Collaborating Authors

IoT legislation device manufacturers need to know about


The IoT Cybersecurity Improvement Act of 2020, signed into law in December of that year, requires government agencies to ensure the security of their IoT devices. Several states, including California and Oregon, have already passed IoT cybersecurity laws. This new act will have a much wider impact and affect how devices are manufactured across the board, since industry and other levels of government tend to follow federal security requirements. Regulatory agencies and standards bodies have proposed new guidance for IoT devices in accordance with the new legislation. Manufacturers should be aware of these changes to avoid penalties or fines, keep their devices safe and do business with government agencies handling sensitive data.

NIST outlines what IoT and software 'security labels' could look like


Cybersecurity labels could convey a software product's or connected gadget's cybersecurity status. But would these labels be useful, and what is a software product anyway in connected cars and consumer appliances? The idea of cybersecurity labels for Internet of Things (IoT) and consumer software has been kicked around for years, and has recently been looked at more seriously in the EU, Australia, UK and elsewhere. In October, Singapore and Finland agreed to recognize each other's cybersecurity labels for IoT devices. But labels were required to be seriously considered in the US as part of president President Biden's May 2021 cybersecurity Executive Order 14028, "Improving the Nation's Cybersecurity".

Understanding Global IoT Security Regulations


The IoT is maturing rapidly, and surveys show that global IoT spending will achieve a combined annual growth rate (CAGR) of 11.3% over the 2020-2024 forecast period. It offers promising benefits that are rapidly transforming a variety of industries, including manufacturing, health care, commercial buildings, smart homes, retail and energy. The huge potential of IoT is becoming a reality, but as adoption accelerates, regulatory bodies and government organizations are realizing the dangers and risks of connected devices if they are not built with proper security in mind--and, in response, are issuing regulations in a variety of forms. They may be specific security mandates, backed by the purchasing power of governments and industry groups, or they may be presented as more voluntary, general guidance on best practices for IoT vendors and end users. Here is a brief update on some of the latest global standards and their implications for today's manufacturers.

A Brief Chronology of Medical Device Security

Communications of the ACM

On Aug. 18, 2014, Community Health Systems (CHS), one of the largest publicly traded hospital system in the U.S., reported that it had experienced the largest-ever breach of patient health information with the exposure of personal information of 4.5 million individuals. This hacking case, along with other high-profile instances, such as the highly publicized breach of a test server of the new Healthcare.

Securing Smart Cities: What You Need to Know


Due to urbanization, which involves a complex set of economic, demographic, social, cultural, technological, and environmental processes, governments are developing smart cities to address some of the challenges unique to urban areas. This development occurs through the transmission of data using wireless technology and the cloud. Smart cities are powered by technologies such as the Internet of Things (IoT), Information and Communications Technology (ICT), and Geographical Information Systems (GIS). Each technology works together to collect and contextualize massive amounts of data that can be used to improve the components and systems running within a city. Smart cities may also utilize artificial intelligence (AI) and blockchain technology for certain systems.