IoT M2M
0

The Internet of Things (IoT) is rapidly expanding, and the number of connected devices is increasing at an unprecedented rate. With the growing reliance on IoT devices, the need for strong cybersecurity measures has become more pressing. To protect personal information stored on these devices, governments around the world have introduced regulations aimed at improving the standard security of IoT devices.

IoT Cybersecurity Regulations in the US and EU

In the United States, the IoT Cybersecurity Improvement Act was passed in 2020, and the National Institute of Standards and Technology (NIST) was tasked with creating a cybersecurity standard for IoT devices. In May 2021, the Biden administration released an Executive Order to improve national cybersecurity, and in October 2022, the White House released a Fact Sheet to implement a label for IoT devices, starting with routers and home cameras, to indicate their level of cybersecurity.

RELATED: IoT, blockchain, fraud prevention, Conversational AI, new identity services will dominate 2023

In the European Union, the European Parliament has introduced the Cybersecurity Act and the Cyber Resilience Act, which impose several requirements for manufacturers to meet before a product can receive the CE marking and be placed on the European market. This includes stages of assessment and reporting and managing cyber-attacks or vulnerabilities throughout the product lifecycle. The General Data Protection Regulation (GDPR) also applies to companies operating within the EU and requires them to implement appropriate technical and organizational measures to protect personal data.

ADVERTISEMENT

Key Elements of IoT Security Regulations

To comply with the regulations, manufacturers must implement the following key elements:

  1. Software Updates: Manufacturers must provide the option for firmware updates and ensure the validity and integrity of updates, particularly for security patches.
  2. Data Protection: Regulations follow the concept of “minimization of data”, collecting only necessary data with user consent and securely handling and storing sensitive data in an encrypted manner.
  3. Risk Assessment: Developers must follow a risk management process during the design and development phase and throughout the product’s life cycle, including analyzing Common Vulnerabilities and Exposures (CVEs) and releasing patches for new vulnerabilities.
  4. Device Configuration: Devices must be released with a security-by-default configuration and have dangerous components removed, interfaces closed when not in use, and a minimized attack surface through the “principle of least privilege” for processes.
  5. Authentication and Authorization: Services and communication must require authentication and authorization, with protection against brute force login attacks and a password complexity policy.
  6. Secured Communication: Communication between IoT assets must be authenticated and encrypted, using secured protocols and ports.

Navigating Regulations with Check Point Quantum IoT Protect

ADVERTISEMENT

However, complying with these regulations can be a challenge due to their complexity. To make the process easier, various certifications and standards such as UL MCV 1376, ETSI EN 303 645, ISO 27402, and NIST.IR 8259 have been introduced to break down the regulations into practical steps.

Check Point has introduced Quantum IoT Embedded to help manufacturers secure their devices with minimal effort. The solution includes a risk assessment service and a Nano Agent® that can be embedded into an IoT device to provide on-device runtime protection against cyberattacks. The Nano Agent® is a standalone solution that can be added to a product without intrusive code change and requires only minimal resources.

For more information, head to https://www.checkpoint.com/quantum/iot-protect/iot-device-security/

More in Report

You may also like