Working groups tackle IoT security
- By Matt Leonard
- Feb 02, 2017
On Oct. 21, many popular websites fell victim to a distributed denial of service attack on DNS provider Dyn that was caused by the Mirai malware infecting unsecured Linux devices and turning them into bots for large-scale network attacks. While this event might have brought the issue of unsecured internet-of-things devices to the attention of a wide audience, such vulnerabilities were already a topic of discussion in cybersecurity circles.
In March 2015, the National Telecommunications and Information Administration issued a request for comments to ‘‘identify substantive cybersecurity issues … where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers.” Responses pointed to potential cybersecurity policies and practices related to IoT.
Then, in April 2016, NTIA asked for comments on the “benefits, challenges, and potential roles” for government in fostering the IoT. In August, the agency announced that it would look specifically at IoT security upgradability and patching.
Four working groups -- made up of individuals from both private and public sectors – were formed in October 2016 to identify how improve the security of the IoT through upgradability and patching. The working groups gave presentations on Jan. 31.
Existing Standards, Tools and Initiatives will provide a catalog of existing IoT security standards and a research summary for internal use.
- Capabilities and Expectations will release examples of how different types of devices might be upgraded and a glossary technical terms.
- Communicating IoT Upgradability is working on a report targeted at vendors on how to educate consumers on the upgrade process for IoT devices.
- Incentives, Barriers, and Adoption will release a taxonomy to describe the scope of incentives and barriers to IoT security.
There are no firm deadlines for when the working groups will deliver their reports, but they expect to wrap up their work between March and May of this year
Matt Leonard is a reporter/producer at GCN.
Before joining GCN, Leonard worked as a local reporter for The Smithfield Times in southeastern Virginia. In his time there he wrote about town council meetings, local crime and what to do if a beaver dam floods your back yard. Over the last few years, he has spent time at The Commonwealth Times, The Denver Post and WTVR-CBS 6. He is a graduate of Virginia Commonwealth University, where he received the faculty award for print and online journalism.
Leonard can be contacted at email@example.com or follow him on Twitter @Matt_Lnrd.
Click here for previous articles by Leonard.