The National Institute of Standards and Technology (NIST) recently released guidance for the makers of devices that use or are connected to the Internet to build robust security measures into the design of products from the get-go.
The Guidance—NIST Special Publication 800-160, is the culmination of four years of research, and focuses on the engineering functions that need to be addressed during the design of products connected to the Internet of Things (IoT). The security measures that are included in the design should assist the devices to combat an attack, and to recover quickly from attacks and incidents.
According to NIST “While practicing good cyber hygiene is certainly necessary, it’s not enough.” The guidance provides security engineering professionals with technical standards and principles in the design of products and can be viewed as “a catalog or handbook for achieving the identified security outcomes of a system engineering perspective on system life cycle processes.” It is designed to assist engineers in looking at the development of products that use the IoT in a holistic way.