The US National Institute of Standards and Technology (NIST) has released a report outlining the risks posed by IoT devices and how to mitigate them.
The document, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTIR 8228), is the first in a planned series NIST is developing to help IoT users protect themselves, their data and their networks from potential compromise.
NIST says it is aimed primarily at federal agencies and other big organisations that are incorporating IoT devices into their workplace. However it is useful to any organisation deploying or planning to deploy IoT, and the report itself says IoT device manufacturers and integrators could find it useful for understanding concerns regarding managing cybersecurity and privacy risks for IoT devices.
It is part of NIST’s Cybersecurity for the Internet of Thingsprogram to support the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed.
Mike Fagan, a NIST computer scientist and one of the authors of the report, said the report was mainly for any organisation thinking about security on the level of the NIST Cybersecurity Framework.
“It’s targeted at the mode of thinking that an organisation would have — more resources, more people, more ability, but also more risk of attack because of all those things. It’s bad when a single house is attacked, but if a million bank account passwords are stolen, that has a much larger impact,” Fagan said.
The NIST Cybersecurity Framework is a voluntary set of standards, guidelines, and best practices to manage cybersecurity-related risk. IT sets out a “prioritised, flexible, and cost-effective approach [that] helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.”