The U.S. Department of Homeland Security (DHS) this week issued a report urging developers, manufacturers, and service providers to boost security around the Internet of Things (IoT) to curtail growing cybersecurity risks around connected devices.
According to the DHS’s “Strategic Principles for Securing the Internet of Things” report, the IoT has grown faster than the means to secure it, opening the ecosystem up to attacks from “malicious actors” who could manipulate the flow of information to and from devices or tamper with the devices themselves. Other risks include the theft of sensitive data, the loss of consumer privacy, interruption of business operations, and the slowdown of Internet functionality via distributed denial-of-service attacks, the report said.
As connected devices are introduced to help monitor critical infrastructure, such as power grids, the risk on that front will increase as well, DHS said. The report in particular cited an instance where a cyberattack successfully disabled parts of a power grid in the Ukraine last year.
To help mitigate these risks, DHS called on IoT stakeholders to follow a set of six principles to boost security, including incorporating security at the design phase, advancing security updates and vulnerability management, building on proven security practices, prioritizing security measures based on potential impacts, promoting transparency across the IoT, and connecting devices “carefully and deliberately.”
“We increasingly rely on functional networks to advance life-sustaining activities, from self-driving cars to the control systems that deliver water and power to our homes. Securing the Internet of Things has become a matter of homeland security. The guidance we issued today is an important step in equipping companies with useful information so they can make informed security decisions,” Secretary of Homeland Security Jeh Johnson said in a statement.
DHS officials said the principles set forth in the report are a first step to “motivate and frame” conversations in an area where such discussions have been fragmented at best.
“We have a rapidly closing window to ensure security is accounted for at the front end of the Internet of Things phenomenon,” Assistant Secretary for Cyber Policy Robert Silvers said. “These principles will initiate longer-term collaboration between government and industry. Together we will work to develop solutions to address the resilience of the Internet of Things so that we can continue to benefit from the remarkable innovation that is driving our increasingly-connected world.”