Aug 30

2017

The Department of Homeland Security and IoT

By Great Bay Software

There are fundamental challenges with IoT device architecture that have limited the integration of on-board security mechanisms. For the most part, developers and manufacturers have not felt inclined to design effective security into their products. Why? Time-to-market, performance optimization and a lack of standards or regulations are all contributing factors. In addition, designing for cost over safety means that even the most basic security protocols are overlooked. This means it falls to enterprise IT and risk management organizations to create a framework and use best practices in safeguarding all network connected devices – including IoT.

Where in the development chain should security be integrated is not well defined. One company designs a device, another supplies the software components and a third may engineer the final product. A Department of Homeland Security (DHS) report highlights the factors, which contribute to the absence of even basic IoT device security measures:

 

  1. Industry standards (such as IEEE) continue to be debated and negotiated but are a long way from being ratified. No widely-adopted norms exist today.
  2. Device cost is a driving factor that keeps the integration of necessary hardware and software components off the product roadmap.
  3. There are minimal incentives for developers to adequately secure products. Unlike regulated industries, such as healthcare and finance, they don’t face the consequences of failing to do so.

 

The DHS report provides a set of IoT security principles and best practices. They offer stakeholders – from developers and manufacturers, to service providers and business level consumers – a framework to approach and address IoT security challenges:

 

  • Incorporate Security at the Design Phase
  • Advance Security Updates and Vulnerability Management
  • Build on Proven Security Practices
  • Prioritize Security Measures According to Potential Impact
  • Promote Transparency across IoT
  • Connect Carefully and Deliberately

 

The DHS report is a worthwhile read. It provides practical guidelines on how to implement its recommendations. While it is nominally targeted at system designers, developers and manufacturers, it also speaks to enterprise IT security professionals. In fact, as you read through the framework, most recommendations can be applied not just to IoT development but to deployment as well. However, it’s a framework – not a “how to” manual.

 

The How To

 

The National Institute of Science and Technology (NIST) Special Publication 800-160 is considered to be a fundamental guideline. Its audience is technical – design and development engineers – and provides “a basis to formalize a discipline for systems security engineering in terms of its principles, concepts, and activities.”  It’s not targeted specifically to IoT device security but rather outlines “every security activity that would help the engineers make a more trustworthy system.”

 

Great Bay Software security solutions align with the frameworks of both the DHS and NIST reports. Our solutions build upon customers’ current security infrastructure, promote transparency across IoT devices and facilitate careful and deliberate network connectivity. Learn more about our products here.

 

IoT DDoS Attacks: The Stakes Have Changed | Ondemand Webinar

IoT Whitepaper CTA

Comments

Related Posts

Dec 05

2017

The Top 20 Cybersecurity Controls: How Many are in Your Security Toolkit?

When it comes to staying up-to-date on cybersecurity compliance requirements, technology trends and best practices, do you find yourself in information overload? It’s no small task to keep on top of...

Nov 30

2017

Medical Device Security Needs an Infusion. Stat.

Medical devices have a profoundly positive impact on the quality of healthcare. Whether stationary, bedside or portable, they improve patient experience and outcomes, accelerate recovery times and...

Nov 22

2017

Cyber Theft: Another Holiday Tradition?

Brace yourselves. Black Friday and Cyber Monday are just around the corner, and they’re going to be huge. Consumer spending is forecasted to grow by a remarkable 47% over the same period last year....

Subscribe to Blog Updates