The U.S. National Institute of Standards and Technology (NIST) released a report – produced by the Interagency International Cybersecurity Standardization Working Group (IICS WG) – which examines what needs to happen next for the development of the Internet of Things.
Five major areas are covered which are considered to have the most potential to incorporate IoT:
- connected vehicles;
- consumer IoT;
- healthcare IoT;
- smart buildings; and,
- smart manufacturing.
One primary conclusion in the new NIST report is that all of the IoT components being created today are interacting with the physical world, and that is opening up new privacy concerns. As these components acquire data storage, networking, processing or sensing capabilities, they pose a potential risk for user privacy and confidentiality. As a result, agreement on guidelines and related tools is paramount. An example of potential privacy risks would be in the area of healthcare IoT. Connected medical devices offer caregivers the opportunity to collect medical data on patients 24/7. But what would happen if that medical data is exposed to other parties, such as employers, insurance companies, and government regulatory bodies? The confidentiality between patient and doctor would be seriously compromised.
NIST states that it hopes the report will inform and enable managers, policymakers, and Standards Developing Organizations as they seek to develop a cybersecurity framework focused on security and resiliency. Although the benefits of IoT are significant, the draft report acknowledges that “the timely availability of international cybersecurity standards is a dynamic and critical component for the cybersecurity and resilience of all information and communications systems and supporting infrastructures.” Failing to establish effective standards could have significant consequences on current products and on how future products are developed.