- Protect consumer privacy and limit exposure of PII and PHI
- Protect business data and limit exposure of sensitive information
- Safeguard against IoT products being used in DDoS attacks or as launching points into the network
- Guard against damage or harm resulting from compromise of cyber-physical systems
Discuss this topic in Circle
Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.View discussion community
Participate in Internet of Things Research
This working group focuses on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations.
Research for Securing the Internet of Things
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Future Proofing the Connected World
An IoT system is only as secure as its weakest link. This document provides actionable and useful guidance for securing the individual products that make up an IoT system - to raise the overall security posture of IoT products. It should be especially useful for organizations that have begun transforming their existing products into IoT-enabled devices. That is, manufacturers that do not have the background and experience to be aware of the myriad ways that bad guys may try to misuse their newly connected equipment. Those in the startup communities will also find this guide useful. Startups in the connected product/system space are challenged with getting their products to market quickly. Finding the right talent to help secure those products early in the development cycle is not an easy task. This document provides a starting point for creating a security strategy to help mitigate at least the most pressing threats to both consumer and business IoT...
CSA IoT Security Controls Framework
The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies. The IoT Security Controls Framework provides utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The Framework also helps users identify appropriate security controls and allocate them to specific components within their IoT system. For instructions on how to use IoT Security Controls Framework spreadsheet, there is a companion guide. The companion guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a colu...
IoT Firmware Update Processes
The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software. However, the Internet of Things (IoT)—with its vast ecosystem of connected devices deployed in many environments—introduces complexities associated with the update process that drives the need for process re-engineering. To answer that call, the Cloud Security Alliance IoT Working Group has compiled key recommendations for establishing a secure and scalable IoT update process. This document provides guidelines that developers and implementers can fully or partially integrate. Suggestions can be adapted and designed for custom firmware update processes that recognize unique constraints, dependencies, and risks associated with produ...