Lawmakers address the issue of IoT security
Indeed, the state of California considered the security risks inherent in IoT-connected devices enough of an issue that it passed legislation (SB-327) intended to help address it. The California IoT security law, which goes into effect on Jan. 1, 2020, requires any manufacturer of a device that connects “directly or indirectly” to the Internet to equip it with “reasonable” security features. The features must be “designed to protect the device and any information contained therein from unauthorised access, destruction, use, modification, or disclosure,” the law says.
California is not alone in addressing the issue. Bills have been introduced in the U.S. House (H.R. 1668) and Senate (S.734) that would establish minimum security standards for IoT devices sold to government agencies. Similarly, lawmakers in the UK are at work on a law that would outline some basic security requirements for IoT devices and require labels on the devices stating the degree to which they meet the requirements.
From a vendor perspective, once the California IoT security law goes into effect, the security requirement may as well apply everywhere. It would make little sense to develop a product that fulfils the California security requirement but only sell it in California, meaning you’d sell a less-secure version elsewhere. So, the law will carry benefits for customers far beyond California’s borders.
Features to Promote Secure Remote Management
But it will become important for companies to ensure their vendors are complying with the California IoT security law for relevant devices – including NMCs.
Among the issues to look for are secure passwords. Devices like NMCs typically come with default user names and passwords that are easily guessed, like “admin” and “1234.” Users should be required to change the default login information with stricter credentials when they first log in to the NMC.
Similarly, all non-secure communications protocols should be disabled by default. Secure protocols like HTTPS and SSH are fine, but users should have to actively enable others if they want to use them – and understand the risks.
NMC Delivers on Security – and Performance
Companies need to look for new solutions to ensure security and prevent attacks. One option is APC by Schneider Electric’s new NMC 3, the latest version of the NMC for APC UPSs, PDUs, racks and other equipment. NMC 3 ensures compliance with the California IOT security law, providing secure remote management for all customers.
In addition to new security features, the NMC 3 features a new, faster processor and supports network speeds up to 1Gbps, up from 100Mbps in the NMC 2. That means users will experience better response time and lower latency when connecting to the device, speeding navigation.
NMC 3 also supports nearly 100 times larger on-board storage capacity for event and log data as compared to the previous version. So, users will have far less risk of older log data being overwritten by newer data.
You can’t be too careful about security in the IoT era. To learn more about how to achieve Certainty in a Connected World, visit our Secure Network Management Card site, where you’ll find more details as well as access to a PDF on IoT security.