Its not really about the law so much as about money. If you don't meet the requirements then the Government, and subcontractors of the government, cannot do business with you. Good luck getting one of those 'loophole' exceptions. If you are serious about selling the to government then you'll get on board, be sure to charge accordingly.
Since 99.9% of IoS crap is direct-to-consumer sales, I'm not sure how effective any of this will really be. And then there's NIST's handling of this, which is typically "you must be FIPS 140 certified", which pretty much guarantees that only the usual government-gravy-train vendors can play because no-one else will sink several hundred thousand per product into getting a piece of paperwork to let them charge ludicrous prices to government agencies. I don't think this will end up as much more than feel-goo
Actually consumers are unaware of most of the IoT devices out there, which is why there are already 20 billion of them. They're things like sewer flow monitors, smart street lights, fish counters, game trail cameras, weather stations, soil moisture monitors, and John Deere tractors. Your Internet-connected refrigerator may be an IoT device, but so is traffic light on the corner, the drone that patrols the corn field looking for insect infestations, and the laser that zapped parasites on the farmed salmon
I would differentiate between SCADA and IoT. SCADA is generally built-like-a-brick-shithouse hardware with some embedded/RTOS like control software, may not have every security feature but generally had some thought put into it. IoS is an obsolete Linux kernel shovelled onto a Raspberry Pi with every port open, every service enabled, and controlled by a Python script hacked together at 4am by one of the devs that mostly works most of the time. Government/corporate use is SCADA, consumer use is IoS. So t
A depressingly large amount of scada firmware is written with the assumption that it will be connected to a secured private network and so anything on that network is trusted.
Then some clown connects it to the public net.
OTOH, consumer IOT firmware is designed to absolutely depend on the mothership so it can be obsoleted at will.
Thanks, that's probably the best definition. The informal one I use is IoS = cheap consumer crap that dies when whoever talked you into buying it shuts down their server, SCADA = industrial-grade gear designed to be as indestructible as possible and not dependent on some server in China, but not with security in mind. We've got SCADA gear running here that dates from the 1990s, has never gone down or crashed that I can remember, and is still actively supported by the vendor. Conversely, we have IoS stuff, snuck in through the back door, that's the IT equivalent of an incontinent toddler.
money (Score:3)
Its not really about the law so much as about money. If you don't meet the requirements then the Government, and subcontractors of the government, cannot do business with you. Good luck getting one of those 'loophole' exceptions. If you are serious about selling the to government then you'll get on board, be sure to charge accordingly.
Re: (Score:3)
Re: (Score:3)
Actually consumers are unaware of most of the IoT devices out there, which is why there are already 20 billion of them. They're things like sewer flow monitors, smart street lights, fish counters, game trail cameras, weather stations, soil moisture monitors, and John Deere tractors. Your Internet-connected refrigerator may be an IoT device, but so is traffic light on the corner, the drone that patrols the corn field looking for insect infestations, and the laser that zapped parasites on the farmed salmon
Re: (Score:2)
Re: (Score:2)
A depressingly large amount of scada firmware is written with the assumption that it will be connected to a secured private network and so anything on that network is trusted.
Then some clown connects it to the public net.
OTOH, consumer IOT firmware is designed to absolutely depend on the mothership so it can be obsoleted at will.
Re:money (Score:2)