The US is about to see its first state-level legislation regulating the Internet of Things to be more secure.It’s something that any organization implementing large-scale IoT communications networks should be taking very seriously.
The regulation demands that devices fitting this description, which would be most IoT sensors and controllers, have ‘reasonable security’. It defines this by demanding better authentication measures. Manufacturers must force users to generate new authentication credentials before accessing the device for the first time. Otherwise, if they’re using default passwords, they must make them unique to each individual device.
California’s SB-327 Bill has been a long time coming. Introduced in February 2017, it only recently made it through the state legislature to the Governor’s desk. Now that it’s here, though, we can expect it to have wide-ranging effects. It applies to any device that has an IP address and which can connect, directly or indirectly, to the Internet.
Future planning with open standards and certification
While the legislation may not go far enough, it highlights that utilities and smart city planners should be aware of the communications network options available to them, and understand the value of a robust certification program to support long-term compliance. In the case of Field Area Networks, the new Wi-SUN Field Area Network (FAN) certification will help ensure compliance and security to the greatest degree possible in IoT deployments overall, so whatever new bills come in, manufacturers can be sure that they are using products that make their deployments more secure.
It is worth noting that there are at least five bills currently before US Congress that promise to either launch in-depth studies exploring IoT regulation, or to impose new rules. Being one step ahead of the game and introducing certification now across their products, should make sense to those deploying large scale IoT.
Smart city planners should not wait for more regulation before considering security measures as part of their IoT strategy. Building in security by design is a core requirement for any robust smart city or utility connectivity strategy. As planners build the foundations for their IoT infrastructures, there are steps they can take now to harden and protect their networks.
Using open standards based solutions with strong security built in, supported by a diverse and sizeable ecosystem of vendors and integrators can help introduce robust security options for smart cities and utilities. This works in two ways. First, open standards draw on well-established security protocols that have already been vetted by many industry players. Wi-SUN Alliance implements tried and tested security mechanisms to authenticate devices, as well as message encryption and integrity checking to ensure privacy and trust.
Choosing a network solution with a strong certification component is also key when designing IoT network infrastructures. By focusing on strict certification for devices, smart city and utility users can be sure that the sensors and communication equipment they install on their IoT networks will comply with strong security requirements.
Wi-SUN has launched FAN certification program, which puts devices through a stringent set of tests to ensure that they comply with, not only with the strict security requirements, but also with the communication requirements at the physical, data, network and transport layers. Independent testing laboratories use a comprehensive suite of tests to ensure that devices are both conformant and interoperable.
Why mesh is best
Mesh networking is another important part in delivering reliability. This networking topology, which enables multiple communication paths between devices, helps to eliminate single points of failure. This enables the network to keep functioning even if one or more devices fail. This design protects devices from interruptions due to partial network outage,physical obstructions or interference affecting connections. Benefits of Wireless Mesh can be viewed here.
Wi-SUN is the most secure IoT network profile available for mission-critical smart city and utility customers today.
Choosing a communications solution that builds in security from the ground up will help to protect smart cities, utilities and citizens against today’s attacks, and tomorrow’s. More regulations are coming. Will you be ready?
A version of this blog was originally published as part of the Smart Cities Summit event where Phil Beecher hosted the Data and Connectivity track at the Smart Cities Summit in Atlanta, GA, on October 29-30 2018 – www.wi-sun.org.