NIST publishes workshop summary report for cybersecurity risks in consumer home IoT devices

The US National Institute of Standards and Technology (NIST) issues a summary report NISTIR 8333 – Cybersecurity Risks in Consumer Home Internet of Things (IoT) Products. This report summarizes the findings from the NIST Cybersecurity Risks in Consumer Home internet of things (IoT) Devices virtual workshop in October 2020. The workshop’s main conclusions were as follows: (1) creating a secure IoT ecosystem for consumer devices can benefit manufacturers and the “common good”; (2) manufacturers are challenged by balancing the design and functionality of consumer IoT devices against maintaining a viable cost structure; (3) manufacturers can benefit by having a business model around a “connected device lifecycle”; (4) consumers cannot be solely responsible of maintaining cybersecurity on IoT devices; (5) software and patch updates are critical to maintaining security, but consumers can’t always deploy them; (6) privacy is important but is not well understood by consumers; (7) consumer education about home IoT cybersecurity should be an ongoing, shared responsibility among stakeholders. The report specifies the following steps NIST is about to take: (1) survey the options for confidence mechanisms for IoT devices; (2) address software update and patching complexity; (3) consider a consumer home IoT device profile; (4) perform an analysis of the available guidance for consumer IoT cybersecurity and (5) determine appropriate revisions for the product security survey.