Behind the Scenes of the IoT Working Group with Mark Yanalitis

By CSA Staff and Mark Yanalitis

Here at CSA, our working groups are the core of what we do. From researching best practices, to tackling challenges on the horizon, they bring together security professionals from diverse backgrounds and experiences to collaborate on research that will benefit the entire industry.

In this blog we asked Mark Yanalitis to share his reason for joining the CSA Internet of Things Working Group and what his experience has been like. Hopefully if you’re interested in joining a working group this will help give you a better understanding of the work being done.

Mark Yanalitis Shares His Experience

Mark Yanalitis, MS MA CISSP is an independent security researcher, IoT work group member, and former teaching adjunct at Carnegie Mellon University Heinz College of Information Systems and Policy.

The Cloud Security Alliance (CSA) Internet of Things (IoT) work group preceded me. I was a late add. The work group already produced useful and polished works in the areas of IoT control matrix objectives, responses fulfilling National Institutes of Standards (NIST) request for public comment, and recently the distribution of the OWASP Firmware Security Testing Framework. A dedicated cadre of CSA professional backstop work groups, cross-pollinate efforts and manage the humble and essential coordination work. One of the regular challenges of national work groups is not necessarily having volunteer bench strength; it's working in a rapidly expanding data security and information privacy subject area while market adoption and technology uptake have a significant head start.

Many and varied IoT use cases exist for residential consumer, commercial, and industrial applications. Some "wouldn't it be great if" use cases existed but were in a state of dormancy. Industrial IoT (IIoT) embraced sensor-driven manufacturing line management and robotic process automation. The rapid and expansive growth in both mobile and cloud capability resulted in many existing and new IIoT use cases migrating into the commercial and consumer space while spurring the transformation of previously closed proprietary IIoT designs. The resulting rapid expansion of TCPIP and machine learning enabled sensors, assistants, toys, health devices, and home automation capability fundamentally changed threat landscapes, attack surfaces, and disclosure potentials.

The CSA IoT work group is one of several organizational bodies operating in the standards space. ENISA (European Union Agency for CyberSecurity), ESTI (EU Standards organization TC CYBER), IETF/IEEE, Internet Industry Consortium (IIC), NIST, OWASP, and UL (Underwriters Laboratories), represent major information outlets. As a researcher in this area of information security, membership in the CSA IoT work group allows me to make contributions as well as take in the perspectives of professionals who work directly in the IoT and IIoT work space. CSA IoT work group membership affords a low barrier to entry into the center of IoT data security and IoT privacy conversations, and like many other CSA venues and information outlets, CSA work group membership provides a high rate of return.

You can learn more about the IoT Working Group here.