Implement Nist Iot Cybersecurity Guidelines Early – Security Magazine

Implement NIST IoT cybersecurity guidelines early – Security Magazine

Users can easily know if a product complies with the Restriction of Hazardous Substances Directive (RoHS) or Underwriters Laboratory (UL) certification because products are clearly labeled. There is little guidance, however, on adherence of effective cybersecurity requirements for Internet of Things (IoT) tools. Soon, IoT device and software companies will be able to provide clear information directly on their packaging that certifies their solutions’ cybersecurity status and safety.
On February 4, 2022, the National Institute of Standards and Technology (NIST) issued draft recommendations for IoT labeling criteria in response to President Biden’s Executive Order (EO) on “Improving the Nation’s Cybersecurity.” The NIST recommendations outline cybersecurity criteria for an IoT product labeling program that would include label criteria and design considerations for user education and conformity assessment.
The program would provide clear indication of whether or not an IoT product or software package has met a set of specified cybersecurity requirements. NIST also recommends a scannable, accessible URL or QR code for additional information about the cybersecurity status of an IoT product or software. This information could help users and the federal government make informed decisions about their vendors and devices.
While the NIST recommendations are general and contain few specific cybersecurity demands, they are broad and designed to be “outcome-based,” not burdensome. Recognizing that a “one size fits all” approach is not realistic, NIST established baseline criteria that includes:
While NIST labeling recommendations do not guarantee cybersecurity, they certify that the process by which an IoT tool was built and developed considers security and follows industry-leading best practices.
Companies must understand that the list of affected products may be broad and unexpected. An insecure camera or television connected to a corporate network could provide an entry point for an attacker to infiltrate and obtain sensitive information. An IoT toothbrush that helps consumers improve brushing habits can pose a cybersecurity risk once connected to a local wireless network, where the toothbrush can become an entry or pivot point for attackers to breach a network.
The NIST-recommended labeling will bring some clarity to IoT cybersecurity — especially for non-technical users. Businesses will benefit from having clearer cybersecurity expectations about IoT tools before connecting devices to their networks.
While some manufacturers are not mindful of best practices that bolster IoT security, most manufacturers should take steps to prepare for NIST recommendations. Cybersecurity and the NIST recommendations are a continual effort. Some controls may require gradual implementation, and both manufacturers and enterprise security leaders will need to manage their cybersecurity transitions.
For now, there is no oversight or certifying agency for the NIST recommendations. The labeling program requires a scheme owner to oversee it — a concept many view as an opportunity and potentially challenging. Recommendations are still evolving while NIST seeks public feedback. As of yet, there are no steadfast effective dates.
Security leaders who implement applicable NIST recommendations proactively over time can see lower implementation costs and a stronger competitive posture. Those who wait until the last minute and are forced to implement quickly will likely experience greater costs and business disruption. It is essential to consult with experts who assist businesses in understanding the requirements and their associated impact — whether from damaging impact to brand reputation when things go wrong or from rewards that come from proactive implementation.
Subscribe To Security Magazine
Scott Laliberte is the Managing Director and Global Leader of Protiviti’s Emerging Technology Group.
Matthew Freilich is an Associate Director in Protiviti’s Emerging Technology Group with a focus on IoT and medical devices.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
Let’s examine a sad reality: Workplace violence is not going away. How can this data be leveraged to help ensure the safety of your employees, patients, and guests? 
Situational awareness should be at the forefront of your security program. It can mean the difference between life and death in a workplace emergency.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Sec Shooter Detection Webinar
Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing


Leave a Comment

Leave a Reply

Your email address will not be published.

Global Market Innovators Acquires Cosant Cyber Security – PR Newswire

Cybersecurity and Integration are Top IT Priorities – Channel Insider

Oktapus attack on Twilio exposes data of 163 companies | Cyber Security Hub – Cyber Security Hub

Global Industrial Cybersecurity Market Expanding To Reach USD 20.5 Billion by 2030, With a Sustainable CAGR of 4.4% | Growth Market Reports – Benzinga