The US National Institute of Standards and Technology’s (NIST) discussion draft is about core cybersecurity capabilities baselines for IoT devices, asking for public input on the matter. The draft details a set of cybersecurity capabilities that could be achieved by most IoT devices, especially looking for feedback concerning: the definitions and specificity of adequate capabilities, the usefulness of establishing high-level principles for IoT devices, the adequacy of the criteria chosen for identifying baseline capabilities, and the necessity of creating a taxonomy to describe types of IoT devices for future analysis. The draft is based on two previous reports: the ‘NIST internal report 8228; Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks’ and the ‘Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats’.
The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'.
Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss.
Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.
Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.