IoT security (ShutterStock image)

Working groups tackle IoT security

On Oct. 21, many popular websites fell victim to a distributed denial of service attack on DNS provider Dyn that was caused by the Mirai malware infecting unsecured Linux devices and turning them into bots for large-scale network attacks. While this event might have brought the issue of unsecured internet-of-things devices to the attention of a wide audience, such vulnerabilities were already a topic of discussion in cybersecurity circles.

In March 2015, the National Telecommunications and Information Administration issued a request for comments to ‘‘identify substantive cybersecurity issues … where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers.” Responses pointed to potential cybersecurity policies and practices related to IoT.

Then, in April 2016, NTIA asked for comments on the “benefits, challenges, and potential roles” for government in fostering the IoT. In August, the agency announced that it would look specifically at IoT security upgradability and patching.

Four working groups -- made up of individuals from both private and public sectors – were formed in October 2016 to identify how improve the security of the IoT through upgradability and patching. The working groups gave presentations on Jan. 31.

Existing Standards, Tools and Initiatives will provide a catalog of existing IoT security standards and a research summary for internal use.

  • Capabilities and Expectations will release examples of how different types of devices might be upgraded and a glossary technical terms.
  • Communicating IoT Upgradability is working on a report targeted at vendors on how to educate consumers on the upgrade process for IoT devices.
  • Incentives, Barriers, and Adoption will release a taxonomy to describe the scope of incentives and barriers to IoT security.

There are no firm deadlines for when the working groups will deliver their reports, but they expect to wrap up their work between March and May of this year

About the Author

Matt Leonard is a former reporter for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected