International Security Standards and the Internet of Things

By on

The third meeting of the International Standards Organization’s (ISO) Special Working Group (SWG) on (Internet of Things) recently took place in Chongqing, China.  The purpose of the SWG is essentially to assess what has been done to date related to IoT standards and provide guidance to ISO about the ISO so that the existing standards might be evolved to meet the needs of the IoT – as appropriate.

 In the area of security, this may mean that the world’s most widely adopted security standard, ISO 27000 family of management and operational standards, gets an update to accommodate new security requirements associated with the IoT.

 Auditing and standards will be critical to the IoT because they enable technical interoperability, and from a risk management perspective the enable business interoperability.

 Without standards the effort to get independently developed IoT systems working together will be a much more difficult processes involving and infinite number of point-to-point relationships which simple to do not scale.

Without standards, the IoT will evolve slower, will be more expensive and will ultimately possess lower quality and higher risk.  The higher risk part will start with the business risks we discuss in this chapter, but extend to the operational risks we discuss in the next chapter and to an unlimited range of technical risks that we do not attempt to address.

 The reason the IoT will be unmanageably risky without standards is due to the additional complexity that will come without standards.   Already the IoT will be the most complex and intricate thing every created by mankind, with billions and billions of (literally) moving parts connected by ubiquitous and heterogeneous (many different types of) networks.  From a risk management and security perspective, no standards mean each IoT system will need to have individual and unique security investments and assessment.

 If each IoT system has individual and unique security, then each interface or connection between each system will have to be established through slow bi-lateral processes.   Such a system would be uncontrollably expensive and violate one of the most common business requirements of the IoT – that it possess financial justification: that the IoT creates value not destroy it.

 The alternative to security standards in the IoT is an expensive, bilateral system of security and risk management.  Or managers, owners and users simply accept unknown risk – the worst type of risk management decision of them all, and in many cases a option counter to regulation and law.

Leave a Comment

Similar articles

Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered ...
Read Blog
5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions ...
Read Blog
Global messaging giant WhatsApp turned 10 years old this year. It's not unusual for companies to provide loyal customers or members with gifts to show their appreciation during these milestones. Unfortunately, cybercriminals are using this as a ploy to carry out their malicious schemes. According to Forbes, security researchers have discovered a fraudulent message promising ...
Read Blog