From Atlantic Council Blogs:
I Am The Cavalry’s Josh Corman and Beau Woods were both featured experts in an Atlantic Council blog posting on ensuring security of the global IoT supply chain.
Josh Corman, founder, I Am the Cavalry (dot org); former director, Cyber Statecraft Initiative: “When compared to their Enterprise IT counterparts, IoT devices often prove quite challenging to securely design, develop, and operate. Available “best practices” for cybersecurity carry heavy biases and assumptions across at least six dimensions: consequences of failure, adversaries, device composition, economics, operational context, and time scales. Where smaller, cheaper devices may lack adequate processing power, margins, and the benefit of layered defenses and security teams, they may encounter elevated risks to safety, face a wider swath of accidents and adversaries, and for longer lifecycles than is sound. This framework of six differences for IoT is explored in more detail by “I Am The Cavalry.”
Beau Woods, cyber safety innovation fellow, Cyber Statecraft Initiative; founder and CEO, Stratigos Security: “There are not a lot of laws around IoT, much less enforcement. The United Kingdom’s plan is to restrict sale and import of devices without their top three, but they haven’t yet put that into action. I remember Germany banned a doll named My Friend Cayla that had security issues. California’s IoT law is in force, though I don’t know if there have been any enforcement actions around it.