<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

As we’ve seen before, one of the greatest cybersecurity threats facing both consumer- and enterprise-focused organizations is the rise of connected devices - the internet of things (IoT). IoT devices are the bridge we’ve been anticipating between the digital world and physical objects. Whether a warehouse robot or a home security camera, the technology that powers these devices is essentially the same. A powerful blend of almost all internet age technology - fog and cloud computing, artificial intelligence (AI), and more - IoT devices are some of the weakest from a cybersecurity perspective. The reason for this weakness is the infinite number of configurations that these different technologies take depending on the device.

Do We Have The Ingredients For An IoT Security Framework?

The first question really is - what are the ingredients for an IoT security framework. As I said the greatest hurdle when developing a framework like the NIST Cybersecurity Framework that can scale to any sized organization and industry is the infinite configurations that IoT devices can take - some may rely more on cloud, some more on AI, and the result is a difference in weights for certain elements of a framework depending on the device or asset.

I argue that we are in the final stage of the first step toward an IoT framework - that step being developing core frameworks for the pillars that support IoT technology. Among these pillars are the NIST CSF for cybersecurity, NIST SP 800-30 and the FAIR model for risk assessment and management, and the new NIST Privacy Framework.

The next necessary step is developing the connective material between these tenets that support IoT - fog computing, cloud security, etc. From there we can begin to determine how these pieces fit together depending on the device - the third and final step to an IoT cybersecurity framework.

Privacy Is Important But Not The True Threat

Given the intimate nature that businesses and consumers alike share with these devices - welcoming them into homes, connecting them to critical systems - many industry leaders are ranking privacy within an IoT framework as a top priority. I disagree. When they initially published their working draft of the NIST IoT Framework, I responded to the NIST team noting that there was nothing in the draft about cyber-kinetic threats.

That is not to say that I don’t believe data privacy is a critical aspect of IoT security. Rather, privacy violations are a means to an end - nefariously accessing user data cannot yield anything beyond insight about that particular user. On the other hand, consider a connected crane that is hacked by a bad-actor and razes a construction site and those around it. Where privacy is the research, cyber-kinetic threats are the true nefarious actions - where the digital and physical truly meet.

Where We Go From Here

Already we are seeing the development of IoT security frameworks start to emerge - from NIST and other standardizing bodies. However, the interaction between this public entities and private think tanks is a game of cat and mouse. As a CSO at a global electric company, I was apart of both sides - working on the NIST CSF as well as participating in an industry focused think-tank (ITIC) - and saw the dynamic first hand. What I foresee for the development of the IoT framework is the same evolution: many device manufacturers will seek to ensure their own destiny by developing their own framework, refined within a think-tank. The response will be an iterated, more unified, framework structure developed with a body like NIST that can scale beyond one industry or another.

The Future For Internet of Things Security Is Bright

CyberSaint has discussed before how the next competitive advantage for IoT will be security and I still stand by that. With a more technology literate customer base, both on the enterprise and consumer sides, and the forces we’ve explored here I truly believe that IoT will be the culmination of decades of technological advancement. The challenge facing those in the information security industry today is continuing to embrace, develop, and iterate on best practices to ensure the best outcome for end users.

You may also like

April Product Update
on May 3, 2022

Teamwork makes the dream work! Teamwork makes the dream work - an annoyingly accurate cliche we’ve repeatedly heard over the years from sports fields to corporate offices. It’s a ...

Watch The CyberStrong Platform ...
on April 27, 2022

With cyber-attacks on businesses at an all-time high, it’s more crucial than ever to keep an eye out for potential cyber risks. These risks pose an even bigger threat when ...

Alison Furneaux
January / February Product Update
on March 7, 2022

New year, new features! Each year brings a new list of new year’s resolutions - you know, that list of fake promises you make to yourself, like giving up chocolate, exercising ...

Kyndall Elliott
The Complete Guide to Your ...
on March 4, 2022

The incident response framework by the National Institute of Standards and Technology (NIST) is an impactful beginning for organizations looking to optimize their incident plan ...

Kyndall Elliott
All You Need to Know About NIST ...
on March 3, 2022

Businesses depend on protecting confidential information to establish a reputation of dependability in the market and build trusting relationships with their customers and ...

How Cyber and IT Risk ...
on March 10, 2022

Cybercrime has reached new heights over the last five years, especially during the COVID-19 pandemic. This is made evident by the costly security breaches in big corporations that ...