Internet of Things Working Group

Fill out the form below to view this webinar!

Introduction to the Internet of Things Working Group

ITU-T Y.2060 defines the IoT as a “global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies.” ITU-T Y.2060 also defines a device in the context of the IoT, as a “piece of equipment with the mandatory capabilities of communication and the optional capabilities of sensing, actuation, data capture, data storage and data processing.”

Although within this definition of the IoT there is a significant focus on the edge devices, services offered by or through the cloud play just as important a role in the successful implementation of IoT capabilities. These services include data collection, brokerage and storage, data analytics, inventory management, sensor management, visualization services and monitoring, as well as device relationship management. Additional cloud services will continue to sprout up as new ways of taking advantage of the IoT are thought through and autonomous relationships are built between today’s web services and IoT device middleware.

These complex systems require security controls be considered at each stage in their life-cycle and require that the supply chain of components that make up an IoT implementation are all designed and developed using security best practices. The Cloud Security Alliance IoT Working Group focuses on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations.

Download the Internet of Things Working Group Charter


Scope and Responsibilities

The working group is chartered to research the following areas:

  • Analysis of IoT implementation use cases in various industries
  • Best practices for securing IoT implementations
  • Mapping of IoT security controls to the Cloud Controls Matrix (CCM)
  • Identifying threats to IoT devices and implementations
  • Identifying gaps in standards coverage for IoT security
  • Identifying gaps in technology solutions for IoT security
  • Research into new methods for securing the IoT
  • Coordination with other CSA Working Groups and with external security organizations to de-conflict and jointly define cyber security controls for the IoT
  • Securing cloud infrastructure and services that support the IoT
  • Securing edge devices to remove the threat of follow-on compromise to the enterprise
  • Solutions for auditing, identity and access management, authentication, inventory management, privacy and risk management of the IoT


  • 24 July – Cheat Sheet: Identity and Access Management for IoT Devices
  • 14 August – Checklist for Secure IoT Device Development
  • 28 August
    • Analysis of Hardware Security Options for the IoT
    • Cheat Sheet: Auditing the IoT
  • 18 September – Security Guideance for Smart Retail: SMART Retail include new services such as proximity advertising, smart fitting rooms/mirrors, intelligent vending machines, automated check-out, inventory management, etc.
  • 2 October – IoT Security Guidance Inputs for the Cloud Control Matrix (CCM)
  • 19 October – Security Guidance for Smart Cities: SMART CITIES include next generation services that support connected living. Use cases include intelligent parking, pollution monitoring, efficient public transport (e.g., light priority), efficient lighting, etc).
  • 16 November – Security Guidance for Smart Health: SMART Health includes tele-medicine/ tele-surgery, implantable medical devices, smart bedsides, intelligent pill caps, remote and continuous monitoring, and many more capabilities that will enhance patient health.

Internet of Things Working Group Leadership

Internet of Things Co-chairs

Brian Russell

Brian Russell

Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos ( He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of high assurance cryptographic key management systems. Brian is the Chair of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group and serves on the Editorial Panel of the Center for Internet Security (CIS) 20 Critical Security Controls for Effective Cyber Defense. Brian also supports the Federal Communications Commission (FCC) Cyber Security Working Group and is a contributor to the Securing Smart Cities Initiative. Twitter: pbjason9

Internet of Things Working Group Initiatives

Please contact Internet of Things Working Group Leadership for more information.

Want to contribute to the Internet of Things Working Group?

Fill out the form below to join today!


Indicates a required field.

If you experience trouble using this form, please submit the information here.

Thanks for your interest!

Your request to join Internet of Things has been recorded. Someone will be in touch with you soon with more instructions.

Internet of Things Working Group News

May 25, 2017

Cloud Security Alliance Releases New Guidance for Connected Vehicle Security

New Report from Internet of Things (IoT) Working Group Identifies Vehicle Attack Vectors and Impacts, Provides Recommendations for Securing the Connected Vehicle Environment SEATTLE, WA – May 25, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing…

November 03, 2016


OCTOBER 28, 2016 via RESEARCHandMARKETS, The World’s Largest Market Research Store Last week’s DDoS attack was the largest of its kind in history, and shows how easy Internet of Things devices can be compromised and used to conduct massive cyber-attacks. The attack has caused serious concern among the technology community regarding the level of security…

November 18, 2015

Securing Smart Cities Issues Guidelines for Smart City Technology Adoption

Securing Smart Cities, the not-for-profit global initiative addressing the cyber security challenges of smart cities, today released guidelines jointly developed by Securing Smart Cities and the Cloud Security Alliance (CSA) for the adoption of smart city technology. The guide provides organizations with an overview of the key elements needed in order to implement the best…

October 27, 2015

Consumer IoT Security Impacts

Within the CSA Internet of Things (IoT) Working Group, we are researching various topics related to securing IoT implementations within an enterprise. One of the more interesting aspects to consider on this subject is the role that consumer IoT devices play in regards to enterprise security. Read blog post

September 30, 2015

Cloud Security Alliance Releases New Guidance for Identity and Access Management for the Internet of Things

Internet of Things (IOT) Working Group Provides Easily Understandable Recommendations for Securely Implementing and Deploying IoT Solutions Las Vegas, NV – CSA Congress 2016 — Sept 30, 2015 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment,…

April 20, 2015

CSA Launches New Security Guidance for Early Adopters of the IoT

Cross-Industry Guidance Highlights Key Challenges and Recommended IoT Security Controls. These controls have been tailored to IoT-specific characteristics to allow early adopters to mitigate many of the risks associated with this new technology. San Francisco, CA – April 20, 2015 – The Cloud Security Alliance (CSA) today unveiled a new guidance report titled, New Security Guidance for Early…

April 09, 2015

Hot Legal Issues in the Cloud to Take Center Stage at Cloud Security Alliance Legal Information Seminar at RSA Conference 2015

Representatives from California Department of Justice, Federal Trade Commission, IT Law Group, and MUFG Union Bank to Emphasize “An Ounce of Preparation is Better than a Pound of Damage Control” San Francisco, CA (RSA Conference 2015) – April 8, 2015  – The Cloud Security Alliance (CSA) today announced the speaker line up and agenda for its upcoming…

March 24, 2015

OPEN PEER REVIEW: Security Guidance for Early Adopters of IoT

The Cloud Security Alliance would like to invite you to review and comment on the Security Guidance for Early Adopters of the Internet of Things (IoT). This guidance discusses some of the challenges associated with the adoption of the IoT and concludes with a set of recommendations that can be followed by early business adopters…

Internet of Things Working Group Downloads

Observations and Recommendations on Connected Vehicle Security

The introduction of Connected Vehicles (CVs) has been discussed for many years. Pilot implementations currently underway are evaluating CV operations in realistic municipal environments. CVs are beginning to operate in complex environments composed of both legacy and modernized traffic infrastructure. Security systems, tools and guidance are needed to aid in protecting CVs and the supporting…

Release Date: May 25, 2017

Future Proofing the Connected World

Release Date: October 07, 2016