Internet of Things

BITAG’s Big Plan To Secure The IoT

Following October’s massive DDoS attack on Dyn, which knocked out internet service for millions of Americans, many in the industry have been scrambling to come up with ways to secure the Internet of Things from being used as a pawn in future cyberattack schemes.

The Broadband Technical Advisory Group (BITAG) published a report on Tuesday (Nov. 22), which included its recommendations on how to improve the security and privacy of the IoT. BITAG is a group— comprised of FCC Chief Technologist Dale Hatfield, Google, Intel, Microsoft, Verizon, Comcast and other tech industry giants — that was formed back in 2010 to develop a set of best cybersecurity practices for the tech industry.

In the report, BITAG wrote: “Several recent incidents have demonstrated that some devices do not abide by rudimentary privacy and security best practices … Some IoT devices ship ‘from the factory’ with software that either is outdated or becomes outdated over time. Other IoT devices may ship with more current software, but vulnerabilities may be discovered in the future.”

“In some cases, devices have been compromised and allowed unauthorized users to perform Distributed Denial of Service (DDoS) attacks, perform surveillance and monitoring, gain unauthorized access or control, induce device or system failures and disturb or harass authorized users or device owners.”

Though the report disconcertingly points out that many IoT devices may never be fixed, BITAG has laid out recommendations for IoT manufacturers and users to reduce the vulnerability of their products. The recommendations include a set of best current software and cryptography practices. This includes shipping IoT products with current software and a mechanism for automated, secure software updates, as well as strong default authentications and encrypting local data storage.

Other recommendations include restricting IoT communication capabilities, continued functioning in the case of internet or cloud back-end disruption, an easy-to-understand privacy policy and that the IoT industry should consider an industry-wide cybersecurity program.

The threat is real — many experts agree that America is not at all prepared for a major cyberattack.



B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.

Click to comment