The Report identifies possible gaps in standards; for example, the application of blockchain in cryptographic techniques, the inability to use software patches to fix flaws in cyber incident management.
The National Institute of Standards and Technology in the US recently released an interagency report on cybersecurity for the Internet-of-Things (IoT).
The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council's Cyber Interagency Policy Committee. The purpose of the IICS WG is to coordinate on major issues in international cybersecurity standardisation and thereby enhance U.S. federal agency participation in international cybersecurity standardization.
The Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT) examines the current state of international cybersecurity standards development by voluntary consensus standards bodies for IoT.
The Report is meant to inform and enable policymakers, managers, and standards participants as they seek timely development of and use of cybersecurity standards in IoT components, systems, and services.
The Report notes that trustworthiness of IoT systems will require active management of risks for privacy, safety, security, etc. Traditional IT security focuses on CIA (confidentiality, integrity, and availably). As many IoT components interact the physical world through sensors and actuators, IoT security is also connected to physical security involving threats to people, their objects, and their environment.
IoT also connects traditional Internet and mobile capabilities and industrial control systems, leading to risks for critical information infrastructure.
Traditional information systems generally prioritise Confidentiality, then Integrity, and lastly Availability, while control systems and IoT systems usually prioritise Availability first, then Integrity and lastly Confidentiality.
View all SMART GRID Bulletins click here