WIBU-SYSTEMS
351

More Security Advice for IoT Device Manufacturers

MarketingWIBU-SYSTEMS AG on August 8, 2019 at 2:00 PM

With its many promises and great prospects, the Internet of Things (IoT) warrants much stronger protection then the closed systems of the past. IoT systems rely on public networks, which by definition, are unsafe environments. Hackers are always looking for backdoors and exploits while trying to tamper with data to cause untold damage.

The U.S. National Institute of Standards and Technology (NIST) recently released a draft of security recommendations for IoT devices. Titled Core Cybersecurity Feature Baseline for Securable IoT Devices:  A Starting Point for IoT Device Manufacturers (NISTIR 8259), the draft defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce.

The publication is intended to help IoT device manufacturers understand the many cybersecurity risks inherent in IoT devices and help them provide cybersecurity features that make them at least minimally securable by the individuals and organizations who acquire and use them. The publication also provides information on how manufacturers can identify features beyond the core baseline most appropriate for their customers and implement those features to further improve device security. NIST says this approach can help lessen the cybersecurity-related efforts needed by IoT device customers, which in turn should reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised IoT devices.

The Core Baseline provides a list of six recommended security features that manufacturers can build into IoT devices:

  • Device Identification: The IoT device should have a way to identify itself, such as a serial number and/or a unique address used when connecting to networks.
  • Device Configuration: Similarly, an authorized user should be able to change the device’s software and firmware configuration. For example, many IoT devices have a way to change their functionality or manage security features.
  • Data Protection: It should be clear how the IoT device protects the data that it stores and sends over the network from unauthorized access and modification. For example, some devices use encryption to obscure the data held on the internal storage of the device.
  • Logical Access to Interfaces: The device should limit access to its local and network interfaces. For example, the IoT device and its supporting software should gather and authenticate the identity of users attempting to access the device, such as through a username and password.
  • Software and Firmware Update: A device’s software and firmware should be updatable using a secure and configurable mechanism. For example, some IoT devices receive automatic updates from the manufacturer, requiring little to no work from the user.
  • Cybersecurity Event Logging: IoT devices should log cybersecurity events and make the logs accessible to the owner or manufacturer. These logs can help users and developers identify vulnerabilities in devices to secure or fix them.

For a more in-depth analysis of the nature of IoT security threats and the technical measures designed to protect these connected devices from malicious hackers, you can download our white paper, Licensing and Security for the Internet of Things.

This whitepaper explores the various trends emerging in the IoT and the key strategies for success, which depends not only on superior products, creative marketing, and aggressive sales activities, but security, integrity and reliable licensing as well.

It also outlines the standards that must be addressed and long-term considerations that will impact security, like integration in devices and software, upgrades and updates, secure boot, licensing models tailored to the IoT, license management, access rights and certificates, scalable safeguards and data integrity protection

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.