• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Avoiding Regulation of Device Security? It Doesn’t Have to Be a Struggle

Think Tank
Think Tank RSS FeedRSS

Avoiding Regulation of Device Security? It Doesn’t Have to Be a Struggle

March 25, 2022
Jeanette Sherman, SCB Contributor

Today’s device manufacturers not only face vulnerabilities and costly security breaches, but the growing potential for government regulation as well.

Hackers are finding new ways to gain access to internet of things (IoT) products and weaponize them for attacks, even as manufacturers create new products at a scale that makes manual security processes impractical. The vulnerability in Log4j’s code is just the latest to dominate cybersecurity headlines and affect hundreds of millions of devices. As Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly said, “It is one of the most serious I’ve seen in my entire career, if not the most serious.”

All the more serious because, for various reasons, manufacturers often don’t know what vulnerabilities their devices might have. According to a survey we recently conducted with the Ponemon Institute, only half of manufacturers test products before deploying them. Sixty-two percent of respondents say they lack resources to properly secure their products, and 60% say they lack in-house expertise.

Despite the challenges, something has to change. Fifty-nine percent of respondents say security concerns have cost them sales. And while only 12% say the government should be responsible for ensuring the security of IoT devices, inaction could force regulators to step in, especially if cyber-physical attacks grow in severity and scale.

Most manufacturers would prefer to avoid government regulation, but at least for those in the private sector, there could be another option.

The government began establishing regulatory frameworks with an executive order in May, 2021. Among the mandates is a requirement that federal agencies adopt zero-trust architecture, but there isn’t much assistance to get them there. Unless something changes, the current path of IoT breaches leads toward more government regulation for device manufacturers.

For some, this is unavoidable. In our study with the Ponemon Institute, 36% of respondents say government regulators already require their organizations to provide details about the components of devices or attest to their security.

But government regulations aren’t as responsive as they could be. Regulations could be imposed by people who lack deep knowledge of the issues that the regulated sector is facing. Mandates made reactively, in response to attacks, tend to be implemented quickly.

You can have a much more responsive and flexible framework for security requirements when they come from a private, non-government regulatory body. There’s a national council of Information Sharing and Analysis Centers (ISACs), each of which creates security standards within its sector. The idea is to make sure that the industry has enough self-set regulations that government regulations aren’t necessary.

For example, the IT-ISAC is a non-profit, limited liability corporation formed in 2000 by members of the information technology sector. IT-ISAC touts that “members have access to tens of thousands of threat indicators each week,” and “can help a company manage risks through trusted analysis, collaboration and coordination and drive informed decision making by policy makers on cybersecurity, incident response and information-sharing issues.”

Other ISACS that are active in the IoT world include the Automotive ISAC, Communications ISAC, Healthcare Ready, Health ISAC, and Water ISAC.

Through private regulation, organizations have better visibility into how and why the rules are created, and are likely to have more of a say in what they are. Public regulation doesn’t typically have that transparency or insight from anyone outside the governing body.

Device manufacturers are responsive to their customers’ needs, which is one reason that product security is becoming more important. According to the survey, 73% of respondents noted that customers’ device security concerns had a high impact on the length of the sales cycle. Additionally, 55% of respondents’ sales teams put pressure on those responsible for product security to attest to their security.

A clear set of regulations would make the target easier for those product security teams. While end users might not understand the details of what’s in a device, it’s far more reassuring to know that security standards are created by experts in the field rather than politicians.

If a manufacturer abides by private regulations, it can instill customer confidence that there’s a well-thought-out prescription for security, and that the device was deployed with quality in mind.

Jeanette Sherman is senior director of product at Finite State.

General SCM Technology Technology Regulation & Compliance Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • GSCMS-Promo.png

    Watch: Introducing the Global Supply Chain Marketing Summit

    Education & Professional Development
  • A HAND TURNS A LARGE, LIGHTED DIAL WITH THE WORD RISK ON IT iStock-NicoElNino-1364371014.jpg

    Measuring KPIs and KRIs for Comprehensive Supplier Performance Management

    Technology
  • DEEPLY CRACKED EARTH UNDER A BLUE CLOUDY SKY

    Why Maritime Supply Chains Must Adapt to Sustainability Regulations

    Ocean Transportation

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing