Standards Organization, Trade Associations, and Other Industry Groups

Internet of Thinking Security (IoT Security)

Embedded Microprocessor Benchmark Consortium (EEMBC)

http://www.eembc.org/index.php

EEMBC has roots in industry consensus benchmarks that are integral to the success of a company’s products. As stated on their site (http://www.eembc.org/about/index.php):
EEMBC, an industry alliance, develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems. EEMBC has benchmark suites targeting cloud and big data, mobile devices (for phones and tablets), networking, ultra-low power microcontrollers, the Internet of Things (IoT), digital media, automotive, and other application areas. EEMBC also has benchmarks for general-purpose performance analysis including CoreMark, MultiBench (multicore), and FPMark (floating-point).

IoT-Secure™ (an EEMBC Benchmark) is new benchmark for IoT manufacturer, chip makers, and others to use in the development and maintenance of their IoT product. As they state:

This IoT-Secure benchmark suite will test and analyze various security profiles that should be implemented in IoT devices. Following EEMBC’s long-standing tradition, we will provide application developers with accurate, reliable information and tools that allow them to quickly and equitably compare the efficiency of system solutions targeted at IoT end-point applications. The IoT-Secure benchmark will be based on popular profiles targeting different application areas.

GSMA

http://www.gsma.com/

GSMA is a logical forum all things that connect. We’re moving to a wireless world. The cost of chipsets that connect to 3G/4G/5G, WIFI, and other wireless flows continues to optimize. GSMA has extensive work currently working on “IoT Security.”

 

International Electrotechnical Commission (IEC)

http://www.iec.ch/

The IEC is one of three global sister organizations (IEC, ISO, ITU) that develop International Standards for the world. The consensus oriented approach is one reason IEC standards are used throughout the world. “Things” connected to the Net and the security around them well within the IEC’s charter. One benefit of the IEC work is the cross sectional scope. IoT Security requirements found for power plants will intersect with high speed rail which will then intersect with medical devices and cross over to public safety in the world of smart cities.

 

IEC Reference Materials:

IoT Security Foundation

www.iotsecurityfoundation.org

Our mission is to help secure the Internet of Things, in order to aid its adoption and maximize its benefits. To do this we will promote knowledge and clear best practice in appropriate security to those who specify, make and use IoT products and systems. – Make it safe to connect

The IoT Security Foundation has several active working groups and published guidelines which will be updated.

 

NIST

The National Institute of Standards and Technology (NIST) under U.S. Department of Commerce publishes the FIPS standards applicable under the Federal Information Security Management Act (FISMA).NIST is actively developing a high-level IoT guide covering organizational process and roles. See https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program.

Government Regulation as a Means to Promote IoT Security

Public safety and economic liabilities are all factors where “official” civic society will have a role to play with IoT Security. Here are examples that governments can compare notes with their peers. Each country (or state) would be encouraged to focus on those elements of IoT & Security which most impact their constituents.

US Federal Trade Commission (FTC)

The US Federal Trade Commission one of the chief regulators in the US who have responsibility and accountability for the world of “things.” The FTC does have legislative mandates that allow for legal and liability investigations. Expect groups like the FTC to focus on the IoT security issues which impact public safety and life impacting devices.

 

Risky Business
All security professionals should listen to this podcast every week!