Michael Daniel speaks out on the security threats that the IoT market presents (via getty images)
Recent security scares and hacking has led to a government initiative to create new laws surrounding cypersecurity. Leading this government initiative is Michael Daniel, the special assistant to the President and cybersecurity coordinator. In a series of recent webinars and talks, including the RSA Conference, Daniel has introduced a series of ideas which are up for consideration. In the most recent interview with Dark Reading, Daniel proposed that utilizing a UL model to enforce greater cypersecurity is the latest, most promising idea on the table. Another facet which Daniel intends to explore is encouraging consumers to be diligent and only do business with companies that have greater security. Consumer demand could push companies to have greater security measures on their internet-enabled devices.
The UL model is a standardized set of requirements for electronic devices in the United States, and all devices must undergo this type of testing and certification before they can be sold legally within the United States. Other countries have their own standards, but essentially the UL model ensures that wearable devices don’t accidentally electrocute their wearers. Medical devices are also put through a series of vigorous testing to ensure that they are safe, so a new UL style model would put websites (who opt to pay for the testing, I suppose) through testing to ensure that they are safe. I’d imagine that they’d have to be a safety security rating since just about anything can be hacked if given enough time and opportunity.
Anyhow, while Daniel is not exactly sure what the details of the UL style model would be, he seems confident that it can be appropriate modified to fit the needs of cybersecurity to assure the public that their credit card information will be safe. Personally, so long has the UL certification isn’t necessary for all websites, I think this is a good idea. For instance, I closed my Bank of America account because they decided that it was cheaper to give me a new card every time someone hacked their system, rather than pay for greater cyber security methods! While I’m not concerned about someone hacking an app on my phone, I am worried about the level of hacking that is possibly with big enterprises like Bank of America, Target, and Sony. Daniel believes that the IoT market is only going to make it easier and easier for systems to be hacked. Particularly I think this is true when consumers opt for less secure access methods like PINs when they’re too lazy to put in a password. While passwords are annoying, I’d rather go through an annoying process to keep my information safe.
Finallly, a new Executive Order was created by Obama called The "Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities" Executive Order. This order gives Secretary of Treasury, Secretary of State and Attorney General the power to issue sanctions against entities that cause cyber crime, cyber espionage and cyper attacks. They are still creating the details of how this Executive Order would actually be implemented, but Daniel says that they would only enforce this order if there were no other ways to get the suspects. I don’t really believe that, so I’m interested to see how this order takes effect in the coming year.
Overall, the advice of the government seems to stress taking more care with your information on the internet and driving demand towards ‘safer’ devices and services.
See more news at: