Making Sense of the IoT Security Protection for your UPS Network Management Card Facebook LinkedIn Twitter Email Pankaj SharmaSeptember 27, 2019September 27, 2019 LinkedIn Viewed: 2212 TAGSIoTCyberSecurityUPS managementremote managementnetwork management cardinternet security law While the Internet of Things promises plenty of business benefits, it also presents significant challenges, with security being at the top of the list. One area that might get overlooked is security in UPS management and the protection of devices such as UPSs, PDUs, racks and other equipment outfitted with network management cards (NMCs) that transmit data over the internet. Once upon a time, these devices simply sat inside data centers, doing their job supporting IT gear. While they may have transmitted health status information on an internal network, it wasn’t connected to any wide-area network or the Internet, so they presented little to no security risk. In the IoT era, that’s all changed. UPSs, PDUs and the like are now located not just in big centralized data centers but in distributed edge data centers that may be literally anywhere. They often contain NMCs that enable them to report health data – usually by sending it via an internet connection. That opens them up as potential points of entry for intruders, meaning you now need to be concerned about security with respect to all of these connected devices. Lawmakers address the issue of IoT security Indeed, the state of California considered the security risks inherent in IoT-connected devices enough of an issue that it passed legislation (SB-327) intended to help address it. The California IoT security law, which goes into effect on Jan. 1, 2020, requires any manufacturer of a device that connects “directly or indirectly” to the Internet to equip it with “reasonable” security features. The features must be “designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure,” the law says. California is not alone in addressing the issue. Bills have been introduced in the U.S. House (H.R. 1668) and Senate (S.734) that would establish minimum security standards for IoT devices sold to government agencies. Similarly, lawmakers in the UK are at work on a law that would outline some basic security requirements for IoT devices and require labels on the devices stating the degree to which they meet the requirements. From a vendor perspective, once the California IoT security law goes into effect, the security requirement may as well apply everywhere. It would make little sense to develop a product that fulfills the California security requirement but only sell it in California, meaning you’d sell a less-secure version elsewhere. So, the law will carry benefits for customers far beyond California’s borders. Features to Promote Secure Remote Management But it will become important for companies to ensure their vendors are complying with the California IoT security law for relevant devices – including NMCs. Among the issues to look for are secure passwords. Devices like NMCs typically come with default user names and passwords that are easily guessed, like “admin” and “1234.” Users should be required to change the default login information with stricter credentials when they first log in to the NMC. Similarly, all non-secure communications protocols should be disabled by default. Secure protocols like HTTPS and SSH are fine, but users should have to actively enable others if they want to use them – and understand the risks. NMC Delivers on Security – and Performance Companies need to look for new solutions to ensure security and prevent attacks. One option is APC by Schneider Electric’s new NMC 3, the latest version of the NMC for APC UPSs, PDUs, racks and other equipment. NMC 3 ensures compliance with the California IOT security law, providing secure remote management for all customers. In addition to new security features, the NMC 3 features a new, faster processor and supports network speeds up to 1Gbps, up from 100Mbps in the NMC 2. That means users will experience better response time and lower latency when connecting to the device, speeding navigation. NMC 3 also supports nearly 100 times larger on-board storage capacity for event and log data as compared to the previous version. So, users will have far less risk of older log data being overwritten by newer data. You can’t be too careful about security in the IoT era. To learn more about how to achieve Certainty in a Connected World, visit our Secure Network Management Card site, where you’ll find more details as well as access to a PDF on IoT security.