NIST: 17 reasons we can’t trust or certify IoT devices

As Californian lawmakers mull the first US Internet of Things (IoT) security regulations, the US National Institute of Standards and Technology (NIST) is grappling with how it can certify connected things.  The Californian bill unveiled this week would require makers of IoT devices by 2020 to “equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit”.  But security is just one aspect of trust that people and standards-setting bodies will need to weigh up in future as more things become internet-connected. Cisco reckons the IoT will be made of 500 billion connected objects by 2030 and this could spell trouble for organizations that certify technology for use within government, business and critical infrastructure.    The NIST, a US agency that tests new technologies and and helps define security standards, has outlined 17 core trust concerns it has with IoT, most of which have “no current resolution” and could undermine users’ confidence in technology that crosses the divide from cyber into physical and are prone to ‘bloat’ or vendors stuffing in features that aren’t necessary and can reduce performance or introduce security risks.  “‘Things’, and the services to interconnect them are often relatively inexpensive therefore creating an opportunity for functionality bloat,” the NIST authors warn in a note about IoT scalability.  “This allows complexity to skyrocket causing difficulty for testing, security, and performance.

Read full news article on CSO

 


Date:

Categorie(s):

Tag(s):