DHS Cybersecurity Strategy: What about IoT?


In the spring, the Department of Homeland Security released its cybersecurity strategy to prevent and disrupt cybercrimes and included discussions on IoT security. But John Grimm, senior director of security strategy for Thales eSecurity, says that while the strategy puts forward a sensible risk-based approach to resilient security, the actual effectiveness will be determined if or when the objectives turn into actions.

In an article on IoT Agenda, "The DHS Cybersecurity and IoT Security," Grimm says the place the DHS can really have an impact is in providing organizations with “clear and actionable guidance, as well as accessible tools and resources to shorten the development curve and facilitate implementation of best practices.”

Among the many points Grimm makes regarding the new strategy are:

  • Organizations can work together, without compromising competitiveness, to collectively increase incident preparedness and incident response
  • Every connected product should meet minimum standards that mitigate common threats with high potential impact
  • An example of this is a measure requiring administrative passwords to be changed upon installation, and ensuring that devices have a secure means by which updates and patches can be installed
Photo by metamorworks/iStock / Getty Images

Grimm also points out that initiatives that encourage collaboration have already occurred in the financial services and automobile industries, and that the DHS has noble aspirations in its strategy around information sharing and collaboration.

Some of today’s most critical infrastructure was not built for the current risk environment. As with everything in life, everyone needs to bring something to the table for this to be successful. Read Grimm’s full article on IoT Agenda here.