Working Group

Internet of Things

Join Group
Internet of Things

Introduction

IoT devices represent a wide variety of non-traditional devices that are increasingly implemented in organizations due to the numerous benefits. These unique devices often pose a security challenge due to the limited size and lack of innate security making them difficult to secure with traditional security controls and methodologies. It is a combination of these factors that has rendered many devices vulnerable to attacks like the Mirai botnet. The IoT Working Group's mission is dedicated to understanding relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their IoT ecosystem. This includes outlining best practices for securing IoT implementations, identifying gaps in standards coverage for IoT security, and identifying threats to IoT devices and implementations.

Artifacts

Managing the Risk for Medical Devices Connected to the Cloud
Managing the Risk for Medical Devices Connected to the Cloud

With the increased number of Internet of Things devices, Healthcare Delivery Organizations are experiencing a digital transformation bigger t...

Guide to IoT Framework: Chinese Translation
Guide to IoT Framework: Chinese Translation

The Guide to the IoT Security Controls Framework provides instructions for using the companion CSA IoT Security Controls Framework spreadshee...

IoT Controls Framework: Chinese Translation
IoT Controls Framework: Chinese Translation
CSA IoT Security Controls Framework
CSA IoT Security Controls Framework

The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to mitigate many of the risks a...

CSA Guide to the IoT Security Controls Framework
CSA Guide to the IoT Security Controls Framework

The Guide to the IoT Security Controls Framework provides instructions for using the companion CSA IoT Security Controls Framework spreadshee...

Future Proofing the Connected World - Korean Translation
Future Proofing the Connected World - Korean Translation
IoT Firmware Update Processes
IoT Firmware Update Processes

The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually ...

OWASP Secure Medical Devices Deployment Standard
OWASP Secure Medical Devices Deployment Standard

With the explosion of botnets and other malware that now target IoT devices (of which medical devices can be considered a subtype) the need ...

Using BlockChain Technology to Secure the Internet of Things - Chinese Translation
Using BlockChain Technology to Secure the Internet of Things - Chinese Translation

在过去的四年中,技术专家、首席数字官、营销经理、记者、博客作者和研究机构讨论 并 推广了一种新的分布式模型,将区块链技术应用于安全事务处理和存储。国际数据公司 IDC FutureScape 预测,到 2020 年,全球 20%的贸易融资将纳入区块链。

Using Blockchain Technology to Secure the Internet of Things
Using Blockchain Technology to Secure the Internet of Things

Description: In the last four years, technical experts, chief digital officers, marketing managers, journalists, bloggers and research instit...

Security Guidance for Early Adopters of the Internet of Things - Chinese Translation
Security Guidance for Early Adopters of the Internet of Things - Chinese Translation
Observations and Recommendations on Connected Vehicle Security
Observations and Recommendations on Connected Vehicle Security

The introduction of Connected Vehicles (CVs) has been discussed for many years. Pilot implementations currently underway are evaluating CV op...

Establishing a Safe and Secure Municipal Drone Program
Establishing a Safe and Secure Municipal Drone Program

This paper provides guidance on the safe and secure introduction and operation of a municipal “drone” program. This paper will try to analyz...

Future Proofing the Connected World
Future Proofing the Connected World

An IoT system is only as secure as its weakest link, this document is our attempt at providing actionable and useful guidance for securing t...

Identity and Access Management for the Internet of Things - Japanese Translation
Identity and Access Management for the Internet of Things - Japanese Translation
Guidelines for Safe Smart Cities
Guidelines for Safe Smart Cities

Interest in the smart city concept has grown continuously over the past few years, with the top research being done in the Internet of Things...

Identity and Access Management for the Internet of Things
Identity and Access Management for the Internet of Things

This document is the first in a series of summary guidance aimed at providing easily understandable recommendations to information technology...

New Security Guidance for Early Adopters of the IoT
New Security Guidance for Early Adopters of the IoT

This document provides guidance for the secure implementation of Internet of Things (IoT)-based systems. We have provided the guidance in thi...

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Leadership

​Aaron Guzman Headshot

Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. He is co-author of the “IoT Penetration Testing Cookbook” and a technical editor for ...

 
​Aaron Guzman
 
Brian Russell Headshot

Brian Russell is co-author of the book “Practical Internet of ThingsSecurity” and is a Chief Engineer focused on Cyber Security Solutions forLeidos (www.leidos.com). He oversees the design and deve...

 
Brian Russell