This month, the U.S. Commerce Department's (DoC) National Telecommunications and Information Administration (NTIA) announced that it aims to catalog existing security standards through its Internet of Things (IoT) initiative. Ultimately, the multi-stakeholder process will serve to develop a broad, shared definition or set of definitions around security upgradability for consumer IoT, and help enhance consumer awareness and understanding related to IoT purchases and security.
The DoC supports the advancement of IoT— which it defines as a transformational evolution in global technology with the potential to benefit public safety, health care, governance, and the environment and improve the daily lives of workers and consumers— as outlined in its newly released green paper, which identifies areas to advance efforts, including promoting standards and technology advancement.
The action is a response to feedback on both the Internet of Things and cybersecurity, in which stakeholders urged the DoC and NTIA to address the security of IoT through voluntary, multi-stakeholder processes.
The NTIA’s Working Group (WG) 1, Existing Standards, Tools, and Initiatives, is currently researching and reviewing existing IoT security standards and initiatives as they apply to security patching and upgradability of deployed IoT devices and infrastructure. A globally focused effort, WG 1 will identify needs of other WGs and look for what exists, from a standards and best practice perspective.
To that end, WG 1 will assess standardization efforts by the National Institute of Standards and Technology (NIST), IEEE Internet of Things, the Internet of Things Consortium, and the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), among other organizations.
The American National Standards Institute (ANSI) is the U.S. member body to ISO, and via the U.S. National Committee, to the IEC. ANSI holds the secretariat of ISO/IEC Joint Technical Committee (JTC) 1, which has been working on IoT standardization since 2012. [see related article]
According to the NTIA, the ultimate objective of this effort is to “foster a market offering more devices and systems that support security upgrades through increased consumer awareness and understanding.” NTIA reports that its final step will be to develop a strategy to share these definitions throughout the broader development community, and ultimately with consumers.
ANSI encourages the U.S. standardization community to review the NTIA materials and submit their comments for review and inclusion:
For more information, see the DoC’s Internet Policy Task Force publication, “Multi-stakeholder Process; Internet of Things (IoT) Security Upgradability and Patching.”