In its continuing effort to understand and ensure the cybersecurity and integrity of the vast army of IoT devices that permeate modern life, the National Institute of Standards and Technology released Draft NIST Internal Report (NISTIR) 8222, Internet of Things (IoT) Trust Concerns, which identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.
The new document provides recommendations for mitigating or reducing the effects of these concerns while also suggesting additional areas of research with regard to the subject of “IoT trust.” This publication is intended for a general information technology audience, including managers, supervisors, technical staff, and those involved in IoT policy decisions, governance, and procurement, according to a NIST release.
NIST encourages feedback to address the 17 technical concerns that are presented, as well as suggestions for other potential technical concerns that may be missing from the document.
The internet of things refers to systems that involve computation, sensing, communication, and actuation — the action of causing a machine or device to operate. IoT technology is utilized by consumers in devices and household appliances and by government and industry organizations.
The pervasive nature of IoT leads to questions of trustworthiness and the potential of this new technology to be leveraged for malicious purposes. These concerns are not necessarily matters of direct risk assessment, but rather a high-level consideration of whether an IoT product or service can provide desired operations at an acceptable level of quality and security, NIST said.
To consider these questions, NIST is releasing Draft NIST Internal Report (NISTIR) 8222, Internet of Things (IoT) Trust Concerns, which identifies the 17 technical trust-related issues derived from the six “trustworthiness elements” in NIST Special Publication (SP) 800-183. The document offers recommendations for addressing these concerns, suggests additional areas of research with regard to the subject of “IoT trust,” and provides readers with a broad understanding of the topic.
A public comment period for this draft document is open until Nov. 5, 2018. Comments may be submitted to firstname.lastname@example.org.