“The application layer of most IoT technologies is critical to their successful implementation, providing the ability to install, operate, manage and update the device as well as connect it to other integrated systems. These applications are no less susceptible to security vulnerabilities than traditional web or mobile applications, and this new legislation puts forth a requirement for identifying and communicating such vulnerabilities.”
- Peter Monahan, Director, Global Solutions Architecture at WhiteHat Security.
“The rapid, and ongoing, expansion in the Internet of Things (IoT) is undoubtedly making our lives more efficient and productive - and it will most likely continue to do so in the coming years' thanks to the gradual deployment of 5G connectivity. However, connecting these devices to our private corporate networks expands the attack surface. It potentially exposes sensitive data such as medical records, personally identifiable information, and workplace plans.”
“The rapid, and ongoing, expansion in the Internet of Things (IoT) is undoubtedly making our lives more efficient and productive - and it will most likely continue to do so in the coming years' thanks to the gradual deployment of 5G connectivity. However, connecting these devices to our private corporate networks expands the attack surface. It potentially exposes sensitive data such as medical records, personally identifiable information, and workplace plans.”
- Stefano De Blasi, Threat Researcher at Digital Shadows.
"While this is to be applauded, it appears that the bill's initial focus is only on IoT devices procured and used by the Federal government.” He adds, "While IoT devices used on government networks are important, legislation mandating the security of all IoT devices would have gone further in providing a more comprehensive approach to IoT device safety. This may create increased sales for companies as they may introduce “Government” grade IoT devices that will cost more. It will be interesting to see if companies improve the security of their consumer-grade products as a result of this standard.”
- Terence Jackson, Chief Information Security Officer at Thycotic.