US gov’t to Silicon Valley: Tell us how to secure this “Internet of Things”

original_aefd15169aaebd3f037b5ed672db6de1The US Department of Homeland Security has announced that its Silicon Valley Office (SVO)—the agency’s liaison point with the technology industry—will hold an event on December 10 to kick off a recruiting drive for startups and “non-traditional small businesses” interested in latching onto government funding. The Industry Day, being held at the Menlo Park, California, offices of SRI International, will be focused on the current leading source of worry for DHS officials: the “Internet of Things” (IoT).

The DHS posting describes the three-hour event as a time to:

1)Describe the homeland security challenges associated with IoT

2) Describe the benefits of the SVO Innovation Program to startups

3) Show you how to apply for funding

And IoT is high on the DHS’ funding list. Earlier this year, the agency’s Science and Technology Directorate launched a Cyber Physical Systems Security (CPSSEC) program intended to spur development of security measures as part of the design process for IoT devices. In an amendment to a DHS five-year procurement program, the S&T Directorate described the crux of the problem: the “cyber physical” systems hitting the market now have largely “not been subjected to comprehensive threat analyses, have both known and unknown vulnerabilities, and lack security as an integral part of design.” The more IoT devices that are deployed, the bigger the problem will be, DHS officials noted.

“Security is not a feature that will emerge on its own,” they added. “Past results have shown that adding security after systems are designed and deployed, i.e., ‘bolting security on’, is challenging at best and at worst can have catastrophic consequences.”

One of the first areas to get direct attention was medical devices. Last month, the DHS’ Directorate of Science and Technology awarded $1.8 million in funding to the Medical Devices Innovation, Safety, and Security Consortium, a nonprofit industry group, for the development of ways to protect medical devices from cyber-attacks. While the DHS is not writing billion-dollar checks for IoT security fixes, DHS S&T is clearly hoping to give the industry enough of a cash incentive to move in the right direction before regulations come to bear.

 

SOURCE: Sean Gallagher | Ars Technica

Leave a Reply

Your email address will not be published. Required fields are marked *