US moves forward toward national IoT strategy

Group to identify policies that would “improve co-ordination among federal agencies with jurisdiction over IoT

Photo Credit :,

A group of senators re-introduced a bill that would promote the internet of things (IoT) industry in the United States. Senators re-introduced the Developing and Growing the Internet of Things, or DIGIT, Act which includes several provisions that would encourage lawmakers to nurture connected technology instead of stifling its development. 

Specifically, it would establish a working group, including both federal and private-sector representatives, to identify the regulations or practices “inhibiting or could inhibit the development of the internet of things,” the bill says. 

That working group should also identify the policies that would “improve co-ordination among federal agencies with jurisdiction over the Internet of things.” High on that list of priorities along with ongoing interoperability concerns is IoT security. 

The issue was highlighted last year when the Marai botnet exposed security holes in connected devices.

Given the recent news that the U.S. government is moving forward towards a national IoT strategy, Paul Edon, director at Tripwire, was on hand to comment and give his view on the security aspect of IoT.

He said: “Moving forward with IoT is the future but is it going to be a secure one? Right now, the answer is no. Current embedded devices have gaping security flaws and the fact that many of these devices will remain active for years to come is a worry. 

"Looking out over the next decade however, the expectation or hope is that newly released IoT-type devices will have a much stronger baseline of security. This will only happen however after device makers find that they can no longer turn a profit selling devices with poor security postures.

"Moreover, until we start educating science, technology, engineering, and mathematics (STEM) students on the basics and fundamentals of cybersecurity, we will continue to have a significant proportion of developers building IoT devices without understanding the cybersecurity implications of their designs and implementations. 

"We must change how we educate our STEM students by incorporating cybersecurity fundamentals into our STEM curricula. Until this happens, we will be fighting a losing battle: time and scale is fighting against us.

"Generally, there is little security in the Internet of Things, and there is no body to oversee the implementation of cybersecurity. As a result, we've seen reports that IoT devices such as baby monitors have security flaws, smart cars have been hacked, and there are concerns that smart homes and household appliances are also vulnerable to hacking.

"A common set of best practices is really the only way forward for security in the Internet of Things. Surely, familiar basic industry standards such as the SANS top 20, could and should be used as a minimum benchmark to compare device configurations to, however, specific IoT best practices should come from an industry consortium or government regulation, but without a motivating economic force, there will be little improvement across the board.

"Security-oriented standards have succeeded in other industries, and can succeed with the Internet of Things. As more of these devices can interact with the physical world around us, cybersecurity becomes an issue of cybersafety. If we don’t address the logical security in the Internet of Things soon, we’ll end up with a consumer safety requirement to manage. 

"For any regulation to succeed, it must tip the economic scales in favor of its selected benefit. If the goal is safety, it must become more expensive to be unsafe than compliant. A regulation without teeth simply has no ability to chase down the outliers and snap them into compliance. 

"With more and more devices playing the role of ‘sensor,’ and the ‘brains’ moving to the cloud, the Internet of Things is creating a treasure trove of Internet accessible personal data. While we’re worried about securing the deployed devices, we should also be concerned about securing the data they collect.”

Tags assigned to this article:
usa iot


Around The World