The United States Senate earlier this week introduced a bill with the short title ‘‘Internet of Things (IoT) Cybersecurity Improvement Act of 2017’’. Quite impressive sounding and would have been very useful if it did indeed provide a path to improved cybersecurity for the IoT. Having read the bill I can tell you that, in my opinion, you will gain little confidence that it will improve your own cyber security.
Several things are clear from my reading:
- Some in the US Government appreciate the risks that the unbridled pace of IoT installations carries with it.
- They understand the necessity of having some standards to apply, even if the standards are not quite finalized.
- The need to have an inventory of all installed IoT devices is made very clear, and I support wholeheartedly. In fact that is one of the key steps in my courses on managing cyber exposure. They could have improved that paragraph quite a bit by having the inventory identify the responsible party.
- I worry about making such an inventory available on a publically accessible database. If I were a cyber predator I would be very happy to have such information available to me, for free.
If you would like to read the bill yourself you can download it at www.naganresearchgroup.com/IoTAct0817.pdf and decide for yourself what value, and issues, it brings to the table. But in my humble opinion your time would be better spent in taking my managing cyber exposure course and actually gaining practical guidance. Available at http://globalriskacademy.com/p/the-definitive-guide-to-cyber-exposure-management.
Comments