The marketplace is flooding with connected devices and innovation is outpacing regulation and security measures. A recent widespread denial-of-service attack illustrated that connected devices present risks not only to the individual users but to interconnected networks on a massive scale. In an effort to address these risks, the Department of Homeland Security recently issued written security guidance for developers, manufacturers, service providers and users. Adding to the growth of risk-based guidance in this area, the National Institute of Standards and Technology has also recently published detailed engineering standards. To best implement the advice from these various sources, Covington partner Jennifer Martin told the Cybersecurity Law Report that companies that make, use or provide services for connected devices should (1) understand the basic building blocks and principles of a good security program; (2) identify specific regulatory expectations for their particular industry; and (3) identify what role they play in the supply chain or device life cycle. See also “Managing Risk for the Internet of Things in the Current Regulatory Landscape” (May 11, 2016).