ISF Releases Securing the IoT: Taming the Connected World
November 2019 by Marc Jacob
According to the Information Security Forum (ISF), trusted resource for executives and board members on cyber security and risk management, the Internet of Things (IoT) has exploded into the connected world, promising the enablement of the digital organization and making domestic life richer and easier. However, with those promises come inevitable risks including the rush to adoption, which has highlighted serious deficiencies in both the security design of IoT devices and their implementation. Coupled with increasing governmental concerns around the societal, commercial and critical infrastructure impacts of this technology, the emerging world of the IoT has attracted significant attention.
In an effort to support global organizations, the ISF today announced the release of Securing the IoT: Taming the Connected World, the organizations latest digest which helps security professionals better understand the security implications of the IoT. Based on external and ISF member research, and supplemented by a short series of special interest group meetings held in Finland, the Netherlands and the United Kingdom, this paper explores:
• Definitions of the IoT
• Technical characteristics
• Fundamental security issues
• Emerging security practice
• Legal and regulatory landscapes
The IoT is often perceived as new and cutting edge, but similar technology has been around since the last century. What has changed is the ubiquity of high-speed, low-cost communication networks, and a reduction in the cost of compute and storage. Combined with a societal fascination with technology, this has resulted in an expanding market opportunity for IoT devices, which may be broadly split into two categories: consumer and industrial IoT.
The IoT has also been described as a form of shadow IT, often hidden from view and purchased through a non-IT route. Hence, responsibility for its security is often not assigned or mis-assigned. There is an opportunity for information security to take control of the security aspects of the IoT, but this is not without challenges: amongst them skills and resources. Nevertheless, there is a window of opportunity to tame this world, by building security into it. As most information security professionals understand, this represents a cheaper and less disruptive option than the alternative. Security teams should take the initiative to research security best practices to secure these emerging devices and be prepared to update their security policies as even more interconnected devices make their way onto enterprise networks.
Securing the IoT: Taming the Connected World is available now to ISF Member companies via the ISF website.