Cisco security chief backs government IoT regulation

Connected devices are giving CISOs a "headache", and authorities should step in to impose minimum standards

IoT

Governments should implement a set of legally-enforceable minimum standards for new internet of things (IoT) devices to allay businesses’ fears around the technology, Cisco’s security leader has claimed.

A swathe of IoT devices that are unsecure by default are on the market and are giving security teams and CISOs a “headache” about how to deal with them, according to the networking firm’s VP for global security sales, John Maynard.

Advertisement - Article continues below

Given the prospect of an exponentially rising attack surface, the authorities should produce a set of minimum standards that device makers must adhere to, he told delegates at this year's Cisco Live in Barcelona. The alternative scenario is security teams using systems to secure each individual IoT device as they are connected to their network. This is partially why the promise of IoT hasn’t been fulfilled.

“Frankly, the job of a CISO is extremely challenging right now because IoT, in its multiple form factors, is just expanding the attack surface for the security professional beyond levels that it's ever been,” Maynard said.

“You're connecting operational technology to the network. You're connecting numerous devices that could communicate with different parts of the organisation. We need to get a handle on it.”

Advertisement
Advertisement - Article continues below

He argued that the vast majority of connected devices that can be added to organisations’ networks are insecure by design, although that shouldn’t put a total block to all such devices from being connected. The result, however, is that security professionals now have the added task of having to secure reams of unsecure endpoints.

“You either solve it with at a device level, and you regulate and from a governmental perspective and standards perspective – secure by design – which is what it should be,” he continued. 

Advertisement - Article continues below

“Or you say, 'I need to be able to monitor what is connected to my infrastructure, I need to be able to segment my network so if a connected device is doing something abnormal, I can detect it and then I can quarantine it and just restrict the access'.”

“I do believe there needs to be minimum standards of what security should look like in IoT devices, but it’s extremely complicated because you’re looking at cars, you’re looking at refrigerators, toasters, anything.”

Authorities across the world have cottoned onto the fact that many IoT devices are not build with security in mind, with the UK government, for example, last year opening a consultation on introducing new IoT security laws.

This week, the Department for Digital, Culture, Media and Sport (DCMS) introduced plans that could see device makers have to comply with a set of security requirements when manufacturing IoT devices. 

These measures include shipping connected devices with unique passwords that cannot be reset to any universal factory settings, as well as a point of contact that can be used in order to report any vulnerabilities discovered.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020
Visit/hardware/355904/picking-the-perfect-multifunction-printer
Hardware

Picking the perfect multifunction printer

4 Jun 2020