The recently released IoT Device Cybersecurity Capability Core Baseline (NISTIR 8259A) by the National Institute of Standards and Technology (NIST), provides invaluable guidance for IoT device manufacturers, integrators, and other stakeholders to improve the cybersecurity of connected devices. The document defines a core baseline of IoT device security features and capabilities needed to protect devices as well as their data and systems.
With tens of billions of IoT devices already deployed, from wearables, to smart homes appliances, to medical devices, to industrial sensors (among many others), the security threats posed by these devices to both their users and their manufacturers have become apparent. As the NIST publication points out, the “combination of connectivity and the ability to sense and/or affect the physical world” makes connected devices particularly complex to secure as well as a particularly attractive target for malicious actors. With their publication of this list, NIST gives device manufacturers concrete protocols to build more secure IoT devices and ecosystems.
Let’s take a look at the six guidelines in more detail.
The NIST IoT device security capability baselines
Capability: Device identification
What it means in practice: This refers to creating a capability during the device manufacturing process so an IoT device can be uniquely identified through both logical (such as a digital certificate) and physical (such as a unique device number) identifiers.
Why it’s needed: Unique device identifiers allow devices to be authenticated, managed, and are necessary to restrict their access to authorized entities only. They also can help network managers identify at-risk or compromised devices and employ countermeasures, such as limiting access, updating software remotely, or revoking network access completely. Fine-grained access control enables security teams to keep organizational ecosystems secure even with many devices having different security grades.
Capability: Device configuration
What it means in practice: The ability to change the configuration of a device’s software after it has been deployed allows device manufacturers, integrators, and end users to upgrade security retroactively and customize functionality for the deployed environment. Configuration changes must be restricted to authorized entities only.
Why it’s needed: For most devices, certain parameters will need to be changed or updated once the device has been installed. Moreover, security flaws are often discovered after the device is in the hands of the consumer. This makes it necessary for device manufacturers to be able to update IoT device security remotely, through the device’s configuration. It is also necessary in cases where the device’s configuration might have become compromised or corrupted in order to restore it to a secure setting.
Capability: Data protection
What it means in practice: To work properly, IoT devices must be able to send, receive, and store data. It is vital for devices to encrypt this data and have robust mechanisms for identifying and restricting access to authorized users through public key infrastructure. Additionally, devices should have the ability to secure cryptographic modules to ensure integrity and confidentiality of the data stored or transmitted through the device. They should also have the ability to destroy data or cryptographic keys in the event the device is compromised.
Why it’s needed: The amount of data IoT devices store and transmit makes them targets for hackers, necessitating strong cryptographic protection to ensure data integrity and confidentiality. It also means that manufacturers are obligated to adhere to strict data protection regulations in whichever jurisdiction their product is sold in.
Capability: Logical access to interfaces
What it means in practice: The NIST recommends that IoT devices should, through their software, have the ability to provide access solely to authorized entities, and should themselves only be able to interface with networks if they possess the correct authentication. They should also be able to, either logically or physically, disable network access that is unnecessary for the proper running of the device.
Why it’s needed: Limiting the possible access points reduces the number of attack vectors available to a hacker. This functionality can also be used as part of a vulnerability management process to reduce the risk of compromised devices gaining access to networks.
Capability: Software update
What it means in practice: This describes the ability of a manufacturer or integrator to remotely or locally update an IoT device’s systems after being deployed. The updating process should also include the device’s capability to verify and authenticate the updates it receives and to restrict updates to authorized entities only.
Why it’s needed: Updates are essential to provide devices with operational or functionality fixes and to patch firmware and software vulnerabilities as they are discovered. An effective, secure update mechanism prolongs the lifespan of the device and allows manufacturers to address pre-existing security issues as well as upgrade security capabilities to comply with new standards.
Capability: Cybersecurity state of awareness
What it means in practice: This refers to a device’s ability to recognize and communicate its own cybersecurity status to authorized entities. The threat indicator should be robust enough to prevent it from being altered or sending false messages to its home servers.
Why it’s needed: For device manufacturers and operators, it is important to have a process to determine if devices are not operating as expected and flag any possible compromise of device security. This helps identify misuse and investigate system breaches. This is especially important as devices are nearly always going to be deployed outside of a manufacturer’s secure environment. The ability to identify when a device is in danger is an essential security tool.
Enabling high-level IoT device security
Different manufacturers and distributors have varying needs and obligations, but the NIST guidelines provide an across-the-board baseline of features to build in strong IoT device security.
Intertrust Seacert makes it easy for manufacturers and integrators to embed cryptographically secure identities that enable their connected devices to comply with NIST’s recommended capabilities.
Learn more about creating secure IoT device identities in this white paper.
Seacert has already been used to secure more than 2 billion devices globally and has specialized in IoT device provisioning for over a decade. We provide device identity provisioning services, managed PKI, and bespoke device security solutions to major international clients across a number of sectors, such as Sony, Samsung, and Mitsubishi.
To find out how Intertrust and Seacert can deliver the level of device security you need reach out to us today.
About Prateek Panda
Prateek Panda is Director of Marketing at Intertrust Technologies and leads global marketing for Intertrust’s application shielding and device identity solutions. His expertise in product marketing and product management stem from his experience as the founder of a cybersecurity company with products in the mobile application security space.