In Brazil, the Ministry of Science, Technology, Innovations and Communications and the Ministry of Agriculture, Livestock and Supply signed a technical cooperation agreement focusing on exporting Brazilian Internet of Things (IoT) solutions for agriculture. The agreement also establishes the creation of the Agro 4.0 Chamber, as part of the National Plan for the Internet of Things. Argo 4.0 Chamber will function as a joined body in which representatives from the government, private companies, and academia will participate, in order to build a strategy for creating internet-connected farms.
According to publication, the UK National Health System (NHS) will offer wearable tech to help people monitor their health habits in order to reduce the risk of type 2 diabetes. In addition, using apps, the participants will have 24-hour access to health coaches and educational content; online peer support groups; and the ability to set and monitor health goals electronically. The decision to implement such a program comes following the results of a successful pilot, in which access to online information increased the number of people becoming involved in the national Diabetes Prevention Programme (DPP).
Microsoft Threat Intelligence Center published a post according to which in April this year security researchers in Microsoft discovered that attempts were made to compromise popular IoT devices (a VOIP phone, an office printer, and a video decoder) across multiple customer locations. The investigation revealed that the perpetrator used these devices to gain access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords and in the third case, the latest security update had not been applied to the device. These vulnerabilities enabled the attacker to establish a presence on the network and to look for further access. The team attributes the attacks again to Strontium and notified to those who have been targeted. An analysis revealed that one in five attacks was tied to attacks against non-governmental organizations, think tanks, or politically affiliated organizations around the world. The remaining 80% of the attacks have targeted organizations in the following sectors: government, IT, military, defense, medicine, education, and engineering. The team also discovered attacks against Olympic organizing committees, anti-doping agencies, and the hospitality industry.
The Brazilian National Telecommunications Agency plans to hold public consultation about IoT regulation
The Brazilian National Telecommunications Agency (Anatel) approved the holding of public consultation in order to assess the existing regulation of applications based on IoT (Internet of Things) and machine to machine communication. The aim of the consultation is to find ways to minimize regulatory limitations and to expand the use of such applications. The public has 45 days to comment. This move aligns with the national IoT plan which was announced earlier this year, and the goal is to finish the update of the regulatory policy till the end of 2020.
The US National Institute of Standards and Technology (NIST) published a draft guide titled NISTIR 8259 - Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers. The guide aims to assist Internet of things (IoT) device manufacturers to understand the cybersecurity risks of their devices. The publication defines six cybersecurity features that manufacturers can voluntarily apply in their IoT devices that consumers can look for while purchasing the devices: (a) Device identification: The IoT device should have a way to identify itself, via a serial number and/or unique address when connecting to networks. (b) Device configuration: Users should be able to change the device software and firmware configuration. (c) Data protection: It should be clear how the IoT device protects the data it stores and warns about any unauthorised access and modification. (d) Logical access to interfaces: The device should limit access to authorised local and network interfaces. (e) Software and firmware update: The device’s software and firmware should be updatable, using a secure and configurable mechanism. (f) Cybersecurity event logging: IoT devices should log cybersecurity events and make the logs accessible to the owner or manufacturer. The deadline for public comments on the report is 30 September 2019. The guide complements the recent publication of NIST that dealt with IoT cybersecurity challenges of large organisations (e.g. federal agencies).
Reps. Doris Matsui (D-Calif) and Michael McCaul(R-Texas), co-chairs of the High-Tech Caucus, have introduced the IoT Standards Leadership Act at the House of Representatives. Should the bill pass, it would require the Department of Commerce to conduct a study on the following topics: U.S. involvement in the international standards setting processes; efforts of foreign countries to create country specific IoT standards; the progress that has been made in development international IoT standards; how to support U.S. participation and leadership in international standards setting; and the extent to which international standards focus on cyber hygiene and managing risk. In addition, it would require the Department of Commerce to issue recommendations on how to promote U.S. leadership in the processes for creating international standards.
Co-chairs of the Internet of Things (IoT) Caucus, US Reps. Suzan DelBene (D-Wash.) and Congressman John Katko (R-N.Y.), have introduced the IoT Readiness Act in the House of Representatives. Should the bill pass, the Federal Communications Committee (FCC) will be tasked with analysing whether there is enough spectrum available to meet the growing demand and needs of IoTs in the USA, and how much more will be needed if demands exceed spectrum availability.
A study conducted by researchers from the University of Illinois at Urbana-Champaign, Stanford University and Avast Software, analyzed the use of IoT devices in homes around the world. According to the findings of the study, the leading continents in IoT use are North America, Western Europe and Oceania (50% and more), then South America, East Asia (30%), Eastern Europe, Southeast Asia, (20%-25%), North Africa and the Middle East, Central Asia (17%-19%) and finally South Asia (less than 10%). The continents also differ in the popularity of various IoT devices. While in North American, Internet-connected television or streaming devices, are the most popular ones, in South Asia, most of the IoT devices are surveillance devices. Although in all regions the security of these devices is lacking, there is still a variance in the level of security between them. In North American and West Europe, the study revealed less security related issues, in comparison to Central Asia, South American and Sub-Saharan Africa. The researchers also discovered that most of the devices are manufactured by a handful of popular vendors in all regions. The full study will be presented at the upcoming Usenix Security Conference 2019.
The UK National Health Service (NHS) announced the beginning of a collaboration with Amazon through Amazon’s virtual assistant Alexa. According to the announcement, Alexa will assist patients, especially those who cannot access the Internet, to receive medical information from the NHS website by using basic voice commands. Alexa will use information from the NHS website to provide answers to questions such as: ‘Alexa, how do I treat a headache?’, ‘Alexa, what are the symptoms of the flu?’. The goal is to reduce pressure on the NHS in providing basic health information, and is part of the plans to make NHS digitally available.
General Electric (GE) Healthcare and the US Department of Homeland Security each issued advisories alerting healthcare organisations about a security vulnerability discovered in GE anesthesia devices. This vulnerability could enable an attacker to remotely control and change the parameters of an anesthesia device. According to the recommended mitigation steps, health organisations should only use secure terminal servers when connecting these devices to TCP/IP networks.