This is the second part in a two-part series highlighting IoT security issues and how the OCF addresses them. This blog will cover the suggested security capabilities laid out by NIST that the OCF specification includes and will continue to build upon, ensuring a secure, interoperable IoT around the world.
During the Open Connectivity Foundation (OCF) face-to-face meeting this summer in New Orleans, Louisiana, Michael Fagan, a cybersecurity specialist from the National Institute of Standards and Technology (NIST), spoke to OCF members about NIST’s ongoing work to improve the security of Internet of Things (IoT), including the development of a core set of security capabilities applicable to all IoT devices. NIST’s mission includes promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
To help drive increased IoT security, NIST develops guidance for industry and the public sector in the form of reports and other publications and through its National Cybersecurity Center of Excellence (NCCoE), which leverages a collaborative model to develop practical solutions to pressing cybersecurity issues. In particular, NIST is currently developing a report (“Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers,” NISTIR 8259 (Draft)) that provides guidance to manufactures on the core set of security capabilities that should be included in all devices. These capabilities range from logical and physical device identification to the ability for IoT devices’ software and firmware to be updated via a secure, controlled, and configurable mechanism.
So how is the OCF going to implement these capabilities? We already have. Of the six core IoT baseline capabilities identified in the draft NIST report, OCF currently supports five, with plans to cover the remaining one in the near future. These capabilities include: