NIST Continues IoT Cybersecurity Work
This week, the Director of the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE), Donna Dodson, penned a blog post highlighting NIST’s commitment to IoT cybersecurity. Dodson’s article, “‘Cybersecuring’ the Internet of Things,” discusses the benefits of the burgeoning IoT and its inherent cybersecurity vulnerabilities and challenges, which she explains multiply exponentially as IoT devices become ubiquitous.
Dodson emphasizes strong data security as an essential component of a healthy IoT. She acknowledges that some data should be made public for researchers, but other data, such as medical and genetic information, and data associated with the management of critical infrastructure, must be kept confidential and protected from hackers. Therefore, Dodson concludes, standards and best practices must be developed to keep IoT secure. Dodson explains that common standards and best practices would serve as a catalyst for public trust and industry investment in IoT.
This recent blog post highlights NIST’s continued work in the IoT Cybersecurity space. Building on its 2014 Cybersecurity Framework, NIST launched its Cybersecurity for IoT Program in November 2016 to develop standards, guidelines, and other tools to make connected devices and systems more secure.
NIST explains that as industry stakeholders work to develop consensus security standards, its Cybersecurity for IoT Program seeks to supplement the work of system developers, manufacturers, and service providers by formulating guidance and best practices, reference data, research, and coordinating standards across the digital economy. In her blog post, Dodson’s bottom line is that high level security for IoT devices and the data they generate is possible only through industry adoption of uniform standards and best practices.
NIST’s Cybersecurity for IoT Program has yet to endorse a set of standards or best practices; however, the new program is clearly staking out a key role in the development of IoT security. As other agencies consider their roles in IoT, we can expect further proliferation of approaches.