IoT Security Takes Center Stage

Slowly, regulators and key Internet of Things (IoT) stakeholders have moved cybersecurity to center stage. Security is never much fun because it often means playing defense, which generates little of the enthusiasm associated with new technology trends. It is an elephant in the room.

But at least one state, California, has taken a step toward regulating IoT devices. A bill that sets cybersecurity standards for IoT devices is awaiting the signature of Governor Jerry Brown. If the governor signs the bill (SB 327), California would become the first state to pass a law governing IoT security. The new law would require manufacturers to build devices with security features designed to prevent bad actors from accessing them, although it does not define exactly what those features should be. The law also requires that connected devices come with unique passwords that users can change, which is not always the case for many current IoT products.

Not everyone is happy with the California bill. At least one critic says it is based on a superficial understanding of cybersecurity and will not improve the situation. Nonetheless, the bill is a step toward enhanced IoT security from a regulatory perspective and could become the framework for national legislation.

The Cellular Telecommunications Industry Association Creates a Cybersecurity Certification Program

Another influential body—the Cellular Telecommunications Industry Association, which works within the wireless communication industry—has created a cybersecurity certification program for cellular-connected IoT devices. The first of its kind, the program offers certification of IoT devices with emphasis on products built from the ground up with cybersecurity in mind. The program aims to protect not only consumer devices but also wireless infrastructure, and in particular the coming 5G networks, which will be important for smart cities, connected cars, mobile health, and other IoT applications. The new program was developed in collaboration with national wireless carriers such as AT&T, Verizon, and T-Mobile.

PTC Launches a Cybersecurity Initiative

In the private sector, computer software and services provider PTC has launched its own cybersecurity initiative to create more secure IoT deployments. The company is collaborating with customers, partners, and researchers to address product vulnerabilities. PTC has unveiled its coordinated vulnerability disclosure program with the goal of reporting and fixing security vulnerabilities that could affect the environments in which PTC products operate.

Security is on many minds when IoT is the subject, but actions have been sparse. These moves demonstrate security is now being taken more seriously than in the past, and concrete steps are underway. For energy market stakeholders, these moves are important as new applications unfold that include devices in front of and behind the meter. Cybersecurity requires an ongoing focus and must be a top priority as noted in the Guidehouse Insights report titled Managing IoT Cybersecurity Threats in the Energy Cloud Ecosystem.