Home network security monitoring: CISA looks to identify owners of vulnerable devices
Our home network security monitoring series is back with the recent news of a government agency looking to make service providers be obligated to share the contact information for subscribers who own vulnerable devices.
TechCrunch was the first to report this week that the Department of Homeland Security's cybersecurity division, Cybersecurity and Infrastructure Security Agency (CISA), wants the ability to contact and alert all individuals who own a device that has known vulnerabilities. Currently, the CISA is unable to consistently identify the owners of vulnerable systems:
"By law, internet providers are not allowed to share their subscriber data without first receiving a legal demand, such as a subpoena, that can be issued from a federal agency without requiring the approval of a court. Lacking those powers, CISA has to rely on its federal law enforcement partners to use their powers to identify owners of vulnerable systems. Law enforcement can only serve subpoenas during an investigation. But CISA says it is still obliged to warn owners of vulnerable systems, even if there is no investigative interest."
A proposal has been submitted to Congress which, if approved, will allow CISA to obtain the subscriber data for any business or individual. Although there's good intention, such an action has raised controversy as to whether the government agency should be given this amount of power. But CISA claims that notice from the government may pressure impacted businesses and individuals to take actually action to secure their vulnerable devices.
In today's connected world, IoT security has become a growing concern for many parties. This duty of care seen by the government therefore isn't surprising, but begs the question as to who exactly should be the responsible party?
At Minim, we believe the service provider and their subscribers should be empowered to take matters into their own hands. That's why through the Minim platform, both parties are given usable tools to proactively secure and manage the home network and its connected devices.