The NIST is concerned about the IoT, too
A popular trend in recent weeks is to address issues with cybersecurity of connected devices across the U.S. The National Institute of Standards and Technology (NIST) joined the IoT-security chorus this month by publishing a detailed report on security of Internet of Things (IoT) devices.
According to the NIST, "engineering-based solutions are essential to managing the growing complexity, dynamicity, and interconnectedness of today’s systems." In a 257-page document, the measurement standards laboratory took an in-depth look at what should be done to bolster cybersecurity of connected devices.
The NIST is not alone; the Department of Homeland Security (DHS) just released its Principles for Securing the IoT. The recent turn to focus on the IoT comes after experts blamed IoT insecurity for a massive distributed denial of service (DDoS) attack that slammed the East Coast in October.
The Internet of Things (IoT) Generally refers to the connectedness of various devices. IoT devices include phones, buildings, vehicles, and a growing list of appliances and other devices. The IoT is the central force fueling the increasingly connected modern day society.
2017 -- the year of IoT?
As 2016 nears an end, the focus on the IoT seems to be growing. Reports continue to reveal that hackers are specifically targeting IoT devices. Experts worry about city smart grids, healthcare organizations, and a lot more.
In its report, the NIST noted the increase of cyber attacks in both the frequency and intensity. These increases threaten federal, state, and local governments, the military, businesses, and critical infrastructure.
— NIST (@usnistgov) November 17, 2016
Building trustworthy systems
In the report, the NIST defined IoT connectivity as a series of processes and offered guidance on various aspects of these processes.
The report broke down processes into four main categories:
-- Agreement process
-- Organizational project-enabling process
-- Technical management process
-- Technical Process:
There is no single lifecycle or set of universal processes that applies to all device. The NIST stressed that engineers must have security in mind from day one when building software and ultimately putting devices out in the marketplace.
In order to build trustworthy devices from an engineering standpoint, security must be a factor from onset to completion. See NIST Special Publication 800-160 for specific recommendations and courses of action.