Why The IoT Cybersecurity Act Could Influence Future Enterprise Security Standards

Over the past several years, government agencies have embraced mobile devices and other Internet-connected technology in a big way. Internet-connect sensors, often referred to as Internet of Things (IoT), are a big deal throughout every sector. They are used for everything from environmental monitoring and security, to fleet management and predictive maintenance. 

Federal agencies are adopting IoT in droves, citing increased data collection and greater operational efficiency. According to a recent GAO report, 56 percent of federal respondents said their agencies are either using or plan to use IoT to collect environmental, health/biometric, or telematic data; control or monitor equipment or systems; and track physical assets like fleet vehicles and equipment.

What the IoT Cybersecurity Act means for the public (and even private) sector

While IoT devices are invaluable, they do present some security risks, partly because they are still relatively new technology, and partly because there are few security standards yet in place. According to one report, IoT devices saw a 100 percent increase in infections in 2020 over the previous year. 

Federal lawmakers are aiming to address these concerns with a new IoT security bill voted into law in December 2020 by Congress. The IoT Cybersecurity Improvement Act of 2020 requires that all Internet-connected devices purchased by the federal government comply with minimum security recommendations issued by the National Institute of Standards and Technology (NIST). It focuses specifically on how IoT devices can securely transmit data across applications and other systems being used, such as mobile devices.

This bill will have a major impact on the way federal agencies buy and use any type of Internet-connected device.

While the law today applies only to devices used by federal agencies, many states are adopting similar laws, including California. It’s growing quickly, and enterprises should be ready to comply as these types of security measures become the norm across both the private and public sector.

With the adoption of both enterprise mobility and IoT devices on the rise, it’s never too early for organizations in both, the private and public, sectors to protect their data. Here’s what you should keep in mind. 

Choose mobile devices that keep IoT security top of mind

Complying with IoT security requirements starts with the IoT devices themselves. Companies should ask hard questions of their IoT device suppliers to determine that the devices are highly secure and can protect the capture and transfer of information.

Some vendors have gone even further in their efforts to help protect IoT devices. Panasonic, for example, has gone the extra mile to design highly secure IoT devices with its multifunctional secure Internet Controller. Its encrypting functions help protect IoT and industrial devices used in facilities like factories and warehouses by generating and deleting a unique authentication key inside the IC each time.

But that’s only half of the solution. It’s equally important to reinforce that the mobile devices  employees use maintain a highly secure chain of communications. That means securing access to their mobile devices, securing the data stored and the device communications.  

What enterprise mobile device features help safegurad critical?

Here’s what to look for when trying to protect the exchange of data between IoT devices and mobile applications and devices:

Top-notch encryption: Look for features like OPAL SSDs, which add an extra layer of encryption capabilities, along with the latest software encryption. The latest TOUGHBOOK 33, for example, comes standard with OPAL SSDs, along with the option of BitLocker software encryption. These added layers of security help protect data access and sharing done by mobile and field workers. 

A secured-core device: A secured-core mobile device like the Panasonic TOUGHBOOK 55 allows users to boot securely, shield devices from firmware vulnerabilities, protect the operating system from attacks, and prevent unauthorized access to devices and data. 

BIOS-embedded technology: This includes both a persistence module like BIOS-embedded security from Absolute built in, and an application agent that must be installed by the user. This allows IT to pre-set agents to automatically delete sensitive company data or lock a device if it hasn’t connected and reported into a server within a specified number of days. 

Speed and efficiency: When it comes to collecting and processing data from IoT devices, faster is better. The more efficiently the job is done, the less chance there will be for security breaches. Look for modern processors and fast data transfer. The TOUGHBOOK 33, for example, comes with up to 1TB of NVMe SSD and 32G of RAM, a 10th generation Intel Core i5 or i7 processor with Intel vPro technology, WiFi speeds of up to 2.4 Gpbs and Bluetooth 5.1.

Meets latest requirements: Cybersecurity regulations are continually changing. Make sure the devices your employees use have the latest, such as Intel Hardware Shield, and meet Microsoft’s Secured-core PC requirements. The devices should also comply with Trusted Platform Module (TPM) v2.0, an international standard for secure crypto-processors, as well as NIST BIOS-compliant technology.

Pairing a highly secured mobile device with IoT protection software is a good combination. SOTI Connect, for example, can support and protect a wide range of IoT devices, including limited access devices and printers. The software works in conjunction with a mobile device to analyze IoT devices, send alerts when issues are detected, remotely update certificates on devices, and automate enrollment and configuration enforcement.

Find the right enterprise mobility partner

One way to ensure that agencies are heading in the right direction is by working only with vendors that have made security a priority in the past and are committed to continually enhancing device security and complying with the new law. And for those organizations in the private sector looking to commit to data security, a partner with a focus on these standards has become critical.

That means sticking with vendors that follow applicable security standards: application security, network security, endpoint security, and IoT security. Not only is this the best way to be in compliance with the new law, but it’s the best defense against Denial of Service (DOS) attacks, malware, viruses, ransomware, phishing, social engineering, data breaches, and physical security breaches.

While the IoT Cybersecurity Act will initially make more work for both federal agencies and potentially private enterprises down the road, the promise of greater security and peace of mind will clearly be worth the effort.

For more information on the Panasonic TOUGHBOOK family of enterprise-grade mobile devices and securing mobile devices see [Ebook] Securing Mobile Devices for the Anytime, Anywhere Mobile Workplace.