NIST Offers Cybersecurity Actions for IoT-Enabled Devices
As manufacturers make more and more Internet-ready devices through the Internet of Things, they must accept the benefits and the detriments IoT brings to the table. Cybersecurity remains a concern, and the NIST is ready to tackle this issue with a new set of regulations presently in their second draft.
According to the National Institute of Standards and Technology, manufacturers are creating an incredible variety and volume of internet-ready devices, and most of these IoT devices do not fit the standard definitions of information technology devices that have been used as the basis for defining device cybersecurity capabilities like smartphones, servers and laptops have.
Manufacturers can help their customers address the challenges of IoT cybersecurity by improving how securable the IoT devices they make are, meaning the devices provide capabilities that device customers — both organizations and individuals — need to secure them within their systems and environments, and manufacturers provide their customers with the cybersecurity-related information they need.
The second draft of NISTIR 8259 offers six recommended voluntary actions manufacturers of IoT devices can perform before their IoT devices are sold to customers:
- Identify expected customers and define expected use cases – Conducting this process early in the design phase is vital for determining which device cybersecurity capabilities the device should implement and how it should implement them.
- Research customer cybersecurity goals – Manufacturers can make their devices at least minimally securable by those they expect to be customers of their product who use them consistently with the expected use cases.
- Determine how to address customer goals – Manufacturers can determine how to address their customers’ goals by having their IoT devices provide particular device cybersecurity capabilities in order to help customers mitigate their risks.
- Plan for adequate support for customer goals – Manufacturers can make their IoT devices more securable by provisioning device hardware, firmware, software and business resources to support the desired device cybersecurity capabilities.
- Define approaches for communicating to customers – Many customers will benefit from manufacturers communicating to them – or others acting on the customers’ behalf, such as an internet service provider or a managed security services provider like 2W Technologies, INC – more clearly about cybersecurity risks involving the IoT devices the manufacturers are selling or have sold.
- Decide what to communicate and how to communicate it – There are many potential considerations for what information a manufacturer communicates to customers for a particular IoT product and how that information will be shared.
2W Tech’s Cybersecurity Compliance Program was designed to support businesses with their compliance obligations. We work hand in hand with you to learn more about your required compliance, help obtain proper agreements, and access relevant system architecture information. 2W Tech is a technology service provider that specializes in solutions for the manufacturing industry. Give us a call today to get started.