A set of “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0” was issued yesterday by the Department of Homeland Security (DHS), which said, “These principles highlight approaches and suggested practices to fortify the security of the IoT and will equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems.”
“The growing dependency on network-connected technologies is outpacing the means to secure them,” said DHS Secretary Jeh Johnson. “We increasingly rely on functional networks to advance life-sustaining activities, from self-driving cars to the control systems that deliver water and power to our homes. Securing the Internet of Things has become a matter of homeland security. The guidance we issued today is an important step in equipping companies with useful information so they can make informed security decisions.”
DHS said, “The purpose of these principles is to provide stakeholders with tools to comprehensively account for security as they develop, manufacture, implement, or use network-connected devices. It is a first step to motivate and frame conversations about positive measures for IoT security among IoT developers, manufacturers, service providers and the users who purchase and deploy the devices, services and systems.”
The principles focus on the following key areas: incorporating security at the design phase; advancing security updates and vulnerability management; building on proven security practices; prioritizing security based on potential impacts; promoting transparency across the IoT ecosystem; and connecting carefully and deliberately.
“Today is a first step,” said Assistant Secretary for Cyber Policy Robert Silvers. “We have a rapidly closing window to ensure security is accounted for at the front end of the Internet of Things phenomenon. These principles will initiate longer-term collaboration between government and industry. Together we will work to develop solutions to address the resilience of the Internet of Things so that we can continue to benefit from the remarkable innovation that is driving our increasingly-connected world.”
“This effort is in line with DHS’ leading role in working with the private sector to enhance cybersecurity and share best practices, and reflects the department’s mission to secure cyberspace, protect critical infrastructure and ensure public safety,” DHS said in its announcement.
A fact sheet describing this initiative can be found here. For full text of the document, and other resources, visit www.dhs.gov/securingtheIoT.
