NIST releases IoT cybersecurity guidelines 30 NOVEMBER 2016

The National Institute of Standards and Technology (NIST) has released a set of cybersecurity guidelines for the Internet of Things.

According to a release, the publishing of the guidelines follows the Dyn attack in late October, “which further highlighted the immediate need for standards and guidance.”

The IoT cybersecurity guidelines address questions and concerns about protections for devices connected to the internet. It is estimated that there are currently approximately 7 billion things connected to the Internet, but experts expect that number to triple by 2020. [DoE issues funding for cybersecurity R&D]

IoT has been described by NIST as a “powerful and complex system which is inexorably linked to [our] economic and national security interests.”

NIST stated in Special Publication 800-160 that its objective is to “address security issues” and “to use established engineering processes to ensure that needs, concerns, and requirements are addressed with appropriate fidelity and rigor, early and in a sustainable manner.”

NIST unveiled the nearly 260-page publication at the Splunk GovSummit 2016 conference.

According to Morning Consult, Ron Ross, the first document’s point man and a fellow at the National Institute of Standards and Technology, said the goal is to build public trust in the IoT devices that connect home appliances and medical monitors to the internet.

End-to-end security

“Really what we’re trying to do is get the same trustworthiness that you have when you cross a bridge or fly on an airplane.

“That trustworthiness doesn’t happen by accident. You have to engineer it into the system.”

NIST delineates six strategic principles that it believes will help stakeholders stop hackers from tampering with connected devices.

The guidelines stress an engineering-based approach that builds security systems directly into Internet of Things technology. [Smart grid cybersecurity market to grow 10% by 2020]

“Like NIST, the Department of Homeland Security stresses incorporating security during the engineering and design stage of IoT device deployment,” adds Morning Consult.

“We have a rapidly closing window to ensure security is accounted for at the front end of the Internet of Things phenomenon,” DHS’s assistant secretary for Cyber Policy Robert Silvers said in a press statement. “These principles will initiate longer-term collaboration between government and industry.”