Senate Cybersecurity Caucus co-Chairman Sen. Mark Warner, D-Va., sought information Tuesday from the FCC, FTC and Department of Homeland Security's National Cybersecurity & Communications Integration Center on available and needed tools for preventing cyberattacks on IoT-connected consumer devices. He also raised a net neutrality concern. Warner said his inquiry stems in part from Friday's distributed denial of service attacks against DynDNS. The DDoS attacks caused outages of Twitter and other major websites that use Dyn's services (see 1610210056), leading to calls for action from other lawmakers and IoT stakeholders (see 1610250021). Warner cited the Mirai command-and-control botnet, saying it targeted “highly insecure” connected devices in increasing numbers since the start of October. The U.S. Computer Emergency Readiness Team also warned that release of the Mirai botnet’s code increased the risk of copycats. Mirai’s efficacy largely depends “on the unacceptably low level of security inherent in a vast array of network devices,” Warner said in a letter to FCC Chairman Tom Wheeler. Warner questioned FCC net neutrality rules mandating that “ISPs cannot prohibit the attachment of ‘non-harmful devices’ to their networks.” Devices “with certain insecure attributes could be deemed harmful to the ‘network’ -- whether the ISP’s own network or the networks to which it is connected,” Warner said. “While remaining vigilant to ensure that such prohibitions do not serve as a pretext for anticompetitive or exclusionary behavior, I would encourage regulators to provide greater clarity to internet service providers in this area.” The FCC "received the letter and [is] reviewing it," a spokeswoman said.
Analog Devices is working with ARM to provide ultra-low-power microcontrollers that ADI said enable more secure and energy-efficient IoT-based devices, the companies said in a Tuesday announcement. By combining ADI’s mixed-signal technology and ARM’s Cortex-M33 processor with TrustZone technology, ADI is addressing a growing need for data security in power-constrained IoT applications where securing every node is “critical to extending the growth of IoT adoption,” it said.
Hikvision and Movidius said their technologies will be used in smart cameras to provide video analytics for car model classification, intruder detection, suspicious baggage alerts and seatbelt detection. Movidius’ Myriad 2 Vision Processing Unit (VPU) technology will be used to run deep neural networks to allow security systems to automatically detect anomalies including suspicious packages, drivers distracted by mobile devices, and intruders trying to access secure locations, they said in a Monday announcement. Running deep neural networks historically has required devices to depend on cloud computing, but the VPU enables advanced algorithms to run inside the cameras themselves, they said.
The Department of Commerce’s National Technical Information Service selected Amazon, HP and 33 other firms Wednesday to be joint venture partners on federally funded data projects. The partnerships are aimed at accelerating “the data innovation process by quickly connecting private sector experts with agencies striving to create smart cities, deliver critical public services, enhance operational excellence or improve accessibility and interoperability among national data sets,” said NTIS Director Avi Bender in a news release. “We expect the new data science platforms, tools and apps created through these partnerships to help agencies save time and money through innovative, effective ways to manage data in carrying out their mission and operations.” NTIS said it selected the 35 joint venture partners through a merit review of submitted proposals.
Cybersecurity spending on connected medical devices by healthcare providers and OEMs will reach $5.5 billion this year, but "only $390 million" of that will be earmarked for securing medical devices, said ABI Research in a news release Monday. "Healthcare stakeholders have to understand that there is a new hostile environment that will emerge around networked medical devices and that threat actors have multiple levels of skills and diverging motivations for attacking the medical IoT," said Research Director Michela Menting. While the U.S. is the only country "putting significant energies" into this area, ABI said awareness is increasing and global spending will triple by 2021.
The Open Connectivity Foundation (OCF) is joining with the AllSeen Alliance and will operate under the OCF name and bylaws, the groups announced. The merger will advance interoperability between connected devices supporting AllSeen’s AllJoyn IoT framework and OCF’s IoTivity open source project, they said Monday. The merged groups will collaborate on future OCF specifications and IoTivity and AllJoyn open source projects, with OCF sponsoring both projects at The Linux Foundation. Both will collaborate to support future versions of the OCF specification in a single IoTivity implementation that combines elements of both technologies, they said. Current devices using either AllJoyn or IoTivity will be interoperable and backward-compatible, ensuring products currently being developed using either technology will work together, they said. The AllSeen Alliance brings a diverse, global membership and millions of AllJoyn-certified products, and OCF brings its membership roster and formal IoT standards with expertise across multiple vertical markets and cloud-based architecture, said the groups.
The Cloud Security Alliance released guidelines to help IoT designers and developers understand security measures for IoT-related products and services, said a Friday CSA news release. CSA’s report cites 13 considerations and guidance for designing and developing “reasonably secure” IoT devices to mitigate common issues with IoT device development, it said. Topics include IoT device security challenges; security options available for IoT development platforms; a categorization of IoT device types and a threat review; recommendations for secure device design and development processes; and a checklist for security engineers and examples of IoT products mapped to relevant threats, it said.
AT&T signed a multiyear agreement with Amazon Web Services to integrate the companies’ networking and cloud capabilities, the telco ISP said in a news release Thursday. The partnership will ease customer migration to the AWS cloud, it said. The companies plan to collaborate on business cloud networking, IoT and cybersecurity threat management, it said.
IBM is plugging $200 million, out of a $3 billion global investment, into the worldwide headquarters for its Watson IoT business in Munich, it said in a news release. The investment is in response to growing demand from customers looking to incorporate IoT and artificial intelligence technologies, it said Monday. The HQ will be home to cognitive IoT Collaboratories, described as hands-on industry labs where clients and partners work with 1,000 IBM researchers, engineers, developers and business experts on automotive, electronics, manufacturing, healthcare and insurance. The goal is to apply new concepts and technologies; build IoT solutions; develop and test new business models, solutions and services; and “push the boundaries of what is possible with IoT,” said IBM.
The Electronic Frontier Foundation called Google's use of the term "incognito" for its Allo messaging app that provides end-to-end encryption "ultimately dangerous" for all users. In a Monday blog post, EFF researcher Gennie Gebhart said Google's use of the term "incognito" means something different in Allo than in the Chrome browser. In the Chrome incognito mode, she wrote, user activity isn't stored in the browser history, though ISPs can still determine which websites are visited. In Allo, no one can read a user's end-to-end encrypted messages, but conversations "are stored on your device for a certain period of time after you send them." Users will likely "misunderstand and underestimate Allo’s end-to-end encryption -- or, even worse, overestimate Chrome’s incognito browsing mode and expose themselves to more risk than the name 'incognito' leads them to expect," wrote Gebhart. Offering end-to-end as a once-in-a-while vs. default option signals to people the level of importance of the message for hackers, spies and others, she said. Instead, Google could, for example, offer two apps, one less secure and one that is end-to-end encrypted, she said. The company didn't comment.