- IoT For All
- Posts
- The New Rules of IoT Security
In partnership with
Hello readers,
Welcome to the IoT For All newsletter! This week we’re talking about the need for a unified framework for IoT security, the challenges of bringing IoT to the farm, and more!
The New Rules of IoT Security
No matter the field or industry, digitally transforming a business almost always includes one key initiative: blending physical operations with digital intelligence. This convergence of information technology (IT) and operational technology (OT) through IoT and AI has already reshaped modern enterprise with everything from remote infrastructure monitoring to environmental sensing.
But the same integration that enables unprecedented transparency and efficiency also comes with significant security risk: the further the digital world reaches into the real one, the greater the consequences of a breach.
This is the landscape that NIST, the National Institute of Standards and Technology, addresses in its updated cybersecurity guidance for IoT published earlier this month. While aimed at federal systems, the guidance has clear implications for any organization operating complex infrastructure, or aspiring to.
The new framework pivots from securing individual IoT devices to securing entire IoT products, which include software backends, companion apps, and network components. That’s a critical shift, because a security camera isn’t just a camera anymore. It’s also the app your staff uses to monitor it, the cloud platform where footage is stored, and the update process that pushes new firmware. All of that must be protected.
The urgency behind this update isn’t theoretical. In 2021, the Colonial Pipeline ransomware attack started with a single exposed IT credential but resulted in the shutdown of fuel operations across the U.S. East Coast. NotPetya, disguised as ransomware, swept through global networks in 2017 via a compromised software update, halting shipping at Maersk and costing Merck over $1 billion. In the TRITON attack, Russian-linked actors targeted a petrochemical plant’s safety controllers to sabotage equipment and endanger lives. And in Ukraine, cyberattacks against power grids in 2015, 2016, and 2022 used lateral movement from IT systems into OT environments to cause widespread blackouts.
That’s why Zero Trust Architecture (ZTA) is at the crux of NIST’s revised playbook. In a Zero Trust model, no user, device, or system is trusted by default. Access must be verified continuously. It’s a safeguard to prevent hackers who cracked your email server from getting into the HVAC controller, or worse. But ZTA alone isn’t enough. NIST goes further to encourage Secure Software Development (SSDF), which mandates security-by-design principles, and Cybersecurity Supply Chain Risk Management (C-SCRM) to help organizations vet vendors and track risks across software and hardware lifecycles. Add to all that, the practice of microsegmentation—dividing networks into tightly controlled zones to prevent an attacker who breaches one part of the system from reaching others—a practice that’s also useful in your own home.
For private companies, especially those managing critical infrastructure or industrial assets, this guidance serves as both a warning and a blueprint. The line between cyber and physical systems is fading. OT teams may still prioritize uptime and safety over data security, but the precise balance of that calculation has higher stakes than ever. NIST’s framework is a model for how to adapt: by taking a product-centric view of IoT, hardening the entire ecosystem, and building cross-functional teams who understand both the physical and digital consequences of a breach.
The organizations that thrive will be the ones who build secure-by-design systems now, rather than scramble to react after the next headline.
📖 Top Articles
As global demand rises for smarter, connected products, manufacturing leaders face a critical juncture: integrating connectivity without increasing complexity, cost, or compliance risk. For OEMs expanding into new markets, the shift to embedded connectivity, especially via eSIM, isn’t just a tech upgrade. It’s a business strategy when it comes to manufacturing connected products.
 By 2033, the number of IoT devices worldwide is expected to double, surpassing 40 billion. That’s an average of 14 connected devices per household — not including the growing footprint across factories, farms, hospitals, and supply chains that dominate the global economic infrastructure. As IoT adoption accelerates, so do the stakes for security and operations. Original Equipment Manufacturers (OEMs) must confront the reality that traditional, hardware-centric product strategies are no longer viable for remaining competitive. OEMs must also consider managing them securely, flexibly, and continuously long after they ship. |  Ask any farmer what it takes to run a successful operation, and they’ll likely tell you: about experience, intuition, and adaptability. Farming has always been an evolving art, but the pace of change today—driven by automation, data, and connected devices—pushes even the most adaptive among us to the limit. At Farmblox, we build automation tools for modern agriculture. Still, we also spend a lot of time walking fields, talking to farmers, and understanding the gap between what technology can do and what farmers are ready—and willing—to adopt. It’s a bigger gap than many in the tech world realize. |
Modernize your marketing with AdQuick
AdQuick unlocks the benefits of Out Of Home (OOH) advertising in a way no one else has. Approaching the problem with eyes to performance, created for marketers with the engineering excellence you’ve come to expect for the internet.
Marketers agree OOH is one of the best ways for building brand awareness, reaching new customers, and reinforcing your brand message. It’s just been difficult to scale. But with AdQuick, you can easily plan, deploy and measure campaigns just as easily as digital ads, making them a no-brainer to add to your team’s toolbox.
🔥 Rapid Fire
Aeris’s new “IoT Real Talk” podcast brings unfiltered conversations on what’s next for global IoT
Kajeet announces leadership transition to drive future growth
Kigen secures strategic investment to drive innovation in eSIM and iSIM solutions
Tiny receiver chip uses stacked capacitors to block interference in 5G IoT devices
IoT sensors catapult from data collection to decision making
Orange Group taps Ericsson for 5G slicing automation across Europe
How LPWAN technologies are expanding the reach of IoT sensors
Telenor IoT and PLAATO bring AI to brewing and fermentation industries
Key ASIC launches AI + IoT chip platform for edge computing
🎙️ The IoT For All Podcast
No new episode this week, but check out our latest edition where Anthony Protopsaltis, Principal at Velocity IoT, joins Ryan Chacon to discuss how AI is reshaping IoT. The conversation covers the importance of resilient infrastructure, planning an IoT deployment, strategies for seamless communication and long-term reliability, the complexities of IoT connectivity, SGP.32, multi-IMSI, NTN, and advice for companies aiming to future-proof their IoT connectivity.
