Do you require security standards which can be employed to appraise or design IoT Endpoints?
Answers are coming!
There is an often repeated story arc which security, threat, audit and business standards proceed believed in their ancient development.This occurs in a natural way responding to market forces. Once demand for advice reaches a critical mass someone takes the initial step and puts steaks in the ground. This puts forward an “best attempt” to fulfill the advice (perceived or real), and relieves the pressure to “get it right” that borrows parties from rapid actions. There is reputational threat and heavy lifting that’s accepted by early movers, but once a plausible attempt is made it unlocks barriers to participation and advancement. In effect that enables a transition to broad discussion and sequential refinement. Operating system hardening, PCI/PHI protection and cloud security all followed a similar narrative arc in their early days.
Here in late 2017 this trigger point was attained for IoT Endpoint security.
Back in July of 2017, Underwriters Laboratories (UL) started publishing the UL 2900 collection “Software Cybersecurity for both Network-Connectable Products” and which was extended with nutritional supplements such as biomedical, industrial control and life safety systems. That is resulting in several of collaborative efforts such as partnerships with ANSI, other standards bodies and business.
This isn’t to say that these groups were waiting for someone to act. Many company have been working on IoT Endpoint security standards for quite some time, but after somebody publishes these efforts change. This change results in throughout the board increases in efficacy and an improvement in progress for all parties.
If you need to design or assess IoT Endpoint or Gateway security, the key takeaways are:
- Credible (and testable) IoT Endpoint security standards are available now.
- 2018 will observe several complimentary standards printed across geopolitical and industry boundaries.
- Organizations must expect providers to know about these these standards, and equipped to talk compliance (or openings).
As always, please discuss comments, insights and further information below.
Here are some sources:
- UL 2900 Standards Process and UL Cybersecurity Assurance Program
Category: internet-of-things security