A House panel urged manufacturing industry partners on Thursday to assist federal agencies with developing improved security standards for internet connected devices to fend off future cyber attacks.
Witnesses at a House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection hearing discussed pressing needs to update cyber security practices at manufacturing plants and build in more resilient data to reduce vulnerabilities in Internet of Things (IoT) devices.
“Constant vigilance and improved coordination will be required to ensure that bad actors don’t take advantage of the weaknesses in IT security policies,” said Subcommittee Chairman Bob Latta (R-Ohio) during his opening remarks.
The rapid proliferation IoT devices has led manufacturing officials away from utilizing end-to-end stacks and instead plans will utilize smart equipment from different manufacturers built with varying security standards, according to Sanjay Poonen, chief operating officer of software company VMWare [VMW], a witness at Thursday’s hearing.
Poonen believes manufacturing leadership will need to increase their use of IoT gateway devices to aggregate and manage the vast numbers of varied Internet-connected equipment they utilize in their plants. The gateway devices reduce the potential for individual cyber vulnerabilities to be exploited.
“It is vital that we secure IoT infrastructure to prevent the compromise or disruption of our economy,” said Poonen. “Securing these devices before they can be used as entry points or vectors to attack other parts of cyber infrastructure is paramount to overall strong cyber security.”
Rep. Frank Pallone (D-N.J.), ranking member on the full committee, expressed concern during his opening remarks that IoT manufacturing industry was not doing enough to address cyber security risks.
“A strong, comprehensive framework for cyber security in manufacturing is urgently needed,” said Pallone.
Rodney Masney, vice president of IT for manufacturing company Owens-Illinois [OI], cited areas of cyber security concerns where industry needs guidance from lawmakers.
Congressional support is critical for conducting research on more easily deployable IoT cyber solutions, supporting cyber assessment programs and exploring IoT data science discipline, according to Masney.
Poonen also pushed for manufacturing officials to adopt core cyber security practices to fend off the most immediate security threats.
IoT cyber practices must include establishing “least privilege” environments to thwart attackers stealing users’ credentials to gain broad access to systems and building in micro-segmentation to avoid whole network infiltration, according to Poonen.
Manufacturing officials are also advised to update encryption, multi-factor authentication and patching standards.
“The threat and impact of IoT based cyber attack is not theoretical; it is real,” said Poonen.