TECH TALK


security. But a Federal law will go further.


A bipartisan group has recently


been trying to get legislation passed for the Internet of Things (IoT) Cybersecurity Improvement Act of 2019, citing an example of a report of bot using a Dept. of Defense (DoD) cloud-server. An article in ZDNet identified that a bug-bounty researcher (the DoD has a bounty program for security researches to find security flaws in their networks) had first discovered that a DoD server located in the Amazon Web Services’ cloud platform was hacked and was being used by a botnet to mine the Monero cryptocurrency. Sen. Mark Warner’s (D-Virginia)


bill was reported out of the Senate Homeland Security and Governmental Affairs Committee


last June but has not been voted on in the Senate yet. This bill had been introduced in March 2019. The bill would make sure that


government IoT devices are as secure as possible, and will require transparency and disclosure from contractors. The bill also stipulates that government-purchased devices must meet a minimum-level of security.


“This incident demonstrates the inherent value of vulnerability disclosure programs for information technology products operated by federal agencies,” Warner wrote in a letter to DoD CIO Dana Deasy. “These programs are a crucial force multiplier for federal cybersecurity efforts. Clear guidelines and a process for security researchers to find and share vulnerabilities enabled this


malware discovery, and ultimately prompt remedial action by DOD,” he said. “Continuing to encourage the responsible discovery and disclosure of bugs or vulnerabilities on federal information technology systems with both internal and outside security researchers can only strengthen the cybersecurity posture of federal and DOD systems.”


The bill can be accessed here: https://www.congress.gov/ bill/116th-congress/senate-bill/734/ text?q=%7B%22search%22%3A%5B %22Internet+of+Things+%28IoT%2 9+Cybersecurity+Improvement+Act +of+2019%22%5D%7D&r=1 To sum up the action needed by


everyone here, simply make sure that you use strong passwords at home and business, use security software at home and when working remotely, and follow the guidelines outlined above in better securing your home and business IoT devices.


John Pawlicki is CEO and principal of OPM Research. He also works with Information Tool Designers (ITD), where he consults to


the DOT’s Volpe Center, handling various technology and cyber security projects for the FAA and DHS. He managed and deployed various products over the years, including the launch of CertiPath (with world’s first commercial PKI bridge). John has also been onic FAA 8130-3 forms, as well as in defining digital identities with PKI. His recent publication, ‘Aerospace Marketplaces Report,’ which analyzed third-party sites that support the trading of aircraft parts, is available on OPMResearch.com as a PDF download, or a printed book version is available on Amazon.com.


32 DOMmagazine.com | july 2020


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52