{"652216":{"#nid":"652216","#data":{"type":"news","title":"CDAIT IoT Sensor 09.22.2021","body":[{"value":"\u003Ch4\u003E\u003Cstrong\u003EAngelina Kim, The Center for the Development and Application of the Internet of Things (CDAIT)\u003C\/strong\u003E\u003C\/h4\u003E\r\n\r\n\u003Ch4\u003E\u003Cstrong\u003ECybersecurity Dimensions of IoT\u003C\/strong\u003E\u003C\/h4\u003E\r\n\r\n\u003Cp\u003EEncompassing a wide variety of applications from Industrial Internet of things (IIoT) to smart electricity grid, to telemedicine, telehealth, and smart homes, the Internet of Things (IoT) has penetrated and transformed many industries and fields. Yet, as the Internet of Things grows and expands, a key challenge confronts the IoT industry, its developers, and its users: cybersecurity.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIoT device cybersecurity remains a potential barrier to widespread deployment. Many of these devices are smaller with less storage and processing ability, leaving these devices less equipped with robust cybersecurity measures. These devices also usually are interoperable, increasing the security risk. At the same time, these devices may collect private or sensitive data or provide essential uses. This is especially true with the Internet of Medical Things (IoMT) where private medical data is collected, shared, and monitored. Cybersecurity vulnerability leaves this data to potential exposure and attacks like denial of service, malware, wiretapping, and ransomware. A\u0026nbsp;\u003Ca href=\u0022https:\/\/www.fiercehealthcare.com\/tech\/82-healthcare-organizations-have-experienced-iot-focused-cyber-attack-survey-finds\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003E2019 survey reported 82%\u003C\/a\u003E\u0026nbsp;of healthcare organizations have experienced an IoT-focused cyberattack, which unfortunately has not significantly improved subsequently.\u003C\/p\u003E\r\n\r\n\u003Ch3\u003E\u003Cstrong\u003EWhat are the Industry Perceptions?\u003C\/strong\u003E\u003C\/h3\u003E\r\n\r\n\u003Cp\u003EA survey by TripWire and Dimensional Research from March 2021 asked 312 security professionals who work with IoT and IIoT.\u0026nbsp;\u003Ca href=\u0022https:\/\/www.tripwire.com\/misc\/iot-and-iiot-cybersecurity-report\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003E99% reported facing challenges\u003C\/a\u003E\u0026nbsp;with securing their connected devices, and 88% felt that they do not have enough resources to confront those challenges. Furthermore, around\u0026nbsp;\u003Ca href=\u0022https:\/\/www.securityinfowatch.com\/cybersecurity\/information-security\/article\/21216554\/tripwire-survey-99-of-security-pros-struggling-to-secure-their-iot-and-iiot-devices\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003E66% said they had experienced difficulties\u003C\/a\u003E\u0026nbsp;trying to discover and remediate vulnerabilities. When the survey turned to the industrial supply chain,\u0026nbsp;\u003Ca href=\u0022https:\/\/www.securityinfowatch.com\/cybersecurity\/information-security\/article\/21216554\/tripwire-survey-99-of-security-pros-struggling-to-secure-their-iot-and-iiot-devices\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003E97% said they had concerns\u003C\/a\u003E\u0026nbsp;about securing the supply chain, and 87% reported specifically being concerned about the vulnerabilities and risk introduced by IoT and IIoT.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAlthough a relatively older survey (from 2019), the Irdeto Global Connected Industries Cybersecurity Survey of over 700 companies from five countries (China, Germany, Japan, UK, and US) revealed that over\u0026nbsp;\u003Ca href=\u0022https:\/\/irdeto.com\/news\/new-2019-global-survey-iot-focused-cyberattacks-are-the-new-normal\/\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003E82% percent of companies that manufacturer IoT devices\u003C\/a\u003E\u0026nbsp;were concerned that their devices are not secure enough to fend off a cyberattack. Over 90% believed that their devices could be improved to some extent.\u003C\/p\u003E\r\n\r\n\u003Ch3\u003E\u003Cstrong\u003EWhat Has Been Done in the Policy Sphere?\u003C\/strong\u003E\u003C\/h3\u003E\r\n\r\n\u003Cp\u003EIn the past few years, we have seen an increase in cybersecurity measures and policy in IoT at both the federal and state level. At the federal level, the Internet of Things Cybersecurity Improvement Act was passed in December of 2020. The new law directs the National Institute of Standards and Technology (NIST) to create guidelines addressing the cybersecurity risks of IoT technology which are to be updated every five years, although NIST had already been involved in IoT cybersecurity for a number of years. The law also directs the Office of Management of Budget and the Department of Homeland Security to create policies that align with NIST guidelines. By Dec 2022, any government agency cannot renew or create new contracts with any companies that do not meet NIST guidelines.\u0026nbsp;\u003Ca href=\u0022https:\/\/www.nist.gov\/news-events\/news\/2020\/12\/nist-releases-draft-guidance-internet-things-device-cybersecurity\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003ENIST released guidelines shortly\u003C\/a\u003E\u0026nbsp;after the bill became law, and ensuing actions from NIST can be followed at their\u0026nbsp;\u003Ca href=\u0022https:\/\/www.nist.gov\/programs-projects\/nist-cybersecurity-iot-program\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Epage\u003C\/a\u003E\u0026nbsp;for their Cybersecurity for IoT program.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EMost recently, as of May 2021, the White House\u0026nbsp;\u003Ca href=\u0022https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ereleased an executive order\u003C\/a\u003E\u0026nbsp;that reaffirmed the federal government mission to \u0026ldquo;identify, deter, protect against, detect, and respond to... sophisticated and malicious cyber campaigns that threaten the public sector.\u0026rdquo; The order also encouraged collaboration with the private sector, highlighting the importance of \u0026ldquo;adap[ting] to continuously changing threat environments, ensur[ing] its products are built and operated securely, and partner[ing] with the Federal Government to foster a more secure cyberspace.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003ECalifornia and Oregon led the way with their IoT security laws that both went into effect on January 1st of 2020. The laws require manufacturers of connected devices (devices or other objects that are able to connect to the internet) to implement \u0026ldquo;reasonable security features\u0026rdquo; to protect data privacy and information. California\u0026rsquo;s law is broader in that it applies to all IoT devices whereas Oregon\u0026rsquo;s only applies to consumer IoT devices. A policy issue that arose from these laws is that the level of \u0026ldquo;reasonable security\u0026rdquo; measures is unclear beyond the limited guidance of the laws. California\u0026rsquo;s and Oregon\u0026rsquo;s actions pushed other\u0026nbsp;\u003Ca href=\u0022https:\/\/www.govtech.com\/policy\/state-lawmakers-go-after-iot-security-risks-contributed.html\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Estates\u003C\/a\u003E\u0026nbsp;like Illinois, Kentucky and Virginia to consider similar legislation.\u003C\/p\u003E\r\n\r\n\u003Ch3\u003E\u003Cstrong\u003EFor further reading:\u003C\/strong\u003E\u003C\/h3\u003E\r\n\r\n\u003Cp\u003ECybersecurity Threats: The Daunting Challenges of Securing the Internet of Things\u0026nbsp;\u003Ca href=\u0022https:\/\/www.forbes.com\/sites\/chuckbrooks\/2021\/02\/07\/cybersecurity-threats-the-daunting-challenge-of-securing-the-internet-of-things\/\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.forbes.com\/sites\/chuckbrooks\/2021\/02\/07\/cybersecurity-threats-the-daunting-challenge-of-securing-the-internet-of-things\/\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003ECalifornia Passes Nation\u0026rsquo;s First Cybersecurity Law Addressing Internet of Things\u0026nbsp;\u003Ca href=\u0022https:\/\/www.security.org\/blog\/california-passes-first-cybersecurity-law-iot\/\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.security.org\/blog\/california-passes-first-cybersecurity-law-iot\/\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIoT manufacturers - What You Need to Know About California\u0026rsquo;s IoT Law\u0026nbsp;\u003Ca href=\u0022https:\/\/www.natlawreview.com\/article\/iot-manufacturers-what-you-need-to-know-about-california-s-iot-law\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.natlawreview.com\/article\/iot-manufacturers-what-you-need-to-know-about-california-s-iot-law\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003ECalifornia and Oregon\u0026rsquo;s IoT Cybersecurity Law: The 7 Key Points Explained\u0026nbsp;\u003Ca href=\u0022https:\/\/bgnet.works\/california-and-oregons-iot-cybersecurity-law-the-7-key-points-explained\/\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/bgnet.works\/california-and-oregons-iot-cybersecurity-law-the-7-key-points-explained\/\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003ENew IoT Cybersecurity Improvement Act: Creating a Floor For IoT Security?\u003Ca href=\u0022https:\/\/www.iotworldtoday.com\/2021\/02\/02\/new-iot-cybersecurity-improvement-act-creating-a-floor-for-iot-security\/\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.iotworldtoday.com\/2021\/02\/02\/new-iot-cybersecurity-improvement-act-creating-a-floor-for-iot-security\/\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EUnderstanding the Internet of Things Cybersecurity Improvement Act\u0026nbsp;\u003Ca href=\u0022https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/21159985\/understanding-the-internet-of-things-iot-cybersecurity-improvement-act\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.securityinfowatch.com\/cybersecurity\/article\/21159985\/understanding-the-internet-of-things-iot-cybersecurity-improvement-act\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIoT Update: Congress Passes IoT Cybersecurity Improvement Act of 2020\u0026nbsp;\u003Ca href=\u0022https:\/\/www.insideprivacy.com\/internet-of-things\/iot-update-congress-passes-iot-cybersecurity-improvement-act-of-2020\/\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.insideprivacy.com\/internet-of-things\/iot-update-congress-passes-iot-cybersecurity-improvement-act-of-2020\/\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E82% of healthcare organization have experienced an IoT focused cyberattack, survey finds\u0026nbsp;\u003Ca href=\u0022https:\/\/www.fiercehealthcare.com\/tech\/82-healthcare-organizations-have-experienced-iot-focused-cyber-attack-survey-finds\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.fiercehealthcare.com\/tech\/82-healthcare-organizations-have-experienced-iot-focused-cyber-attack-survey-finds\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003ECyberrisk in an Internet of Things World\u0026nbsp;\u003Ca href=\u0022https:\/\/www2.deloitte.com\/us\/en\/pages\/technology-media-and-telecommunications\/articles\/cyber-risk-in-an-internet-of-things-world-emerging-trends.html\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www2.deloitte.com\/us\/en\/pages\/technology-media-and-telecommunications\/articles\/cyber-risk-in-an-internet-of-things-world-emerging-trends.html\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIot and IIoT Security Survey\u0026nbsp;\u003Ca href=\u0022https:\/\/www.tripwire.com\/misc\/iot-and-iiot-cybersecurity-report\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.tripwire.com\/misc\/iot-and-iiot-cybersecurity-report\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EExecutive Order on Improving the Nation\u0026rsquo;s Cybersecurity\u0026nbsp;\u003Ca href=\u0022https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/\u0022 rel=\u0022nofollow noopener\u0022 target=\u0022_blank\u0022\u003Ehttps:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/\u003C\/a\u003E\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":[{"value":"The Great Challenge of IoT: Cybersecurity Innovation and Policy"}],"field_summary":[{"value":"\u003Ch4\u003E\u003Cstrong\u003ECybersecurity Dimensions of IoT\u003C\/strong\u003E\u003C\/h4\u003E\r\n\r\n\u003Cp\u003EEncompassing a wide variety of applications from Industrial Internet of things (IIoT) to smart electricity grid, to telemedicine, telehealth, and smart homes, the Internet of Things (IoT) has penetrated and transformed many industries and fields. Yet, as the Internet of Things grows and expands, a key challenge confronts the IoT industry, its developers, and its users: cybersecurity.\u003C\/p\u003E\r\n","format":"limited_html"}],"field_summary_sentence":[{"value":"CDAIT Blog Post"}],"uid":"35091","created_gmt":"2021-10-28 20:46:32","changed_gmt":"2021-10-28 21:07:17","author":"msoffel3","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2021-09-22T00:00:00-04:00","iso_date":"2021-09-22T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"groups":[{"id":"651193","name":"Blog - Center for the Development and Application of Internet of Things Technologies (CDAIT) "}],"categories":[],"keywords":[],"core_research_areas":[{"id":"39501","name":"People and Technology"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":["info@cacp.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}