Homeland Security issues call to action on IoT security

Growing national dependency on internet of things requires swift action on security front, DHS official says

U.S. Department of Homeland Security’s Robert Silvers says his purpose in speaking at the Security of Things Forum in Cambridge on Thursday wasn’t to scare anyone, but then he went ahead and called on everyone in the room to “accelerate everything you’re doing” to secure the internet of things. As the Assistant Secretary for Cyber Policy at DHS says, IoT security is a public safety issue that involves protecting both the nation’s physical and cyber infrastructures.

Acknowledging a growing national dependency on the internet of things, be it in the medical, utility or transportation fields, Silvers says IoT has his department’s full attention. And a straightforward undertaking it is not, he says.

MORE: 7 cool Internet of Things companies to watch

“The challenge of addressing IoT security on the front end is outweighed only by the far greater challenge of trying to bolt on or patch on security on the back end once an ecosystem is deployed,” he says. “So we all need to think about what we can do right now to get this architecture built the right way.”

Long-term and parallel short-term solutions are needed, says Silvers, who adds that DHS is attempting to synch its efforts with ongoing work by NIST (Cyber-Physical Architecture), the Food & Drug Administration (on medical device security), the Department of Transportation (autonomous vehicles) and in the private sector.

More specifically, DHS is formulating a series of unifying principles – and best practices -- relating to IoT security, including how to patch stuff that’s already in the field and not relying on an unsustainable physical recall process. Building security into the cloud will also be an option. While much of this will wind up being non-technical and just plain common sense for those who work full time in the security industry, awareness needs to be ratcheted up in the mainstream, Silvers says (he didn’t specify when the principles would be released, only that it would be after lots of “extensive consultation” with industry stakeholders).

“The undeniable fact is that there are companies out there that are not accountable for these best practices and approaches,” he says. “The undeniable fact is that there is product being pushed to market right now that has not benefited from best practice security planning.”

The feds will be pushing for everyone from manufacturers to consumers to tech vendors to share IoT security approaches with each other, keeping in line with a broader effort by the Obama administration on information security sharing.

Not that this is a U.S.-only issue, of course, Silvers says. "Everything in cybersecurity is transnational, but IoT especially so," where you might have a device designed in the United States, built in China and deployed in Germany. "It's a global issue," he says, and coming up with policies to secure the disaggregated world of IoT will require serious diplomatic efforts.

Join the CSO newsletter!

Error: Please check your email address.

More about Transportation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bob Brown

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts