Standards Organization, Trade Associations, and Other Industry Groups
Embedded Microprocessor Benchmark Consortium (EEMBC)
http://www.eembc.org/index.php
EEMBC has roots in industry consensus benchmarks that are integral to the success of a company’s products. As stated on their site (http://www.eembc.org/about/index.php):
EEMBC, an industry alliance, develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems. EEMBC has benchmark suites targeting cloud and big data, mobile devices (for phones and tablets), networking, ultra-low power microcontrollers, the Internet of Things (IoT), digital media, automotive, and other application areas. EEMBC also has benchmarks for general-purpose performance analysis including CoreMark, MultiBench (multicore), and FPMark (floating-point).
IoT-Secure™ (an EEMBC Benchmark) is new benchmark for IoT manufacturer, chip makers, and others to use in the development and maintenance of their IoT product. As they state:
This IoT-Secure benchmark suite will test and analyze various security profiles that should be implemented in IoT devices. Following EEMBC’s long-standing tradition, we will provide application developers with accurate, reliable information and tools that allow them to quickly and equitably compare the efficiency of system solutions targeted at IoT end-point applications. The IoT-Secure benchmark will be based on popular profiles targeting different application areas.
GSMA
GSMA is a logical forum all things that connect. We’re moving to a wireless world. The cost of chipsets that connect to 3G/4G/5G, WIFI, and other wireless flows continues to optimize. GSMA has extensive work currently working on “IoT Security.”
- GSMA IoT Security Guidelines
- IoT Security Self-Assessment
- IoT Security Guidelines for Network Operators
- IoT Security Guidelines for Endpoint Ecosystem
- IoT Security Guidelines for Service Ecosystem
International Electrotechnical Commission (IEC)
The IEC is one of three global sister organizations (IEC, ISO, ITU) that develop International Standards for the world. The consensus-oriented approach is one reason IEC standards are used throughout the world. “Things” connected to the Net and the security around them well within the IEC’s charter. One benefit of the IEC work is the cross-sectional scope. IoT Security requirements found for power plants will intersect with high-speed rail which will then intersect with medical devices and cross over to public safety in the world of smart cities.
IEC Reference Materials:
- White Paper IoT 2020: Smart and secure IoT platform
- White Paper Internet of Things: Wireless Sensor Networks
IoT Security Foundation
Our mission is to help secure the Internet of Things, in order to aid its adoption and maximize its benefits. To do this we will promote knowledge and clear best practice in appropriate security to those who specify, make and use IoT products and systems. – Make it safe to connect
The IoT Security Foundation has several active working groups and published guidelines which will be updated.
NIST
The National Institute of Standards and Technology (NIST) under U.S. Department of Commerce publishes the FIPS standards applicable under the Federal Information Security Management Act (FISMA).NIST is actively developing a high-level IoT guide covering organizational process and roles. See https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program.
Government Regulation as a Means to Promote IoT Security
Public safety and economic liabilities are all factors where “official” civic society will have a role to play in IoT Security. Here are examples that governments can compare notes with their peers. Each country (or state) would be encouraged to focus on those elements of IoT & Security which most impact their constituents.
US Federal Trade Commission (FTC)
The US Federal Trade Commission one of the chief regulators in the US who have responsibility and accountability for the world of “things.” The FTC does have legislative mandates that allow for legal and liability investigations. Expect groups like the FTC to focus on the IoT security issues which impact public safety and life-impacting devices.
- The Internet of Things: Privacy & Security in a Connected World (2015)
- IoT Home Inspector Challenge (2017) – A competition to promote innovation around IoT Security in the Home. Competitions like this can be emulated by other Governments as a means to understand risk, promote awareness, build IoT Security capacity, and to instigate local IoT security innovation.
- What’s the security shelf-life of IoT? (2015)
- What happens when the sun sets on a smart product? (2016)
- What you need to know to secure your IoT devices (2016)
- FTC Charges D-Link Put Consumers’ Privacy at Risk Due to the Inadequate Security of Its Computer Routers and Cameras (2017)
Other IOT Security/Resiliency Guidelines and Standards
- European Union Agency for Network & Information Security (ENISA)
- Consumer Products Safety Commission
- Internet Society
- UK Government Secure by Design
- Department of Commerce, NTIA – IoT Upgradability & Patching Initiative
- Department of Commerce, NTIA – Coordinated Vulnerability Disclosures
- FTC & The NIST Cybersecurity Framework
- FTC Building Security into IoT
- AgeLight
- Consumer Reports / Digital Standard
- Underwriters Laboratory (UL)