The Business of Security
This podcast focuses on many non-technical aspects of cyber risk, cyber security and information security at the intersection of technology and managing to business expectations. Guests include CIOs, CEOs, and CISOs discussing the many facets of the information security industry, what matters, what needs to change and how to deal with modern-day challenges in this dynamic industry.
The Business of Security
#33 – IoT Security in the US Federal Government with Drew Spaniel
In this episode, guest Drew Spaniel walks us through the new law passed in late 2020, The IoT Cybersecurity Improvement Act of 2020 (HR 1668), and how if will affect not just US federal government procurement, but IoT device manufacturers, and consumers as well.
The Act calls for IoT devices to be secured by manufacturers based on NIST guidance and cybersecurity best practices. From the Congessional Budget Office:
"Under H.R. 1668, NIST also would publish standards for federal agencies, contractors, and vendors to systematically report and resolve security vulnerabilities for IoT devices. Each agency’s chief information officer would be required to ensure compliance. OMB would establish federal standards for that coordinated reporting process that are consistent with NIST’s standards and guidelines."
Guest:
Drew Spaniel, Lead Researcher, ICIT (Institute for Critical Infrastructure Technology)
Hosts:
Malcolm Harkins, Chief Security and Trust Officer, Cymatic
Chad Boeckmann, Founder/CEO, TrustMAPP
Sponsor:
TrustMAPP (https://trustmapp.com)