Growing national dependency on internet of things requires swift action on security front, DHS official says Credit: Bob Brown/NetworkWorld U.S. Department of Homeland Security’s Robert Silvers says his purpose in speaking at the Security of Things Forum in Cambridge on Thursday wasn’t to scare anyone, but then he went ahead and called on everyone in the room to “accelerate everything you’re doing” to secure the internet of things. As the Assistant Secretary for Cyber Policy at DHS says, IoT security is a public safety issue that involves protecting both the nation’s physical and cyber infrastructures.Acknowledging a growing national dependency on the internet of things, be it in the medical, utility or transportation fields, Silvers says IoT has his department’s full attention. And a straightforward undertaking it is not, he says.MORE: 7 cool Internet of Things companies to watch“The challenge of addressing IoT security on the front end is outweighed only by the far greater challenge of trying to bolt on or patch on security on the back end once an ecosystem is deployed,” he says. “So we all need to think about what we can do right now to get this architecture built the right way.” Long-term and parallel short-term solutions are needed, says Silvers, who adds that DHS is attempting to synch its efforts with ongoing work by NIST (Cyber-Physical Architecture), the Food & Drug Administration (on medical device security), the Department of Transportation (autonomous vehicles) and in the private sector.More specifically, DHS is formulating a series of unifying principles – and best practices — relating to IoT security, including how to patch stuff that’s already in the field and not relying on an unsustainable physical recall process. Building security into the cloud will also be an option. While much of this will wind up being non-technical and just plain common sense for those who work full time in the security industry, awareness needs to be ratcheted up in the mainstream, Silvers says (he didn’t specify when the principles would be released, only that it would be after lots of “extensive consultation” with industry stakeholders). “The undeniable fact is that there are companies out there that are not accountable for these best practices and approaches,” he says. “The undeniable fact is that there is product being pushed to market right now that has not benefited from best practice security planning.”The feds will be pushing for everyone from manufacturers to consumers to tech vendors to share IoT security approaches with each other, keeping in line with a broader effort by the Obama administration on information security sharing.Not that this is a U.S.-only issue, of course, Silvers says. “Everything in cybersecurity is transnational, but IoT especially so,” where you might have a device designed in the United States, built in China and deployed in Germany. “It’s a global issue,” he says, and coming up with policies to secure the disaggregated world of IoT will require serious diplomatic efforts. Related content feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry Technology Industry Technology Industry news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe