Aug 30

2017

The Department of Homeland Security and IoT

By Great Bay Software

There are fundamental challenges with IoT device architecture that have limited the integration of on-board security mechanisms. For the most part, developers and manufacturers have not felt inclined to design effective security into their products. Why? Time-to-market, performance optimization and a lack of standards or regulations are all contributing factors. In addition, designing for cost over safety means that even the most basic security protocols are overlooked. This means it falls to enterprise IT and risk management organizations to create a framework and use best practices in safeguarding all network connected devices – including IoT.

Where in the development chain should security be integrated is not well defined. One company designs a device, another supplies the software components and a third may engineer the final product. A Department of Homeland Security (DHS) report highlights the factors, which contribute to the absence of even basic IoT device security measures:

 

  1. Industry standards (such as IEEE) continue to be debated and negotiated but are a long way from being ratified. No widely-adopted norms exist today.
  2. Device cost is a driving factor that keeps the integration of necessary hardware and software components off the product roadmap.
  3. There are minimal incentives for developers to adequately secure products. Unlike regulated industries, such as healthcare and finance, they don’t face the consequences of failing to do so.

 

The DHS report provides a set of IoT security principles and best practices. They offer stakeholders – from developers and manufacturers, to service providers and business level consumers – a framework to approach and address IoT security challenges:

 

  • Incorporate Security at the Design Phase
  • Advance Security Updates and Vulnerability Management
  • Build on Proven Security Practices
  • Prioritize Security Measures According to Potential Impact
  • Promote Transparency across IoT
  • Connect Carefully and Deliberately

 

The DHS report is a worthwhile read. It provides practical guidelines on how to implement its recommendations. While it is nominally targeted at system designers, developers and manufacturers, it also speaks to enterprise IT security professionals. In fact, as you read through the framework, most recommendations can be applied not just to IoT development but to deployment as well. However, it’s a framework – not a “how to” manual.

 

The How To

 

The National Institute of Science and Technology (NIST) Special Publication 800-160 is considered to be a fundamental guideline. Its audience is technical – design and development engineers – and provides “a basis to formalize a discipline for systems security engineering in terms of its principles, concepts, and activities.”  It’s not targeted specifically to IoT device security but rather outlines “every security activity that would help the engineers make a more trustworthy system.”

 

Great Bay Software security solutions align with the frameworks of both the DHS and NIST reports. Our solutions build upon customers’ current security infrastructure, promote transparency across IoT devices and facilitate careful and deliberate network connectivity. Learn more about our products here.

 

Download Gartner IoT Visibility Report

IoT DDoS Attacks: The Stakes Have Changed | Ondemand Webinar

IoT Whitepaper CTA

Comments

Related Posts

Oct 10

2017

Be Cybersecurity Aware: Make Sure Your IoT Devices are Under Control

It’s hard to believe that it’s already October and autumn is upon us. Big things happen in October. The U.S. Supreme Court starts its new term. It’s National Book Month and Country Music Month....

Sep 26

2017

Embrace Your IoT Initiatives with Confidence

IoT applications are growing exponentially. Add to this the mounting sophistication and malice of Cybercrime and we’re talking big risks. Recently, we partnered with SC Magazine to present an...

Jul 26

2017

Banking on the “Fin-ternet” of Things

Especially among millennials, smartphones and mobility are becoming the foundation of financial services. This is having a profound effect on the relationship between banks and their customers....

Subscribe to Blog Updates