International Security Standards and the Internet of Things

By on

The third meeting of the International Standards Organization’s (ISO) Special Working Group (SWG) on (Internet of Things) recently took place in Chongqing, China.  The purpose of the SWG is essentially to assess what has been done to date related to IoT standards and provide guidance to ISO about the ISO so that the existing standards might be evolved to meet the needs of the IoT – as appropriate.

 In the area of security, this may mean that the world’s most widely adopted security standard, ISO 27000 family of management and operational standards, gets an update to accommodate new security requirements associated with the IoT.

 Auditing and standards will be critical to the IoT because they enable technical interoperability, and from a risk management perspective the enable business interoperability.

 Without standards the effort to get independently developed IoT systems working together will be a much more difficult processes involving and infinite number of point-to-point relationships which simple to do not scale.

Without standards, the IoT will evolve slower, will be more expensive and will ultimately possess lower quality and higher risk.  The higher risk part will start with the business risks we discuss in this chapter, but extend to the operational risks we discuss in the next chapter and to an unlimited range of technical risks that we do not attempt to address.

 The reason the IoT will be unmanageably risky without standards is due to the additional complexity that will come without standards.   Already the IoT will be the most complex and intricate thing every created by mankind, with billions and billions of (literally) moving parts connected by ubiquitous and heterogeneous (many different types of) networks.  From a risk management and security perspective, no standards mean each IoT system will need to have individual and unique security investments and assessment.

 If each IoT system has individual and unique security, then each interface or connection between each system will have to be established through slow bi-lateral processes.   Such a system would be uncontrollably expensive and violate one of the most common business requirements of the IoT – that it possess financial justification: that the IoT creates value not destroy it.

 The alternative to security standards in the IoT is an expensive, bilateral system of security and risk management.  Or managers, owners and users simply accept unknown risk – the worst type of risk management decision of them all, and in many cases a option counter to regulation and law.

Leave a Comment

Similar articles

The future of connectivity is here ­– 5G. This new network is set to roll out across the nation this coming year and bring greater speed to our handheld devices, which means more data and lower latency. But perhaps one of the most anticipated and popular benefits is it will allow even more IoT devices ...
Read Blog
The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in the consumer electronics industry comes from all over to show off the latest and greatest cutting-edge innovations in technology. From flying taxis, self-driving suitcases, and robots that will fold your laundry, CES 2019 did not ...
Read Blog
Few fields and industries change as rapidly as those in the technology sector. This fast-moving, adaptable and growing sector creates new applications, new devices, and new efficiencies designed to make our everyday lives easier — sometimes in ways we’ve never imagined. But more devices and applications, from a security standpoint, means cybercriminals could have more ...
Read Blog