Raise awareness of environmental health issues in order to better protect our children and future generations.

EMF Studies

31 January 2017

FCC Threatens IoT Industry With Mandatory Cybersecurity Testing

The FCC's warning should not be taken lightly.
FCC Threatens IoT Industry With Mandatory Cybersecurity Testing
by Jason Knott, securitysales.com, 
30 January 2017

The FCC has warned private industry to clean up their act, or it will do it for them.

2016 was not without its fair share of major cyber attacks. Fortunately, the government is looking to address this growing concern.

In one of the last FCC rulings under the Obama Administration, the FCC has issued a stern warning to private industry involved in the Internet of Things (IoT), saying basically, “Clean up your act or we will be forced to step in.”

The warning notes that the government will force commercial companies to institute protective procedures if action is not taken.

The FCC’s Cybersecurity Risk Reduction White Paper, which was issued on January 18, 2017, expresses serious concerns about the “burgeoning and insecure IoT market [that] exacerbates cybersecurity investment shortfalls [because] the private sector may not have sufficient incentives to invest in cybersecurity beyond their own corporate interests.”

Noting that insecure wireless devices have shut down service to millions of users by attacking critical control utilities that are not FCC-regulated, the FCC is advocating “cyber accountability” — a combination of market-based incentives and regulatory oversight — to reduce cyber risk in the communications sector.

Security by Design

Certainly, the FCC is most worried about communications carriers, including Internet service providers primarily. But the IoT world, namely device manufacturers and vendors, would bear a large portion of responsibility.

The FCC proposes that IoT equipment suppliers should implement “security by design” practices to build cybersecurity into their products before marketing them. As defined by the FCC, security by design is “a practice of continuous testing, authentication safeguards, and adherence to best [cybersecurity] practices.”

The FCC hints that regulatory oversight of this process will likely be required, in part because of the “large and diverse numbers of IoT vendors — who are driven by competition to keep prices low — hinders coordinated efforts to build security by design into the IoT on a voluntary basis.”

Accordingly, the FCC states that, among other things, changes to its equipment certification rules may be necessary to protect networks from IoT device security risks.

The last sentence of the report says it all: “The Commission’s preference is to work collaboratively with industry using private/public partnerships. However, if market forces do not result in a tolerable risk outcome, the Commission has tools available to make adjustments to restore the balance.”

This warning is like a pre-9/11 document about Osama bin Laden. It should not be ignored, especially if it means there is a potential “9/11-like” cyber attack coming. The Consumer Technology Association (CTA) and other associations should immediately be engaged with the vendor community on this looming regulatory issue.

About the Author
Jason Knott
Jason Knott is editorial director of Security Sales & Integration.
Contact Jason Knott: jknott@ehpub.com

No comments:

Post a Comment