After examining the cybersecurity implications of the IoT (Internet of Things) for national security, the President’s NSTAC (National Security Telecommunications Advisory Committee), www.dhs.gov/national-security-telecommunications-advisory-committee, says IoT adoption is poised to increase in both speed and scope, and it will eventually impact virtually every corner of society. What’s more, the NSTAC determined “there is a small—and rapidly closing—window to ensure that IoT is adopted in a way that maximizes security and minimizes risk.” If the nation fails to act now, the committee says the U.S. will be coping with the consequences for generations.
None of this comes as a surprise for those in the IoT industry, who recognize both the potential and the risk this technology brings to sectors like transportation, energy, healthcare, manufacturing, national defense, first response, smart cities, and beyond. One way to ensure IoT solutions are adopted in a way that maximizes security and minimizes risk is to create security standards for IoT devices and systems. Governments around the world are working toward cybersecurity standards that protect their data, devices, and citizens from those looking to exploit weak spots in IoT systems.
This month, a working group within the U.S. federal government took one such step. A new draft report from the IICS WG (Interagency Intl. Cybersecurity Standardization Working Group) aims to inform and enable policymakers, managers, and standards participants as they develop and use cybersecurity standards in IoT components, systems, and services. The IICS WG was established in 2015 with the goal of coordinating on major issues in international cybersecurity standardization. An IoT task group within the IICS WG developed the document—the Interagency Report on Status of Intl. Cybersecurity Standardization for the Internet of Things—to report on and analyze the international cybersecurity standards landscape as is relevant to the IoT and describe IoT cybersecurity objectives, risks, and threats.
The report describes five IoT application areas (connected vehicles, consumer IoT, health IoT and medical devices, smart buildings, and smart manufacturing) and 11 core cybersecurity areas, and it provides examples of relevant existing standards. The report’s conclusions focus on the effective use of existing standards as well as identifying standards gaps. It urges agencies to work with industry to initiate new standards projects that can help close these standards gaps.
Because the IoT is a dynamic, fast-growing space, continuous fine-tuning of existing standards as well as the pursuit of new standards to address issues as they arise is necessary to manage cybersecurity risks. As IoT adoption grows rapidly and opportunities for new applications become clear, it will remain vitally important to maintain IoT resiliency by pursuing standards-based security.
The Interagency Report on Status of Intl. Cybersecurity Standardization for the Internet of Things is now open for public comment. Comments are due April 18, and they can be sent to NISTIRfirstname.lastname@example.org.
Want to tweet about this article? Use hashtags #IoT #M2M #security #cybersecurity #blockchain #AI #bigdata #machinelearning #analytics #standards