Exclusive: DHS Readies Guidance for Securing Internet of Things

The Department of Homeland Security is readying guidelines for securing the Internet of Things. (Image courtesy of PBS.)
The Department of Homeland Security is readying guidelines for securing the Internet of Things. (Image courtesy of PBS.)

In-brief: The Department of Homeland Security is readying a set of security guidelines for Internet of Things device makers and for consumers that it will soon release, according to a senior official.

The Department of Homeland Security is readying a set of security guidelines for Internet of Things device makers and for consumers that it will soon release, according to a senior official.

DHS, which houses the U.S. Computer Emergency Readiness Team (CERT), as well as the U.S. Secret Service, is assembling a set of strategic principles that it says will help safeguard and secure the Internet of Things by providing high level guidance to industry about how to design and manufacture secure connected devices. For consumers, DHS will lay out guidelines about how to manage the risks posed by Internet connected devices in their homes, cars and businesses.

[Read more Security Ledger coverage of Department of Homeland Security.]

Robert Silvers, the DHS Assistant Secretary for Cyber Policy, will discuss pending guidance from DHS on securing Internet of Things devices.
Robert Silvers, the DHS Assistant Secretary for Cyber Policy, will discuss pending guidance from DHS on securing Internet of Things devices.

“What we’ve come to recognize is that the Internet of Things is a full-blown phenomenon,” said Rob Silvers, the DHS Assistant Secretary for Cyber Policy. “We think everyone. Govt. industries, consumers need to get serious about reasonable security being built into IoT devices. And we need to do it now before we’ve deployed an entire ecosystems,” he said.

Silvers will discuss DHS’s plans on Thursday in Cambridge Massachusetts at The Security of Things Forum, a conference that is focused on security and the Internet of Things. (The Security Ledger is a co-host of the Security of Things Forum.)

Silvers said DHS has been consulting with manufacturers, developers and consumers, as well as other federal agencies about the best way to build, deploy and use Internet of Things devices. In remarks on Thursday, he will outline the challenging security landscape of the Internet of Things and propose DHS’s guidelines as one way to “make real inroads on the security problem.”

“We want Internet of Things devices to be deployed far and wide, but in a secure way,” Silvers said.* “We’re not intending to reinvent the wheel with these principles.” Rather, DHS hopes to identify and elevate common best practices for use across industries.

 

A report by the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) in May found that public faith in the Internet has dimmed in the wake of data breaches, cybersecurity incidents, and reports critical of the privacy practices of online services. The biggest threat came in the form of “negative personal experience,” the report found. In a similar vein, a report from Berkeley’s School of Information and the Hewlett Foundation noted, cybersecurity is on the cusp of “profound psycho-social impact” on human society.

The federal government’s response to security issues engendered by The Internet of Things has varied depending upon the context. The Food and Drug Administration has issued guidance on securing both pre– and post market medical devices from cyber attacks. The Federal Trade Commission, also, has issued guidelines for consumers and manufacturers of Internet of Things devices, warning them to protect sensitive data that is stored on such devices and use a “defense in-depth” approach to securing IoT endpoints.

(*) Correction: an earlier version of this story inaccurately quoted Assistant Secretary Silvers regarding the deployment of Internet of Things devices. The quote has been corrected and the story updated.  – Paul Sept. 19, 2016.