National regulations in IoT
Our high-security Secure-IoT end-to-end-solutions meet standards, regulations and cyber security recommendations as follows…
- The U.S.: Interagency Report of the National Institute of Standards & Technology (NIST)
- The European Union Agency For Network And Information Security (enisa); as well as
- The United Kingdom’s Ministry for Digital & Creative Industries (Secure by Design: Improving the cyber security of consumer Internet of Things Report)
- and several others
Above‘s regulations concentrate and describe the high security requirements for the following IoT-markets:
- Connected vehicle (CV)
- Consumer IoT
- Health IoT
- Smart building IoT
- Smart Manufacturing IoT
High-profile cyberattacks and attempted compromises in the connected automobile and medical device industries have driven early security spend (digital as well as IoT-specific) in those verticals. There is also a growing attention and pressure from different layers of government for potential regulation. The effects of these attacks also highlight the overlapping safety regulation and general safety management impacts of digital security.
Thereforeboth, private and public organizationshaveemerged to combatnew IoT securitythreats. Here are some recentexamples:
- IoT Security Foundation : Established in September 2015, this consortiumhasmembersfrom a broadspectrum of industries, including communications serviceproviders, networkequipmentvendors, devicemakers, software developers and semiconductorcompanies.
- S. Department of Homeland Security (DHS) : In December 2015, DHS launched an initiative — called “Securing the Internet of Things (IoT)” — to workwithstartupcompanies and incubators to address IoT security. It highlighted 16 criticalinfrastructuresectorsthat DHS is addressing, such as communications, defense, energy and transportation.
- GSMA : The global industrygrouprepresenting mobile networkoperators (MNOs), withGSMA’shistory of implementingsecurity in mobile phones, haspublished a set of IoT securityguidelines in 2016 thattarget a broadset of hardware, software and serviceproviders.
- OWASP Internet of Things Project is an initiative developed to createawareness, withinindustry and consumers, of securityproblemsrelating to IoT, and to helpusers to improvesecurityprocesses and strategies.
- Kantara Initiative : This initiative providesstrategicvision and innovation for the IoT identitytransformation. Members of this organizationhelpdevelop initiatives, such as, “Identity Relationship Management,” “User Managed Access Work Group,” “Identities of Things Discussion Group” and “Consent& Information Sharing Work Group.”
- Open Trust Protocol : In July 2016, high securitycompaniesincluding ARM, Intercede, Solacia and Symantec havedeveloped the Open Trust Protocol. The goal is to providesecurearchitecture and codemanagement to protectconnected IoT devices. The architectureusestechnologiesdeployed in banking and for handling sensitive data on smartphones and tablets.
- Industrial Internet Consortium (IIC) : To address the securitychallengesthat are critical to the success of the industrial IoT, Industrie 4.0 and the industrialinternetrevolution, IIC membershavedeveloped a commonsecurityframework and an approach to assesscybersecurity. Published in September 2016, the Industrial Internet Security Framework (IISF) is a cross-industry-focusedsecurityframeworkcomprisingexpertise and securitybestpractices of IIC members.(Gartner: Saniye Burcu Alaybeyi, 2016)