DarkReading.com reported that “The National Institute of Standards and Technology has settled on a standard for encrypting Internet of Things (IoT) communications, but many devices remain vulnerable and unpatched. A new encryption standard for Internet of Things (IoT) should help advance security for these connected devices in businesses, manufacturers, critical infrastructure, and other sectors running this equipment.”  The February 15, 2023 article entitled “NIST’s New Crypto Standard a Step Forward in IoT Security” (https://www.darkreading.com/ics-ot/nists-new-crypto-standard-a-step-forward-in-iot-security) included these comments:

…the Industrial Internet of Things (IIoT) — an umbrella term for connected devices that monitor and control physical systems and industrial processes — is predicted to grow dramatically. The number of industrial IoT connections — a measure of the number of devices deployed — is expected to more than double to 36.8 billion in 2025, up from 17.7 billion in 2020, according to Juniper Research.

However, the massive growth also brings a massive attack surface area. Vulnerabilities in the so-called Extended Internet of Things (XIoT), which includes both devices and the systems that manage those devices, jumped 57% in the first half of 2022 continuing a dramatic rise from the prior year. On the enterprise side, security researchers demonstrated 63 exploitable vulnerabilities in a variety of connected devices at this year’s Pwn2Own, such as printers and network-attached storage.

Meanwhile, enterprise and industrial IoT devices and systems are often used for decades without regular updates, unlike conventional IT environments, which are replaced every three to five years and updated regularly in between, says Bill Malik, vice president of infrastructure strategies at cybersecurity firm Trend Micro.

What do you think?

First published at: https://www.vogelitlaw.com/blog/iot-crypto-standard-is-unlikely-to-fix-20billion-old-iot-devices