Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Share
US Government Releases New IoT Security Guidance
Source: infosecurity-magazine.com
Source Date: Friday, November 18, 2016
Focus: Internet Governance
Country: United States
Created: Nov 20, 2016

The US Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) both this week released new guidance documents designed to improve IoT security.

The moves were made partly in response to recent major DDoS attacks leveraging botnets of compromised smart devices, which in one case took out some of the biggest names on the internet.

The DHS release is aimed at manufacturers, services providers, developers and business-level consumers while NIST’s much more detailed document targets manufacturers/developers with guidance on how to engineer safer products.

The DHS offers six “strategic principles” including building security into products at the design phase; promoting transparency; building on recognized security practice; and being mindful of whether continuous connectivity is needed or not.

It says of the principles:

“It is a first step to motivate and frame conversations about positive measures for IoT security among IoT developers, manufacturers, service providers, and the users who purchase and deploy the devices, services and systems.”

Meanwhile, the NIST Special Publication 800-160 covers a massive 242 pages of in-depth technical detail on how to build connected systems which are as resilient and trustworthy as possible.

Its opening abstract has the following:

“Engineering-based solutions are essential to managing the growing complexity, dynamicity, and interconnectedness of today’s systems, as exemplified by cyber-physical systems and systems-of-systems, including the Internet of Things. This publication addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems, inclusive of the machine, physical, and human components that compose the systems and the capabilities and services delivered by those systems.”

Government and industry is finally taking notice of IoT security after botnets built from devices compromised by Mirai malware struck DNS provider Dyn, taking down sites including Spotify, Reddit and Twitter, security site Krebs On Security, and even the entire African nation of Liberia.

In many cases the products themselves are rushed out to market without proper time taken to fortify them against attacks.

However, recent research from the non-profit prpl Foundation actually found that consumers are willing to pay more for more secure smart devices, and are holding off on purchases because they’re worried about vulnerabilities.

That same group has released guidance for IoT stakeholders on how to product more secure kit, based around several key principles: open source software; interoperable standards; a Root of Trust anchored in the chip itself to prevent firmware attacks; and silicon-level virtualization to halt lateral movement.

President of prpl, Art Swift, argued that the DHS guidelines will provide a “good baseline” for manufacturers and developers.

“It often takes governments a little while to catch up with what experts have been saying for years, so it is encouraging that it seems to be sinking in now,” he added.

(By Phil Muncaster)
News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 586

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2018 by UNPAN - United Nations Public Administration Network