What Updated IoT Cybersecurity Guidance Means for Critical Infrastructure Operators

On November 29, 2021, the National Institute of Standards and Technology (NIST) released final IoT-specific guidance to federal organizations to support extending their risk management process to include Internet of Things (IoT) devices in federal systems. The guidance is among the provisions included in the IoT Cybersecurity Improvement Act, officially signed into law on Dec. 4, 2020, and is intended to help agencies understand and define IoT device cybersecurity requirements using an accompanying requirements catalog.

While aimed at federal customers and the IoT device vendors and service providers they work with, any organization that uses IoT devices can learn from the guidance to improve their IoT security best practices. Claroty is taking significant steps forward to help improve security for critical infrastructure companies now and in the future – no matter what types of critical assets become connected.

Securing the XIoT

Organizations in critical sectors are increasingly connecting physical systems to the internet to supply goods and services to support our lives – from water, food and shelter, to energy and fuel, to clothing and medicine, to transportation and healthcare, and more. These cyber-physical systems (CPS) are becoming pervasive in industrial, healthcare, and enterprise environments due to the benefits they can deliver including driving innovation, resilience, sustainability, and better health outcomes, to name a few. But CPS devices can also heighten exposure to risks as many were never intended to be connected to the internet, so they weren't designed with security in mind.

At Claroty, we have been focused on extending the reach of our industry-leading platform to cover all types of connected assets found in industrial, healthcare, and enterprise environments – also known as the Extended Internet of Things (XIoT). We continue to build on our deep capabilities, including full-spectrum visibility, risk and vulnerability management, threat detection, and secure remote access controls. And we have forged partnerships to develop joint solutions, such as our joint solution with CrowdStrike, which brings in CrowdStrike Falcon's leading endpoint telemetry. This includes telemetry from any endpoint device that connects to the IT network from outside an organization's firewall – IoT devices, along with laptops, tablets, mobile devices, Point-of-Sale (POS) systems, switches, digital printers, and others. When used in combination, the solutions deliver full-spectrum IT/OT/IoT visibility and detection capabilities for threats that cross the IT/OT boundary.

Fueled by customer excitement for this solution and feedback to extend the reach and use cases of our platform even further to cover the XIoT, we took a major step forward earlier this month with our acquisition of Medigate – a leader in healthcare and IoT security, as well as clinical asset management. Medigate is the first company to recognize, and address, the critical need for healthcare IoT security. As such, it was named 2021 Best in KLAS for Healthcare IoT Security in the KLAS Software & Services Report. Together, Claroty and Medigate will combine our deep domain expertise and specialized technologies into a single platform that will extend across all types of CPS and connected devices to secure the XIoT.

We continue to follow the progress made on the provisions of the IoT Cybersecurity Improvement Act and applaud the guidelines offered to help organizations understand the risks and address the challenges to secure the XIoT. Stay tuned for more information as Claroty and Medigate work together to build a future where cyber and physical worlds safely connect to support our lives.

To learn more about Claroty and Medigate and our vision for securing the XIoT read the blog by Claroty CEO Yaniv Vardi, and read the press release.