Automobile security image, from National Highway Traffic Safety Administration. (2016, October). Cybersecurity best practices for modern vehicles. (Report No. DOT HS 812 333).On November 29, 2017, Gerry Elman presented a webinar on “Federal Guidelines for Security on the Internet of Things (IoT)” as part of a panel discussing the topic of “DHS Framework and Principles for IoT Devices: What It Means to Your Company.”  Click here for more info.

Gerry’s section of the agenda:

  • US DHS issued Strategic Principles for Securing the Internet of Things 12 months ago.  This is important guidance, but without specifics or mandatory requirements.
    • It refers to the NIST framework for cybersecurity risk management as a comprehensive touchstone for organizational cyber risk management.
  • Compare with (and take account of) privacy and security requirements under HIPAA, which are enforced with million-dollar fines.
  • Various industries are subject to more specific guidance and regulation, e.g.
    • Medical devices under FDA regulation
    • Vehicles under DoT regulation
  • Standards organizations are developing consensus rules for certification, e.g. UL, ASTM, etc.

From the webinar description:

With the growth of the Internet-of-Things (IoT) comes not only opportunities and benefits for our society, but also substantial safety and economic risks. In an effort to combat these risks, the Department of Homeland Security (DHS) issued guidance underlining strategic principles for IoT device security. Though these principles are nonbinding and can be ignored by businesses at will, the guidance will likely influence the standard of reasonable security. IoT device manufacturers are expected to be vulnerable to scrutiny by regulators, the plaintiffs’ bar and the courts if they do not consider the DHS guidance.

In this Webcast, a panel of thought leaders and practitioners assembled by The Knowledge Group will provide an overview of the DHS’ Strategic Principles for Securing the Internet of Things and its potential impact to the standard of IoT cybersecurity. The speakers will offer best practices to adopt this guidance, thus, enabling businesses to create a responsible level of security for IoT devices and systems.

Key topics include:

  • DHS’ Strategic Principles for IoT: An Overview
  • Scope, Purpose, and Audience
  • Implications to IoT Security Standard
  • Best Practices on Strengthening IoT Security

Image credit: Automobile security image, from National Highway Traffic Safety Administration. (2016, October). Cybersecurity best practices for modern vehicles. (Report No. DOT HS 812 333).