Thanks to the Mirai botnet attacks, few people in the world of tech need a reminder that IoT devices remain a serious threat to enterprise networks. Still, more than a year after the botnet made headlines worldwide, IoT security remains mostly an idea, rather than a reality.\nSuch is the scope of the problem that Frost and Sullivan IoT research director Dilip Sarangan argues for governmental intervention. Sarangan says that, because the responsibility for IoT security is diffused across device manufacturers, network providers, software developers and many others, it\u2019s difficult for the industry to make progress on all-encompassing standards.\n+ALSO ON NETWORK WORLD: Review: VMware\u2019s vSAN 6.6 + Red Hat responds to the Intel processor flaw\n\u201cThe only entity that has the ability to actually dictate what the minimum threshold is, unfortunately, is the U.S. government,\u201d he said.\nThe difficulty in creating overarching standards mostly has to do with the fact that any given IoT implementation has a large number of moving parts, each of which may be administered by different organizations, or even by third parties. For example, a set of medical devices provided by company A connecting to a network provided by company B, running an application, originally written by company C and residing in company D\u2019s cloud.\n\u201cEveryone talks about it like they\u2019re going to provide end-to-end security, and there\u2019s actually no way to do that,\u201d said Sarangan. \u201cYou have no control over a lot of parts of an IoT solution.\u201d\nNetwork visibility\nFrom the networking side, Sarangan said, there are plusses and minuses to most of the options available to any given IoT implementation. Cellular networks, for example, tend to be a lot more secure than Wi-Fi, ZigBee or the other wide-area options, but a company will probably have much more limited visibility into what\u2019s happening on that network.\nThat, in and of itself, can be a security issue, and it\u2019s imperative for the carriers to provide more robust device management features in the future.\n\u201cWhat type of device it is, what type of information it\u2019s supposed to send, where it\u2019s supposed to send the data, what you are supposed to do with that data \u2013 until you know all of that, it\u2019s hard to be completely secure,\u201d said Sarangan.\nImproved network visibility is key to preventing worst-case scenarios like malicious actors accessing power grids and Internet infrastructure, but so are common-sense measures like air gaps.\n\u201cYou have the hacks happening, but the hacks haven\u2019t been significant enough to where you\u2019d worry about it,\u201d he said. \u201cThe other side of it is that a lot of critical infrastructure \u2013 let\u2019s say a smart grid \u2013 is on private networks.\u201d\nA sea of IoT devices\nA lack of quality control and the presence of a host of very old devices on IoT networks might be the most critical security threats, however. Decades-old hardware, which may not have been designed to be connected to the Internet in the first place, let alone stand up to modern-day security threats, creates a serious issue.\n\u201cYou have over 10 billion IoT devices out there already \u2026 and a lot of these devices were created in 1992,\u201d noted Sarangan.\nMoreover, the huge number of companies making IoT-enabled hardware makes for a potentially serious problem where quality control is concerned. Big companies like Amazon and Microsoft and Google make headlines for their smart home gizmos, but the world of IoT is a lot broader than that.\nChina, in particular, is a major source of lower-end IoT devices \u2013 speakers, trackers, refrigerators, bike locks and so on \u2013 and it\u2019s not just the Huaweis and Xiaomis of the world providing the hardware.\n\u201c[There are] hundreds of mom-and-pop shops out there developing hardware that we don\u2019t necessarily know whether to trust or not \u2013 these are devices that are getting on unsecured Wi-Fi networks,\u201d said Sarangan. \u201cThat\u2019s already a security threat, and a large portion of Americans don\u2019t actually protect their routers.\u201d\nIndeed, hidden backdoors have already been found on some such devices, according to The Register.