In the final release of the IoT Device Cybersecurity Capability Core Baseline, NIST has identified OCF as an example reference for each of the six core cybersecurity baseline capabilities. This is a reflection of OCF’s continued commitment to developing and driving secure interoperability for IoT devices through not only an open interface specification, but also with IoTivity, the open source implementation, and certification and developer programs. Critically, OCF has incorporated the needed and expected cybersecurity capabilities as articulated and recognized by government agencies into its specification and open source implementation. This is made evident in NIST’s inclusion of OCF as an example reference to help IoT manufacturers develop a deeper understanding of each of the following core capabilities:
Open Connectivity Foundation continues to address the need for a secure IoT environment with its “secure-by-design” approach, security specification and ongoing collaboration with government and cybersecurity organizations. In addition to these tactics, OCF experts actively contribute their security knowledge and insights to the greater IoT community to further promote OCF’s vision for a safeguarded, reliable IoT ecosystem.
Below, we have highlighted a few security-focused resources developed by OCF experts that give end users and other IoT enthusiasts an in-depth look into OCF technology and how it can be used to optimize the IoT:
Recently, Clarion Energy’s publication, Smart Energy International featured an article by Open Connectivity Foundation™ (OCF) members, Wouter van der Beek, Technical Leader at Cisco Systems, Bruno Johnson, CEO at Cascoda. The article, titled “Digital Transformation Using OCF Core Framework,” discusses the importance of a multidisciplinary approach when considering Internet of Things (IoT) implementation.
In order for the IoT to have seamless communication, an advanced model of IP connectivity should be used. To achieve seamless communication in this way, there are six primary points for wholistic IoT execution, including:
- An understanding that IoT security is systemic
- An awareness that interoperability is critical
- A systematic approach to testing
- A thorough cost/benefit analysis
- Comprehensive documentation
- An understanding of performance benefits
The IP-BLiS liaison parties, through collaboration and cooperation, will educate and influence the market regarding application framework standards over IP for commercial building connectivity through marketing and communications.
To make commercial buildings more responsive to the needs of users by promoting a secure, multi-standard, IP-based harmonized IoT solution.
IP-Building and Lighting Standards (IP-BLiS) is a multi-party liaison between existing standardization organizations who are working together to promote the move to a secure IP infrastructure.
The participating organizations recognize that there are challenges in current building management systems. Building technologies are siloed meaning that for the different domains such as building access, energy, lighting, etc. different and proprietary technologies are used. There is currently no technology that fulfils all use cases needed to automate a commercial building. With the siloed technologies, the industry can’t create the synergy that is needed.
An approach to remove these barriers and provide truly smart buildings is to converge lighting control and building management systems with IT networks into a secure all-IP-based configuration. With this convergence comes true IP networking making data of the various building automation application protocols accessible via an IP address (instead of an application protocol specific address). The move to IP eliminates the need for hardware-based gateways and enables gateways between the systems to be pure software solutions since all devices communicate over a secure IP connection. This convergence also means that different physical IP layers can be used leading to seamless integration of wired and wireless connectivity options to reduce installation costs.
As new IoT security reports reveal staggering data points, it is becoming essential that the IoT community bands together to improve upon the security of IoT devices. Palo Alto Networks’ global threat intelligence team, Unit 42, recently published its 2020 Unit 42 IoT Threat Report. This report analyzed 1.2 million IoT devices to evaluate the full scope of the current IoT threat landscape, discovering that 98 percent of all IoT device traffic is unencrypted and 57 percent of IoT devices are vulnerable to medium or high-severity attacks. While these numbers may seem unnerving, there remains potential for proper widespread IoT security strategy and implementation.
At first glance, IoT security may seem daunting, however, it is possible to properly secure devices with the right protocols and cybersecurity measures in place. Any IoT security solution must be wholistic in its approach, and company IoT deployments must plan to implement security measures across multiple layers that include hardware, network and software security. Open Connectivity Foundation’s focus on the software application layer is a crucial first step in the IoT design process.