Its not really about the law so much as about money. If you don't meet the requirements then the Government, and subcontractors of the government, cannot do business with you. Good luck getting one of those 'loophole' exceptions. If you are serious about selling the to government then you'll get on board, be sure to charge accordingly.
Since 99.9% of IoS crap is direct-to-consumer sales, I'm not sure how effective any of this will really be. And then there's NIST's handling of this, which is typically "you must be FIPS 140 certified", which pretty much guarantees that only the usual government-gravy-train vendors can play because no-one else will sink several hundred thousand per product into getting a piece of paperwork to let them charge ludicrous prices to government agencies. I don't think this will end up as much more than feel-goo
Actually consumers are unaware of most of the IoT devices out there, which is why there are already 20 billion of them. They're things like sewer flow monitors, smart street lights, fish counters, game trail cameras, weather stations, soil moisture monitors, and John Deere tractors. Your Internet-connected refrigerator may be an IoT device, but so is traffic light on the corner, the drone that patrols the corn field looking for insect infestations, and the laser that zapped parasites on the farmed salmon
I would differentiate between SCADA and IoT. SCADA is generally built-like-a-brick-shithouse hardware with some embedded/RTOS like control software, may not have every security feature but generally had some thought put into it. IoS is an obsolete Linux kernel shovelled onto a Raspberry Pi with every port open, every service enabled, and controlled by a Python script hacked together at 4am by one of the devs that mostly works most of the time. Government/corporate use is SCADA, consumer use is IoS. So t
It depends I think on how it's used. If it's a closed network you could argue that it's not IoT. But if it's on the internet, even if that just means a closed network using an IPSEC tunnel for remote access from a different closed network, then it's on the internet and probably can be called IoT. Leased lines are expensive and so many of these are being migrated to the internet, while being secured hopefully.
money (Score:3)
Its not really about the law so much as about money. If you don't meet the requirements then the Government, and subcontractors of the government, cannot do business with you. Good luck getting one of those 'loophole' exceptions. If you are serious about selling the to government then you'll get on board, be sure to charge accordingly.
Re: (Score:3)
Re: (Score:3)
Actually consumers are unaware of most of the IoT devices out there, which is why there are already 20 billion of them. They're things like sewer flow monitors, smart street lights, fish counters, game trail cameras, weather stations, soil moisture monitors, and John Deere tractors. Your Internet-connected refrigerator may be an IoT device, but so is traffic light on the corner, the drone that patrols the corn field looking for insect infestations, and the laser that zapped parasites on the farmed salmon
Re: (Score:2)
Re:money (Score:2)
It depends I think on how it's used. If it's a closed network you could argue that it's not IoT. But if it's on the internet, even if that just means a closed network using an IPSEC tunnel for remote access from a different closed network, then it's on the internet and probably can be called IoT. Leased lines are expensive and so many of these are being migrated to the internet, while being secured hopefully.