Feds release guidelines for security of internet-connected devices

Feds release guidelines for security of internet-connected devices
© Getty Images

The National Institute of Standards and Technology (NIST) formally unveiled their guidelines for increasing the security of internet-connected devices at a conference on Tuesday, a month ahead of schedule.

ADVERTISEMENT

The guidelines come amid new concerns about the security of the many devices that connect to the internet.

Earlier this month, attackers used so-called internet of things devices to launch an attack against a critical part of the internet's architecture, briefly blocking access to major sites like Twitter and The New York Times. Internet-connected devices like cars and medical technology are known to be susceptible to hacking.

“Trustworthiness doesn’t happen by accident,” said Ron Ross, the architect of the guidelines, which have circulated in draft form since 2014. “It needs to be engineered.”

White House Chief Information Security Officer Greg Touhill, and U.S. Chief Information Officer Tony Scott joined Ross to present the finished document at Splunk GovSummit in Washington D.C.

NIST is the Department of Commerce shop behind a number of well-esteemed, voluntary standards across cybersecurity used in both the public and private sectors. Like those guidelines, the internet of things guidelines are designed to be flexible to business, industry and other individual considerations.

The guide provides security guidelines for 30 different processes involved with managing internet connected devices, from the supply phase to testing.   

The recommendations cover security engineering and testing that has often been absent from internet of things devices, traditionally held to a much lower standard. Until devices like security cameras were used as a conduit for other attacks, like the one blocking popular internet sites, many owners were not aware of their potential danger. 

“This [document] will change the national dialogue from one of victims to one of a group of people who can do something about this,” said Scott.