IoT roundup: Carriers expand NB-IoT footprints, US Congress eyes security bill, and 'IT asbestos' looms

The major U.S. mobile carriers are eager participants in the rise of IoT, and it’s tough to argue that they don’t have a major role to play – the ability to connect largely anywhere, coupled with the ability to handle high-throughput applications, means that cellular data can be an attractive option for the connectivity piece of an IoT deployment.

AT&T announced a deal with Vodafone last week to interconnect their respective narrow-band IoT networks across the Atlantic, mating AT&T’s U.S. coverage with Vodafone’s in western Europe. That means that businesses with NB-IoT deployments in those areas can use that single network to connect their entire implementation. Not to be outdone, Sprint announced that it, too, is rolling out NB-IoT on its Curiosity IoT platform. Sprint shared its plans during a panel discussion at Mobile World Congress in Los Angeles last week.

NB-IoT is a cornerstone of the carriers’ appeal to the IoT market. In brief, it’s a low-bandwidth network technology that operates on a small sliver of a carrier’s allocated wireless spectrum. It’s designed to handle large numbers of less data-intensive IoT endpoints over a wide area, so it’s probably available in most locations where you’d want to install an IoT system.

Rolling out more capable IoT-focused networking options can only deepen that appeal, now that each of the big four has an NB-IoT network in operation.

Congress and IoT security

Representative Ro Khanna (D-CA) introduced a bill last week that would require the Office of Management and Budget to train federal employees in cybersecurity, and to talk specifically about the risks posed by IoT devices.

Rep. Khanna’s announcement of the bill cites a Congressional Research Service report on the risks of IoT – which you’re likely already familiar with, particularly if you’re a regular reader of this roundup: less capable devices, not designed with security in mind, potentially incapable of receiving important security updates, and so on.

But the Internet of Things Cybersecurity Training for Federal Employees Act is still an important step in the right direction for the federal bureaucracy, which employs about two million people, not counting the postal service and the armed forces. It’s hard to understate the potential impact of IoT-based security breaches in the federal government, particularly where election security is involved.

IoT: “The asbestos of the future”

Well-known cybersecurity expert and F-Secure Chief Research Officer Mikko Hyppönen is probably one of the leading thinkers on digital threats in the world, and he’s certainly among the most quotable. Hyppönen has already coined an eponymous “Hyppönen’s Law” about IoT, which states that “if it’s smart, it’s vulnerable.” Fair enough.

In an interview with analysis and consultancy firm GlobalData, Hyppönen compared the proliferation of insecure IoT devices to “the asbestos of the future.”

“What’s happening right now, around us, I guess would be characterized as IT asbestos,” he said. “Such a great innovation, which then decades later turned out to be the worst innovation.”

Now, to be clear, Hyppönen seems to have mostly been talking about consumer IoT – the connected toaster ovens and washing machines of the world. But his point about the mass proliferation of IoT devices is still relevant to the enterprise, and underlines the scale of the work required to secure everything.