![rail maze requirements rail maze requirements](https://www.oraclestorage.co.uk/wp-content/uploads/2019/04/wide-aisle-racking-installation-768x567.jpg)
Some send data out others require inbound connectivity. Some are cloud-managed others are handled internally. IoT devices have many different access requirement models. When it comes to protecting IoT from cyberattacks, IT managers can focus on the most critical question: “What are the physical, logical access, network and other requirements of the IoT device?” It has about two dozen questions to determine why each IoT device is being added, what agency data will be collected and shared, and how the device fits within the agency’s technology environment. Second, manage security gaps.Īn excellent starting point is section 3.1 of NIST SP 800-213, titled “IoT Device Cybersecurity Guidance for the Federal Government: Establishing Requirements.” Managing the security risks associated with these three tasks is straightforward, with two action items: First, know your device. While many federal IoT standards are aimed at device manufacturers and vendors, IT managers need to focus on three major tasks: protecting the device, protecting the data and protecting users’ privacy.ĭepending on the agency, each of these responsibilities may be handled by different groups.įor example, device security will usually fall to network and security operations teams, while protecting user privacy and personally identifiable information may fall to legal, human resources and IT architecture groups.ĭISCOVER: The defenses agencies need for Internet of Things and 5G networks. Directly applicable to federal IT managers, NIST has published several internal/interagency reports ( NISTIR 8228, 8259, 8259A and 8259B) as well as special publications on IoT security requirements ( SP 800-213 and 800-213A).Īdd that to at least 15 other groups providing IoT cybersecurity advice, including the Global System for Mobile Communications (GSMA) and the Internet Society, and there’s a lot to read.Ĭlick the banner below to get access to exclusive content by becoming an Insider. There’s no shortage of frameworks and abstract advice. How can IT managers satisfy this demand without compromising network security? Meanwhile, the IoT Cybersecurity Improvement Act of 2020 puts pressure on federal IT managers and supporting agencies - including the National Institute of Standards and Technology, the Office of Management and Budget and the Department of Homeland Security - to improve IoT cybersecurity. Internet of Things products are in high demand from end users and agencies, but the standard toolbox IT managers have been using isn’t well adapted. They’re faced with videoconferencing room systems and add-ons, cloud-managed switches and access points, security cameras, environmental sensors and controls, not to mention internet-connected soft drink dispensers, wall clocks and smart speakers. Now those IT managers are faced with a new world, one filled with consumer-class devices that also need protection. For decades, federal managers have been hard at work building secure internal networks, adding security information and event management ( SIEM) and vulnerability management systems, and installing new firewalls and intrusion prevention systems.