Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

NIST Issues Report on Internet of Things Cybersecurity

July 8, 2019

The National Institute on Standards and Technology (NIST) announced on June 27th that it had released a report on Internet of Things cybersecurity. The free report, entitled Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTIR 8228) is the first in a planned series of documents NIST is developing to help IoT users protect themselves, their data and their networks from potential compromise. Developed by the NIST Cybersecurity for IoT Program over more than two years of workshop discussions and interaction with the public, NISTIR 8228 is primarily aimed at federal agencies and other big organizations that are incorporating IoT devices into their workplace — organizations that may already be thinking about cybersecurity on a large-scale, enterprise level.

Larger organizations may already be using the Cybersecurity Framework and NIST SP 800-53 Rev. 5, two NIST resources that offer guidance for mitigating risk to information systems and the activities that involve them. NISTIR 8228 takes the security and privacy focus from these other documents and considers it in the context of IoT products, from thermostats to voice-operated devices, which may not have traditional interfaces such as a keyboard.

After distinguishing IoT devices from conventional computers and outlining the type of risks they carry, the authors suggest three high-level risk mitigation goals:

Protect device security, i.e., prevent an IoT device from being used to conduct attacks;
Protect security of data, including personally identifiable information; and
Protect individuals’ privacy.

In the near future, NIST plans to release a core baseline document that aims to identify fundamental cybersecurity capabilities that IoT devices can include. The document will have all IoT devices in mind, including those for individual users and home networks.

While this report covers larger entities, some of its advice is applicable to everyone – and I look forward to the coming baseline document – as we see every day, IoT devices are woefully insecure.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

NIST Issues Report on Internet of Things Cybersecurity

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer