• Subscribe

NIST Working on Cybersecurity for the Internet of Things

At a recent event on cybersecurity, the National Institute of Standards and Technology (NIST) revealed plans to develop guidelines for federal agency use of Internet of Things (IoT) connected devices. IoT cybersecurity has been a major issue ever since IoT devices were the source of the wide-ranging “Mirai” distributed denial of service (DDoS) attacks in late 2016. On October 24 ZDNet reported than an even bigger IoT bot attack, dubbed “Reaper,” is happening.

Now, NIST is working on a framework to determine how the federal government does and should interact with IoT devices, and what steps federal agencies can take to protect their systems and servers from this threat. It is almost certain that any guidance NIST adopts will affect private sector tech companies developing IoT devices. For example, companies will likely have to make their devices secure if they want federal agency customers.

In a blog post, a NIST official said,

Together with our partners from government, industry, international bodies and academia, we’re working to understand the IoT-specific threat landscape, identify what standards exist and where the gaps are, and provide guidance for federal agencies to deploy IoT in a way that brings the greatest benefit while being secure, safe and privacy-preserving.

A post from law firm Wiley Rein’s Wiley Connect tech blog explores some of the cybersecurity aspects of IoT that were discussed at the NIST event. Here are some of the key takeaways from that event:

  • IoT is different from the traditional Internet and it is complex. Because of this, security may need to be approached differently and there is no one-size-fits all solution.
  • A voluntary approach such as a guideline is better than a prescriptive approach like a ban.
  • There isn’t a consensus yet as to IoT cybersecurity can be addressed by NIST’s current security framework or whether a new one will have to be developed.
  • Incentives should be “aligned to promote sound security for IoT.”
  • Supply chain risk management is an important part of the cybersecurity of an organization, and an entity’s suppliers and vendors need to pay attention to security as well.
  • Copyright for Image: Photographer, Stock Photo, License Summary.

    Leave a Reply