WIBU-SYSTEMS
354
WIBU-SYSTEMS
354
{{ moduleLabel }}
{{ label }}

Time for IoT Security Standards?

MarketingWIBU-SYSTEMS AG on March 26, 2019 at 2:47 PM

The U.S. Congress recently introduced legislation to address the growing concern for security on IoT devices purchased by the U.S. government.

Does the proposal go far enough? Let’s take a further look.

Legislators point out that connected devices are expected to exceed 20 billion units by 2020 and they say that insecure IoT devices are one of the “most important emerging cyberthreats” to U.S. national security. While the proposed bill wouldn’t require security standards for all IoT companies, it would require a bare minimum of security standards for any IoT devices that the federal government purchases. Their hope is that by improving security standards for the federal government, which is a prime customer, standards for the entire IoT market would improve along with it.

If the legislation passes, the IoT Cybersecurity Improvement Act would require that federal government use only IoT devices that meet the IoT security standards recommended by the National Institute of Standards and Technology (NIST).

To get a better idea as to where NIST is focusing their IoT standardization efforts, it helps to read their whitepaper published in October 2018, Internet of Things Trust Concerns. The publication identifies 17 technical trust-related concerns for individuals and organizations before and after IoT adoption. NIST emphasizes that trust should be viewed as a level of confidence. In their white paper, they consider trust on two levels: (1) whether a “thing” or device trusts the data it receives, and (2) whether a human trusts the “things,” services, data, or complete IoT offerings that it uses. This particular document focuses on the human trust, and as such, highlights technical concerns that can negatively affect one’s ability to trust IoT products and services.

The security concerns noted are: Scalability; Heterogeneity; Ownership and Control; Composability, Interoperability, Integration, and Compatibility; “Ilities”; Synchronization; Measurement; Predictability; Testing and Assurance; Certification; Security; Reliability; Data Integrity; Excessive Data; Performance; Usability; and Visibility and Discovery. All of these concerns are described in more detail in the white paper with suggestions, in some cases, to mitigate those risks.

In the security realm, they note that trust is a concern for all “things” in IoT systems. For example, sensor data may be tampered with, stolen, deleted, dropped, or transmitted insecurely, allowing it to be accessed by unauthorized parties. IoT devices may be counterfeited and default credentials used. Furthermore, unlike traditional personal computers, there are few secure upgrade processes for “things,” such as patches or updates.

The document elaborates on the issue of the usage of default passwords and credentials as an ongoing problem that has plagued the security community for some time. It further points out the weaknesses inherent in the upgrade process in which manufacturers deliver patches and updates for IoT devices that have yet to be mitigated with standard practices.

Finally, the white paper points out the significant differences in trust concerns for an IoT system compared to traditional IT systems, such as much smaller size and limited performance, larger and more diverse networks, minimal or no user interface, lack of consistent access to reliable power and communications, and many others.

The proposed legislation and NIST’s efforts to propose standardized security guidelines for IoT suppliers to the U.S. government is a move in the right direction. The risks in the IoT clearly necessitate new approaches to device planning and design to develop a firm root of trust in these devices. However, it is a movement that needs to be recognized and embraced by the global community as well.

In parallel to this effort, you might be interested in reading the Industrial Internet Consortium's view on the characteristics of Trustworthiness in Industrial IoT systems, in their Introduction into Trustworthiness.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.