541,001 active members*
2,873 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

U.S. Introduces Legislation to Improve Cybersecurity of IoT Devices: Is it Enough?

August 2017
24
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
U.S. Introduces Legislation to Improve Cybersecurity of IoT Devices: Is it Enough?

U.S. Senators recently introduced legislation intended to improve the cybersecurity of Internet-connected devices. The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 would require that devices purchased by the U.S. government meet certain minimum security requirements. The main points of the bill are aimed at vendors who supply the U.S. government with IoT devices who would have to ensure that their devices are patchable, do not include hard-coded passwords that can’t be changed, and are free of known security vulnerabilities.

Senator Mark Warner, a co-author of the bill, stated: “My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”

The recent spate of malware attacks and the public exposure of IoT device vulnerabilities in so many sectors have elevated the visibility of cybersecurity and it is encouraging to see that these issues are being addressed at the highest levels. And while this legislation is a positive step forward, the effort begs the question, Is it Enough? And if the answer is no, then the responsibility is on the device developers (where it should be) to step up their efforts to use technologies that are available today to ensure that the devices that are proliferating in the commercial markets are safe, ensure privacy, and maintain data security.

The many facets of security that need to be addressed with Internet-connected devices go well beyond the security requirements put forth in the IoT Cybersecurity bill. For example, developers need to consider authentication or licensing of components based on their unique identity, monitoring and securing system integrity, protection of data and communication, and secure updates and upgrades, and that’s just to name a few.

Oliver Winzenried, CEO and Founder of Wibu-Systems AG, outlined key areas that should be addressed in developing a security framework to protect IoT vulnerabilities. In each of these areas, mechanisms exist that can be implemented today:

  • IP Protection: the actual assets – the IP in the code – can be encrypted with lightweight symmetric encryption and only decrypted on the fly.
  • Product Protection: protect against counterfeiting products by encrypting data and decrypting only on licensed machines.
  • Flexible Licensing: provide variable licensing options like pay-per-use, renting, subscription, etc. for software features. Vendors decide how licenses are deployed, either in app stores or user license portals.
  • Tamper Protection: application code is digitally signed using asymmetric cryptography, with root public keys as securely stored anchors of trust. The devices validate authenticity and integrity themselves.
  • Device identity: Connected devices authenticate themselves with tamper-proof private keys for example. Open standards like OPC UA are excellent solutions for trusted devices of different manufacturers to operate together.

You can read Oliver’s full comments in his article, Security Frameworks to Set the IoT and IIoT in Motion.

0 comments

Blog Archiv

March 2021
February 2021
January 2021
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016