At a recent event on cybersecurity, the National Institute of Standards and Technology (NIST) revealed plans to develop guidelines for federal agency use of Internet of Things (IoT) connected devices. IoT cybersecurity has been a major issue ever since IoT devices were the source of the wide-ranging “Mirai” distributed denial of service (DDoS) attacks in late 2016. On October 24 ZDNet reported than an even bigger IoT bot attack, dubbed “Reaper,” is happening.
Now, NIST is working on a framework to determine how the federal government does and should interact with IoT devices, and what steps federal agencies can take to protect their systems and servers from this threat. It is almost certain that any guidance NIST adopts will affect private sector tech companies developing IoT devices. For example, companies will likely have to make their devices secure if they want federal agency customers.
In a blog post, a NIST official said,
Together with our partners from government, industry, international bodies and academia, we’re working to understand the IoT-specific threat landscape, identify what standards exist and where the gaps are, and provide guidance for federal agencies to deploy IoT in a way that brings the greatest benefit while being secure, safe and privacy-preserving.
A post from law firm Wiley Rein’s Wiley Connect tech blog explores some of the cybersecurity aspects of IoT that were discussed at the NIST event. Here are some of the key takeaways from that event: