Re: [PLUG] IoT Unravelled: parts 1 to 5

[Keith via plug <plug@lists.phillylinux.org>]

On 11/28/20 10:21 PM, Walt Mankowski via plug wrote:

> On Sat, Nov 28, 2020 at 05:26:13PM -0500, Rich Freeman via plug wrote:
> > On Sat, Nov 28, 2020 at 3:45 PM Chad Waters via plug
> > <plug@lists.phillylinux.org> wrote:
> > > Related: This bill recently passed the house and senate and is awaiting a presidential signature. Compells NIST to formulate security standards for IoT devices.
> > >
> > > https://www.govtrack.us/congress/bills/116/hr1668
> > >
> > >         
> > Didn't read the gory details, but how likely do you think that NIST
> > comes up with standards like this:
> >
> > * Encouraging open-source
> > * Mandatory security updates for 10 years
> > * Safeguards to only allow user-authorized firmware changes
> >
> > vs:
> >
> > * Can only run vendor-signed firmware
> > * Remote access by NSA in case they need to rapidly deploy a security hotfix
> > * Blocks access to hacking tools like ssh, linux, etc.
> >
> > I'd love to see security for IoT stuff, but it just seems like this is
> > the sort of thing the government often gets wrong.
> >       
> Who knows in this case, but NIST has a pretty good track record in
> standards development in general. I just spent a few minutes poking
> around on their website to see what this was all about.  If anyone is
> interested in the gory details, they've got a video and lots of info
> on cybersecurity and IoT at
> https://www.nist.gov/video/what-internet-things-iot-and-how-can-we-secure-it
>
> And remember, the great thing about standards is that there are so
> many of them!
>
> Walt
>       
>     
​​Not only is NIST good at standards, they are respected.  One of the things I've often done in the solutions I propose is mention which
NIST standards I'm compliant with- perfect example of this are the security encryption standards.  So, I can either throw a bunch of acronyms 
and word salad at people or I can end the conversation with, "this solution uses NIST standard <something here>".
Its sort of a field of dreams thing- if NIST builds it, companies will come.  A secondary point here is that you'll find that public sector work
usually is going to refer to NIST standards where appropriate.

(also by "build" I mean create the standard)

-- 
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Managing Member, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167
www.daotechnologies.com
  

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug