IoT Device Cybersecurity Guidance for Manufacturers

IoT Device Cybersecurity

The National Institute of Standards and Technology (NIST) has released a baseline guidance for IoT device Cybersecurity.  IoT or Internet of Things refers to computing devices that integrate physical and/or sensing capabilities and network interface capabilities.  Providing security for these devices becomes more challenging as they become smaller, more prevalent, and capable.

The Growth of IoT

IoT devices can be found in every sector of society.  They are found in smart home products, wearable technology, health monitoring devices, and transportation equipment.  They can also be found in industrial controls technology, agriculture, military, and infrastructure applications.  There has been an amazing growth in IoT with global market value in the trillions of dollars.

IoT Device Core Baseline Cybersecurity

The NIST publication gives manufacturers recommendations for improving how securable the IoT devices they make are.   It provides six actionable items, four that should be conducted to assess pre-market impact, and two activities with primarily post-market impact.  Because these activities affect the process by which design specifications should be created, the document is primarily intended for the development of new devices.

Pre-Market Activities for Baseline IoT Cybersecurity

IoT product manufacturers should consider the security of a product throughout its life cycle.  This includes an examination of integration into the customers probable usage and overall system requirements.  Because these factors will widely vary from product to product the following steps should be conducted:

  1. Identify expected customers and users, and define expected use cases.
  2. Research customer cybersecurity needs and goals.
  3. Determine how to address customer needs and goals.
  4. Plan for adequate support of customer needs and goals.

Additional Steps After Product Release

It is important to define methods for communicating cybersecurity risks and recommended protocols.  These considerations should include a declaration of risk related assumptions, product support options, device composition and capabilities, device cybersecurity capabilities, software update availability, and methods for safe retirement and disposal.

Cybersecurity of Increasing Concern for Businesses

Because many incidents go unreported, real losses to U.S. manufacturing from cybercrime are difficult to assess.  Even the most statistically reliable data is derived from a small survey of businesses conducted by the Bureau of Justice Statistics.   In a recent report from Douglas Thomas of NIST, estimated losses for all industries could be as high as between 0.9% and 4.1% of total U.S. gross domestic product (GDP), or between $167.9 billion and $770.0 billion.

CVG Strategy Cybersecurity

As IoT devices continue to proliferate they present challenges to even the smallest manufacturing concerns.  Most manufacturers implement many such devices to control processes and gather critical data.  Because of this they should be taken into consideration by an effective Information Security Management System (ISMS).  CVG Strategy can help your business implement ISO 27001 to exercise due diligence and compliance with contractual and regulatory data security.  Contact Us today to see how we can help.


Kevin Gholston

Kevin Gholston

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email