IoT Devices Cyber Security and Risk Management

The Internet of Things (IoT) describes physical objects (or groups of such objects), that are embedded with bread, processing ability, software, and other technologies, and that connect and exchange data with other devices and systems over the Internet or other communications networks.

IOT Devices Capabilities

• Transducer

• Interface

• Application Interface

  • Human user interface

  • Network interface

Challenges with IoT(Internet of things) in comparison of IT(Information technology)

• Many IoT devices interact with the physical world in ways conventional IT devices usually do not

• Many IoT devices cannot be accessed, managed, or monitored in the same ways conventional IT devices can

  • Lack of management features

  • Lack of interfaces

  • Difficulties with management at scale

  • Wide variety of software to manage

  • Differing lifespan expectations

  • Unserviceable hardware.

  • Lack of inventory capabilities.

  • Heterogeneous ownership

• The availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices than conventional IT devices.

How to Mitigate IoT Risk?

• Protect Device Security

  • Asset Management

  • Vulnerability Management

• Protect Data Security

  • Data Protection

  • Data Security Incident Detection

• Protect Individuals’ Privacy

  • Information Flow Management

  • PII Processing Permissions Management

  • Informed Decision Making

How can manufacturer help to achieve Cyber Security?

• Activity 1: Identify Expected Customers and Define Expected Use Cases

  • Which types of people are expected customers for this device?

  • Which types of organizations are expected customers for this device?

• Activity 2: Research Customer Cybersecurity Needs and Goals

  • How will the IoT device interact with the physical world?

  • How will the IoT device need to be accessed, managed, and monitored by authorized people, processes, and other devices?

  • What are the known cybersecurity requirements for the IoT device?

• Activity 3: Determine How to Address Customer Needs and Goals

  • Which one or more of the following is a suitable means (or combination of means) to achieve the need or goal?

  • How robustly must each technical means be implemented in order to achieve the cybersecurity need or goal?

• Activity 4: Plan for Adequate Support of Customer Needs and Goals

  • Considering expected terms of support and lifespan, what potential future use needs to be taken into account?

  • Should an established IoT platform be used instead of acquiring and integrating individual hardware and software components?