2016.

The skyrocketing number of connected devices also increases the amount of infrastructure to protect. Gartner, the technology research and advisory firm, predicted that 14.2 billion connected things will be used this year, a figure that will hit 25 billion by 2021. That growth means CISOs will be responsible for more than three times as many endpoints in 2023 than they were in 2018.

The emergence of IoT security standards

Despite often treating security as an afterthought, the IoT community — including vendors, executives engaged in IoT initiatives and regulatory bodies — has already started to address security and data privacy issues. This recognition helped create an emerging collection of standards, best practices and regulations such as California’s IoT device law known as SB-327. –It is the first such state law in the United States, and the European Telecommunications Standards Institute has developed similar rules.

However, the IoT Cybersecurity Improvement Act could push IoT safety to the forefront for IoT device makers and end users. This is because of the clout that NIST has in setting standards and that the federal government has in purchase power. The federal bill was advanced out of the House Oversight and Reform Committee in June.

“It will set a direction that will make it easy for others to follow,” said Gus Hunt, managing director and cyber strategist for Accenture Federal Services.

If the bill passes, IoT device makers that want to sell to the federal government would have to design and manufacture products according to NIST standards. To avoid designing a second-tier product for the nongovernment market, those makers would bring those same government devices to the broader market, Hunt explained.

Even if the IoT Cybersecurity Improvement Act doesn’t pass, Hunt said vendors now recognize that buyers want better security features in their products.

“Many manufacturers realize that they have to find a way [to make sure] that whatever they sell is safe, secure and doesn’t place people at higher risk simply by buying the device,” he added.

Security becoming an IoT priority

Meanwhile, private sector CISOs and CIOs could benefit if the bill is passed and NIST develops security standards that give them guidelines to adopt for their own IoT deployments.

“NIST standards could give them leverage in their discussions about budget, controls and selection of products,” Alexander said, as NIST protocols in other areas have often become the basis for best practices in private sector organizations seeking to strengthen their own programs.

However, the bill’s future is uncertain. A similar measure was introduced in 2017 and failed to move forward. On the other hand, the IoT Cybersecurity Improvement Act of 2019 does have bipartisan sponsors — which security experts said gives them some hope that Congress will take favorable action on this issue.

Yet that hope comes with a caveat: They said lawmakers — in Congress and elsewhere — must pay attention to each other’s IoT legislation to ensure they’re all moving in the same direction.

Also, they said NIST should work with industry to craft standards. This cooperative approach is one that NIST typically takes, and it would help ensure that all the various laws share common elements so that vendors understand what they must deliver to the market.

“These things cannot be contradictory. All these versions of [IoT] legislation need to be aligned because vendors want to make one version of their product. All the legislation has to be pointing in the same direction, otherwise it’s not going to work,” Alexander said.

Go to Original Article

Verizon 5G rollout could change broadband competition

Verizon has chosen to temporarily forego standards and launch a proprietary 5G internet service to homes in four U.S. cities. The rush to market could start generating a return from the billions of dollars spent on developing the fifth-generation wireless technology.

Verizon introduced its 5G Home service this week and said it would be available Oct. 1 in select neighborhoods in Houston, Indianapolis, Los Angeles and Sacramento, Calif. The service provider promised a baseline speed of about 300 Mbps, which is significantly higher than Verizon’s current fiber optic service, Fios.

Customers covered in the Verizon 5G rollout could experience speeds close to 1 Gbps if they are in a favorable location relative to Verizon’s 5G small cell site that broadcasts the wireless signal to the home.

Verizon plans to charge wireless subscribers $50 a month for the 5G service and nonwireless subscribers $70 a month. Verizon won’t charge for the first three months of service or for the 5G router and its installation in the home.

The promotional deal makes the 5G offering similar in pricing to the internet service Verizon currently provides through its Fios product, which delivers speeds of only about 100 Mbps or less, said Tom Nolle, principal analyst at technology consulting firm CIMI Corp., based in Township, N.J., in a research note.

“I think Verizon will be moving to normalize their pricing across FiOS and 5G, which could give Verizon users the best internet bargain out there today,” Nolle wrote.

Verizon 5G rollout using nonstandard gear

The home and cell site gear used in the Verizon 5G rollout are temporary. The company plans to replace the proprietary 5G equipment with devices built around universal standards set by the 3rd Generation Partnership Project (3GPP). Verizon will replace the equipment as suppliers deliver standard gear.

Verizon is willing to forego standards initially to be quick to market with 5G internet services and to start generating revenue as soon as possible, said Rajesh Ghai, an analyst at IDC.

“This is a brand-new service for Verizon — incremental revenue,” he said. “They’re not going to eat into anything they’re already selling. They don’t have to get their existing customer base to adopt it.”

Because 5G is a fixed-wireless technology, Verizon can compete against cable companies and rival AT&T without having to bring a cable connection to homes or apartment buildings.

“If you have broadband deliverable to homes over the air, then it becomes a lot faster for a customer to provision the service,” Ghai said. “You get the box from Verizon, and it’s ready to go.”

Indeed, Verizon has made ordering the service easy by launching a website for would-be subscribers.

Verizon 5G rollout includes TV over IP

Verizon’s handling of TV over IP (TVoIP) through the 5G service is also significant. Subscribers get Google’s YouTube TV at no charge for the first three months and then have the option of continuing the service for $40 a month.

The offer shows Verizon is experimenting with TVoIP without having to buy a content provider. “If they like what happens, they could shift FiOS to TVoIP too, and drop a lot of cost along the way,” Nolle said. Also, Verizon could collect user data and website activity on the 5G service and use the information in other applications, such as ad selection.

Microsoft joins the Coalition For Better Ads – Bing Ads

At Microsoft, we believe in supporting and collaborating with the online advertising industry to develop standards that make the digital ecosystem function better for consumers, marketers and publishers.

In this spirit, we are excited to announce that Microsoft has joined the Coalition for Better Ads (CBA). Through our advertising platforms, and our multitude of consumer services, we believe we can make an important contribution to improving and safeguarding advertising standards on the web. 

Microsoft is committed to working with our industry partners and the Coalition for Better Ads to continue the development and implementation of standards that will have a positive impact on consumers and the entire online advertising community.