Colin Duggan, CEO and co-founder of BG Networks (Photo: BG Networks)
Guest: Colin Duggan, CEO and co-founder of BG Networks
For most of us, it isn’t easy to connect the dots between North Korea’s recent hack on 3CX, and the threats everyday IoT devices face today. How does a nation state’s attack on an enterprise phone software provider have to do with malfunctions in a smartwatch or pacemaker?
Colin Duggan, CEO and co-founder of BG Networks, is our Podcast guest this week. He breaks down a host of software and hardware building blocks that must be designed into IoT/embedded devices in the first place. More importantly, though, he asserts that beyond the design stage, the job of protecting connected devices from cyberattacks is continuous and urgent.
IoT: Welcome Mat to Insecurity
Duggan stressed the significance of the “software bill of materials” (SBOM) and IoT/embedded device manufacturers’ responsibility for “vulnerability management” in their connected devices.
What North Korea did with 3CX was a direct attack on the software supply chain, Duggan explained. By compromising the desktop phone software used by hundreds of thousands of organizations, the hackers were reportedly able to plant information-stealing malware inside customer networks.
During our chat, Duggan offered an alert to the IoT community that an onslaught of cybersecurity regulations is looming.
Among the pending regulations: UNECE’s R155/R156 automotive cybersecurity; EU Radio Equipment Directive; the Food and Drug Administration’s updated medical device rules and; the White House’s recently issued National Cybersecurity strategy and others.
Duggan explains that these rules seek to hold IoT/embedded device manufacturers responsible for managing vulnerabilities for a product lifespan –even after it’s been sold.
Regulators are asking IoT vendors to offer software updates, to inform consumers about how long software updates are supported, and to offer information about vulnerabilities discovered later, with patches/fixes.
Listen to our podcast: