Its not really about the law so much as about money. If you don't meet the requirements then the Government, and subcontractors of the government, cannot do business with you. Good luck getting one of those 'loophole' exceptions. If you are serious about selling the to government then you'll get on board, be sure to charge accordingly.
Since 99.9% of IoS crap is direct-to-consumer sales, I'm not sure how effective any of this will really be. And then there's NIST's handling of this, which is typically "you must be FIPS 140 certified", which pretty much guarantees that only the usual government-gravy-train vendors can play because no-one else will sink several hundred thousand per product into getting a piece of paperwork to let them charge ludicrous prices to government agencies. I don't think this will end up as much more than feel-goo
Actually consumers are unaware of most of the IoT devices out there, which is why there are already 20 billion of them. They're things like sewer flow monitors, smart street lights, fish counters, game trail cameras, weather stations, soil moisture monitors, and John Deere tractors. Your Internet-connected refrigerator may be an IoT device, but so is traffic light on the corner, the drone that patrols the corn field looking for insect infestations, and the laser that zapped parasites on the farmed salmon
Yes, security on consumer devices are crap, and likely to always remain so since security is an inconvience and inconvenience lowers sales. But in the commercial and industrial world, IoT devices are common and customers there are much more likely to demand security, especially when used for critical infrastructures. Chip makers are starting to get on the ball too, so instead of offering mediocre WiFi or bluetooth based stuff, they're now offering chips with secure key storage, elliptic curve support, ability to run encrypted object code, and so on.
money (Score:3)
Its not really about the law so much as about money. If you don't meet the requirements then the Government, and subcontractors of the government, cannot do business with you. Good luck getting one of those 'loophole' exceptions. If you are serious about selling the to government then you'll get on board, be sure to charge accordingly.
Re: (Score:3)
Re: (Score:3)
Actually consumers are unaware of most of the IoT devices out there, which is why there are already 20 billion of them. They're things like sewer flow monitors, smart street lights, fish counters, game trail cameras, weather stations, soil moisture monitors, and John Deere tractors. Your Internet-connected refrigerator may be an IoT device, but so is traffic light on the corner, the drone that patrols the corn field looking for insect infestations, and the laser that zapped parasites on the farmed salmon
Re:money (Score:2)
Yes, security on consumer devices are crap, and likely to always remain so since security is an inconvience and inconvenience lowers sales. But in the commercial and industrial world, IoT devices are common and customers there are much more likely to demand security, especially when used for critical infrastructures. Chip makers are starting to get on the ball too, so instead of offering mediocre WiFi or bluetooth based stuff, they're now offering chips with secure key storage, elliptic curve support, ability to run encrypted object code, and so on.