Building the IoT Security Village
People are often portrayed as the weakest link in a security chain. People can be fooled into revealing passwords, or will often choose passwords that are easily decipherable. It is a misconception that may lead some business owners or IT professionals to believe that IoT, given its near total level of automation, is inherently secure. Nothing could be further from the truth, because nothing is inherently secure.
IoT environments present cyber-criminals with a labyrinth of opportunities, and this year that labyrinth is expected to grow in size by 15 percent (year-on-year) to reach 20 billion devices, according to IHS Markit. To put that figure into perspective, the total number of unique mobile subscriptions globally stands at 4.9 billion (according to the GSMA). IoT dwarfs P2P mobile use in terms of connections and, subsequently, in terms of its potential for breaches in security. (Read More)
Cybersecurity for the Travelling Scientist
Cybersecurity concerns can be particularly acute when crossing international borders. Some regions have a reputation for hacking, and border guards might insist on seeing files.
What can researchers do to keep their data safe from prying eyes on the road? It depends on your data and the threats you’re likely to face, says Morgan Marquis-Boire, director of security for First Look Media in San Francisco, California, who has experience helping government whistle-blowers travel with sensitive data. Are you concerned mostly about overzealous border guards, opportunistic theft or government-sponsored hacking?
Whatever the perceived threat, the first step in data protection, says Marquis-Boire, is encryption — rendering data unreadable by mathematically transforming them with an electronic key. This simple step can protect against casual theft and deter all but the most determined hackers. “The number one thing we push for is encryption of data, whole-disk encryption of portable devices especially,” says John Southall, a data librarian at the University of Oxford,
UK. (Read More)
IoT Products May Soon Require US Government Security Check
A new bill, introduced by members of the US senate, would require stricter government oversight of the the security and manageability of Internet of Things (IoT) devices used by the government.
The bill, brought by a bipartisan group of senators, aims to address some of the glaring security vulnerabilities present in many of these connected devices.
The bill itself was sponsored by four senators—Democrats Mark Warner and Ron Wyden, along with Republicans Cory Gardner and Steve Daines. The bill’s official purpose is stated as “To provide minimal cybersecurity operational standards for Internet-connected devices purchased by Federal agencies, and for other purposes.”
While the regulations would be strict, they’re not hard and fast. Users can apply for a waiver to purchase devices that aren’t compliant with the rules, as long as other precautions are in place, the bill states. (Read More)