| Keith via plug on 30 Nov 2020 08:27:04 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] IoT Unravelled: parts 1 to 5 |
On Sat, Nov 28, 2020 at 05:26:13PM -0500, Rich Freeman via plug wrote:On Sat, Nov 28, 2020 at 3:45 PM Chad Waters via plug <plug@lists.phillylinux.org> wrote:Related: This bill recently passed the house and senate and is awaiting a presidential signature. Compells NIST to formulate security standards for IoT devices. https://www.govtrack.us/congress/bills/116/hr1668Didn't read the gory details, but how likely do you think that NIST comes up with standards like this: * Encouraging open-source * Mandatory security updates for 10 years * Safeguards to only allow user-authorized firmware changes vs: * Can only run vendor-signed firmware * Remote access by NSA in case they need to rapidly deploy a security hotfix * Blocks access to hacking tools like ssh, linux, etc. I'd love to see security for IoT stuff, but it just seems like this is the sort of thing the government often gets wrong.Who knows in this case, but NIST has a pretty good track record in standards development in general. I just spent a few minutes poking around on their website to see what this was all about. If anyone is interested in the gory details, they've got a video and lots of info on cybersecurity and IoT at https://www.nist.gov/video/what-internet-things-iot-and-how-can-we-secure-it And remember, the great thing about standards is that there are so many of them! Walt
Not only is NIST good at standards, they are respected. One of the things I've often done in the solutions I propose is mention which NIST standards I'm compliant with- perfect example of this are the security encryption standards. So, I can either throw a bunch of acronyms and word salad at people or I can end the conversation with, "this solution uses NIST standard <something here>".
Its sort of a field of dreams thing- if NIST builds it, companies will come. A secondary point here is that you'll find that public sector work usually is going to refer to NIST standards where appropriate. (also by "build" I mean create the standard)
-- ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Keith C. Perry, MS E.E. Managing Member, DAO Technologies LLC (O) +1.215.525.4165 x2033 (M) +1.215.432.5167 www.daotechnologies.com
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug