White Houses Daniel Intrigued By UL-Type Model For IoT Security

  /     /     /  
Publicated : 22/11/2024   Category : security


White Houses Daniel Intrigued By UL-Type Model For IoT Security


Michael Daniel, the national cybersecurity coordinator and assistant to the President, talks Internet of Things security and recent Executive Orders on intel-sharing and sanctions.



SAN FRANCISCO -- An Underwriters Laboratories-type safety certification could serve as a basic model for driving Internet of Things product security, according to the White Houses national cyber security coordinator.
Michael Daniel, special assistant to the President and the nations cybersecurity coordinator, said in an interview here today with Dark Reading that the Obama administration considers such an industry certification model a good option for driving vendors to secure their increasingly Internet-connected consumer products. We are very much interested in voluntary models for this, he said.
He said the UL-style concept is intriguing to him. A nonprofit consortium that would rate products … I find that model very intriguing and similar in the development of IoT security and safety, he said. UL -- which tests and certifies appliances for electrical safety -- may not map completely with IoT, of course, he said. Meanwhile, some IoT products, such as medical devices, will likely fall under existing safety and security regulations, he said.
Consumers also could be a force for improving IoT security, he said. Its incumbent … for consumers to drive their concern about [security] in their demand for Internet of Things products, he said. If consumers begin comparing and purchasing wearable fitness devices, for example, for their cybersecurity features, that could help drive the market for more secure products.
On the flip side, the bad guys ultimately may provide the impetus for IoT vendors to build security into their products. The bad guys will figure out a way to monetize this, and incidents will also spur results in security, he said.
The Sony hack is an example of how a real-world security incident served as a cautionary tale, according to Daniel. One of the most interesting effects of the attack on Sony was how many companies now seem to have really focused on concerns of getting hacked, he said. Daniel said he thinks thats because Sony wasnt an obvious target for PII, nor a critical infrastructure provider: I had a lot of feedback from CIOs that this drove the point that it could happen to anyone.
The Obama administrations recent EO promoting cyber intelligence-sharing, meanwhile, aims to ensure the sharing of this information is occurring on multiple axes, Daniel said.
The administrations policy on intel-sharing flipped the default position in government on sharing threat intelligence, Daniel said, to sharing it with private industry as well as among agencies. The conduit will be NCIC, the FBI, and the Defense Department, he said.
Trust among all of the participants is important, as is getting value from actually sharing intel, he said.
The next part is the hard part: the nuts and bolts, Daniel said.
Earlier today, during a Q&A session at the CyberTech Securing The Internet of Things Forum, Daniel said the Obama administrations recent Executive Order for imposing sanctions on cyber criminals and cyber spies was more than two years in the making.
The Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities Executive Order signed by President Obama earlier this month authorizes the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to institute sanctions against entities behind cybercrime, cyber espionage, and other damaging cyberattacks. But some members of the security industry worry the sanctions could backfire and hurt white-hat security researchers due to some ambiguities in the proposed legislation.
Daniel said the administration said the Treasury Department will be tasked with creating implementation guidance, and that the administration has been expanding its dialog with the technology industry. This administration has been very sensitive of the overuse of sanctions … One of the key debates we had in issuing this was whether or not it was an appropriate tool given some of those concerns, he said. We decided we need to have additional tools in the toolbox to spread the range of responses we could have for addressing real cyber actors causing us harm.
The administration will be very restrained in using this authority, he says. Its really designed to go after those targets which we have no other good tools to get at them. One of the things we wrestle with constantly is the tension between short-term returns with the long-term effects on the ecosystem.
Daniel is scheduled to speak here at the RSA Conference on Thursday, in a session titled There Are No Domestic Cyber Issues: US & UK Leaders on Global Partnership. 
 

Last News

▸ Reinventing Higher Education ◂
Discovered: 26/12/2024
Category: security

▸ When education becomes overly virtual. ◂
Discovered: 26/12/2024
Category: security

▸ (ISC)2 and CSA team up to develop new cloud security certification. ◂
Discovered: 26/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
White Houses Daniel Intrigued By UL-Type Model For IoT Security