The Internet of Things (IoT) is coming, and the National Institute of Standards and Technology wants government – and industry – to be ready.
According to a recent article from Federal Computer Week, the coordination of security and protecting personally identifiable information are the two issues to focus on:
“Personally identifiable information is going out to the edge with those devices,” said Ron Ross, NIST fellow and leader of the joint task force behind the update. “It’s important that our security and privacy teams work together to implement required privacy controls and protect systems from being hacked.”
NIST recently published a new guidance document called Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations. 800-53 is the first NIST guidance document to focus on the proliferation of sensors and information collection devices driven by IoT, and how the explosion of Internet-aware devices creates vulnerabilities and privacy issues.
This guidance could be especially useful for CIOs seeking to understand how to secure commercial devices that connect to federal networks but do not go through a federal certification process. That said, NIST is also very interested in providing best practices the private sector can also support and adopt:
“The primary target is still federal agencies, but all of us rely on computer products,” Ross told FCW. He described the current computing environment as “the best of both worlds.” While handhelds and other devices are delivering functionality and power that would have been hard to imagine 20 years ago, “sometimes these systems get so complicated that we don’t understand fundamentally what’s going on below the surface. That’s where the vulnerabilities lie.”
NIST’s Applied Cybersecurity group has been hard at work on IoT for some time. When millions of things start talking to one another, it forces consideration of different types of cybersecurity. For example, many IoT devices cannot accommodate traditional encryption, so lighter weight tools must be developed. Things like Bluetooth and vehicle to vehicle communications need to be secured, and consumer facing technology such as Smart Grids. A full list of NIST IoT initiatives can be accessed here.
There has been much discussion about how government and industry have not been managing the risk posed the by incoming wave of IoT devices. The efforts of NIST should prove invaluable in addressing this deficiency and navigating a more secure way forward.