Internet of Things Devices May Provide a Weak Point for Cybersecurity, Says CableLabs
But every device is a potential way into its network, and the recent explosion of IoT devices presents security risks.
David B. McGarry
WASHINGTON, November 9, 2022 – Since Internet-of-Things appliances are prime “landing spot[s]” for cyber-attackers looking for network access, industry standards and open-source resources are important to maintaining cybersecurity at the device level, said Brian Scriber, vice president of security and privacy technologies at CableLabs, a non-profit the innovation arm of the cable industrylab.
“The mark that we’re really shooting for is how do we get some industry-led initiatives to really make a difference on the… supply” (of IoT devices),” Scriber said Tuesday on during a cybersecurity panel at the American Enterprise Institute, a conservative think tank.
IoT refers to network-connected devices that can interact with their environments. IoT devices can be refrigerators, thermostats, home-security systems, health-monitoring devices, and much else. But every device is a potential way into its network, and the recent explosion of IoT devices presents security risks.
“If you are an attacker, finding a vulnerable device like a lightbulb is fantastic because it has power constantly, it has the computational ability to be able to engage, you gave it network credentials when you brought it on your network,” Scriber argued.
Even a secure network can’t protect against the cyber risks associated with vulnerable devices, he added.
In addition to device security, overall network security is crucial and can be enhanced by limiting communication between devices, said Katerina Megas, program manager of the Cybersecurity for Internet of Things Program at the National Institute of Standards and Technology, a federal agency responsible for technical calibration and standard-setting.
“There has to be an ecosystem approach,” Megas said.
In October, President Joe Biden’s administration announced preliminary steps towards a cybersecurity labeling system for IoT devices.
“By developing and rolling out a common label for products that meet by U.S. Government standards and are tested by vetted and approved entities, we will help American consumers easily identify secure tech to bring into their homes,” the White House said.