Internet of Things Working Group
Introduction to the Internet of Things Working Group
ITU-T Y.2060 defines the IoT as a “global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies.” ITU-T Y.2060 also defines a device in the context of the IoT, as a “piece of equipment with the mandatory capabilities of communication and the optional capabilities of sensing, actuation, data capture, data storage and data processing.”
Although within this definition of the IoT there is a significant focus on the edge devices, services offered by or through the cloud play just as important a role in the successful implementation of IoT capabilities. These services include data collection, brokerage and storage, data analytics, inventory management, sensor management, visualization services and monitoring, as well as device relationship management. Additional cloud services will continue to sprout up as new ways of taking advantage of the IoT are thought through and autonomous relationships are built between today’s web services and IoT device middleware.
These complex systems require security controls be considered at each stage in their life-cycle and require that the supply chain of components that make up an IoT implementation are all designed and developed using security best practices. The Cloud Security Alliance IoT Working Group focuses on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations.
Scope and Responsibilities
The working group is chartered to research the following areas:
- Analysis of IoT implementation use cases in various industries
- Best practices for securing IoT implementations
- Mapping of IoT security controls to the Cloud Controls Matrix (CCM)
- Identifying threats to IoT devices and implementations
- Identifying gaps in standards coverage for IoT security
- Identifying gaps in technology solutions for IoT security
- Research into new methods for securing the IoT
- Coordination with other CSA Working Groups and with external security organizations to de-conflict and jointly define cyber security controls for the IoT
- Securing cloud infrastructure and services that support the IoT
- Securing edge devices to remove the threat of follow-on compromise to the enterprise
- Solutions for auditing, identity and access management, authentication, inventory management, privacy and risk management of the IoT
- 24 July – Cheat Sheet: Identity and Access Management for IoT Devices
- 14 August – Checklist for Secure IoT Device Development
- 28 August
- Analysis of Hardware Security Options for the IoT
- Cheat Sheet: Auditing the IoT
- 18 September – Security Guideance for Smart Retail: SMART Retail include new services such as proximity advertising, smart fitting rooms/mirrors, intelligent vending machines, automated check-out, inventory management, etc.
- 2 October – IoT Security Guidance Inputs for the Cloud Control Matrix (CCM)
- 19 October – Security Guidance for Smart Cities: SMART CITIES include next generation services that support connected living. Use cases include intelligent parking, pollution monitoring, efficient public transport (e.g., light priority), efficient lighting, etc).
- 16 November – Security Guidance for Smart Health: SMART Health includes tele-medicine/ tele-surgery, implantable medical devices, smart bedsides, intelligent pill caps, remote and continuous monitoring, and many more capabilities that will enhance patient health.
Internet of Things Working Group Leadership
Internet of Things Co-chairs
Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos (www.leidos.com). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of high assurance cryptographic key management systems. Brian is the Chair of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group and serves on the Editorial Panel of the Center for Internet Security (CIS) 20 Critical Security Controls for Effective Cyber Defense. Brian also supports the Federal Communications Commission (FCC) Cyber Security Working Group and is a contributor to the Securing Smart Cities Initiative. Twitter: pbjason9
Internet of Things Working Group Initiatives
Open Peer Reviews
|Initiative Details||Date Opened|
The IoT Working Group research explores use cases on the applicability of
|March 13, 2017||Contribute now|
There are no working drafts at this time.
Thanks for your interest!
Your request to join Internet of Things has been recorded. Someone will be in touch with you soon with more instructions.
Internet of Things Working Group News
November 03, 2016
OCTOBER 28, 2016 via RESEARCHandMARKETS, The World’s Largest Market Research Store Last week’s DDoS attack was the largest of its kind in history, and shows how easy Internet of Things devices can be compromised and used to conduct massive cyber-attacks. The attack has caused serious concern among the technology community regarding the level of security…
November 18, 2015
Securing Smart Cities, the not-for-profit global initiative addressing the cyber security challenges of smart cities, today released guidelines jointly developed by Securing Smart Cities and the Cloud Security Alliance (CSA) for the adoption of smart city technology. The guide provides organizations with an overview of the key elements needed in order to implement the best…
October 27, 2015
Within the CSA Internet of Things (IoT) Working Group, we are researching various topics related to securing IoT implementations within an enterprise. One of the more interesting aspects to consider on this subject is the role that consumer IoT devices play in regards to enterprise security. Read blog post
September 30, 2015
Cloud Security Alliance Releases New Guidance for Identity and Access Management for the Internet of Things
Internet of Things (IOT) Working Group Provides Easily Understandable Recommendations for Securely Implementing and Deploying IoT Solutions Las Vegas, NV – CSA Congress 2016 — Sept 30, 2015 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment,…
April 20, 2015
Cross-Industry Guidance Highlights Key Challenges and Recommended IoT Security Controls. These controls have been tailored to IoT-specific characteristics to allow early adopters to mitigate many of the risks associated with this new technology. San Francisco, CA – April 20, 2015 – The Cloud Security Alliance (CSA) today unveiled a new guidance report titled, New Security Guidance for Early…
April 09, 2015
Hot Legal Issues in the Cloud to Take Center Stage at Cloud Security Alliance Legal Information Seminar at RSA Conference 2015
Representatives from California Department of Justice, Federal Trade Commission, IT Law Group, and MUFG Union Bank to Emphasize “An Ounce of Preparation is Better than a Pound of Damage Control” San Francisco, CA (RSA Conference 2015) – April 8, 2015 – The Cloud Security Alliance (CSA) today announced the speaker line up and agenda for its upcoming…
March 24, 2015
The Cloud Security Alliance would like to invite you to review and comment on the Security Guidance for Early Adopters of the Internet of Things (IoT). This guidance discusses some of the challenges associated with the adoption of the IoT and concludes with a set of recommendations that can be followed by early business adopters…
Internet of Things Working Group Downloads
Release Date: April 05, 2016