The National Institute of Standards and Technology released a publication called NISTIR 8228. What does this publication say? Well, let’s find out.
NISTIR 8228: “Considerations For Managing Internet Of Things (IoT) Cybersecurity And Privacy Risks”
The Internet of Things or IoT refers to a collection of technologies that interact with the physical world. They are no computers. Nor run on Windows and Mac OS operating systems. But these technologies have network connectivity. Thus helping humans live with comfort and ease.
But connecting these devices to the internet may allow points of entry to cyber threats. Thus, the National Institute of Standards and Technology (NIST) released a draft publication.
It’s called “NIST Internal Report (NISTIR) 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.”
This publication will show how to manage cybersecurity and privacy risks. The risks associated with IoT devices.
Detailing IoT Devices’ Security Vulnerabilities
Many of these devices, when connected to the internet, may allow points of entry for threats.
Some of them even are difficult or impossible for IT personnel to monitor and patch. Thus, to mitigate risk, you may need to put them on the company network behind VLAN firewalls.
Additionally, hackers may try to gain access to through IoT device’s vulnerable parts. So they can launch an attack on any computer connected to that network.
Besides, cybercriminals may recruit IoT devices as botnets to use in distributed denial-of-service (DDoS) attacks. Moreover, hackers also gain access to IoT devices by exploiting vulnerabilities in these devices.
IoT Framework Recommendations By NIST
The NIST IoT framework gives recommendations. So that organizations can take actions to address cybersecurity and privacy risks. These include:
- Understand the risk challenges.
- The need to adjust organizational policies and processes to address those challenges.
- Implementation of updated risk mitigation practices for IoT devices.
NIST recognizes a great deal of interest in establishing security and privacy to aid risk mitigation. Why? Manufacturers build security and privacy capabilities into their devices.
But, there are currently millions of IoT devices in use. And most of them lack these capabilities. So, manufacturers may take time to improve pre-market security and privacy capacity. While building it into their devices.
Aside from that, adding these capabilities without making IoT devices too costly imposes additional challenges.
Simple Approach To Increase Security Of IoT Devices
IoT devices may have different requirements for security. For instance, in some devices, only the device itself may need protection. While other devices may need data security in addition to device security. But some devices need privacy protection. As well as device and data security.
But these requirements are not differentiated. Therefore organizations need to decide which ones apply to any particular IoT device and use.
In general, the NIST IoT framework gives a useful starting point to address the risks. But it’s only the first step.
Challenges still may come. Especially on the designing and building cost-effective secure devices. And addressing the risks the millions of IoT devices may pose as well.
There’s a simple approach to increase the security of IoT devices. That is by simply changing the default passwords programmed by manufacturers. It’s a straightforward solution for consumers. Especially those who only have a few IoT devices.