The internet of things is an ever evolving and expanding network of diverse technologies that interact with each other and the physical world in complicated ways, according to a draft pub issued today by the National Institute of Standards and Technology. From smart appliances and wearable personal gadgets, to embedded electronics, software and sensors in vehicles, buildings and manufacturing, these devices collect and exchange data creating one enormous interconnected information system.
Consumer demand continues to grow for smart devices due to their convenience and affordability. Last year, the Institute of Electrical and Electronics Engineers, in its Spectrum Online publication, predicted that by 2020, the IoT network of connected devices will reach 50 billion. Yet often IoT devices are not secure, the IEEE cautioned, making them appealing targets for hackers.
Further, many organizations remain unaware of the large number of IoT devices in use or how IoT devices may affect cybersecurity and privacy risks quite differently than conventional information technology devices, NIST explained.
”NIST analysis of existing standards and guidelines for IoT device cybersecurity and privacy has determined that because IoT devices and their uses and needs are so varied, few recommendations can be made that apply to all IoT devices. NIST is creating a high-level, widely applicable baseline, with the first examples shown in Appendix A of the draft publication, and is also developing more specific and actionable recommendations for particular types of IoT devices. Therefore, feedback on the Appendix A examples is particularly important,” according to Draft NISTIR 8228.
To this end, NIST is asking for comments on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. This draft pub aims to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices. The publication is intended as an introductory document that provides the foundation for a planned series of publications on more specific aspects of this topic, NIST said.
A public comment period for this draft document is open until Oct. 24, 2018. Go to the publication details for a link to the draft document and a template for providing comments.