Working Group

Internet of Things

Join Group
Internet of Things

Introduction

IoT devices represent a wide variety of non-traditional devices that are increasingly implemented in organizations due to the numerous benefits. These unique devices often pose a security challenge due to the limited size and lack of innate security making them difficult to secure with traditional security controls and methodologies. It is a combination of these factors that has rendered many devices vulnerable to attacks like the Mirai botnet. The IoT Working Group's mission is dedicated to understanding relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their IoT ecosystem. This includes outlining best practices for securing IoT implementations, identifying gaps in standards coverage for IoT security, and identifying threats to IoT devices and implementations.

Artifacts

Managing the Risk for Medical Devices Connected to the Cloud
Managing the Risk for Medical Devices Connected to the Cloud

With the increased number of

Guide to IoT Framework: Chinese Translation
Guide to IoT Framework: Chinese Translation

This localized version of this publication was produced from the

IoT Controls Framework: Chinese Translation
IoT Controls Framework: Chinese Translation

This localized version of this publication was produced from the

CSA IoT Security Controls Framework
CSA IoT Security Controls Framework

The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to...

CSA Guide to the IoT Security Controls Framework
CSA Guide to the IoT Security Controls Framework

The Guide to the IoT Security Controls Framework provides instructions for using the companion

Future Proofing the Connected World - Korean Translation
Future Proofing the Connected World - Korean Translation

This localized version of this publication was produced from the

IoT Firmware Update Processes
IoT Firmware Update Processes

The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually ...

OWASP Secure Medical Devices Deployment Standard
OWASP Secure Medical Devices Deployment Standard

Many medical devices were engineered with patient safety as the sole functions of the device and traditionally l...

Using BlockChain Technology to Secure the Internet of Things - Chinese Translation
Using BlockChain Technology to Secure the Internet of Things - Chinese Translation

This localized version of this publication was produced from the

Using Blockchain Technology to Secure the Internet of Things
Using Blockchain Technology to Secure the Internet of Things

This paper describes a high-level overview of blockchain technology and outlines a set of architectural patterns...

Security Guidance for Early Adopters of the Internet of Things - Chinese Translation
Security Guidance for Early Adopters of the Internet of Things - Chinese Translation

This localized version of this publication was produced from the

Observations and Recommendations on Connected Vehicle Security
Observations and Recommendations on Connected Vehicle Security

The introduction of Connected Vehicles (CVs) has been discussed for many years. Pilot implementations currently underway are evaluating CV op...

Establishing a Safe and Secure Municipal Drone Program
Establishing a Safe and Secure Municipal Drone Program

This paper provides guidance on the safe and secure introduction and operation of a municipal “drone” program. This paper will try to analyz...

Future Proofing the Connected World
Future Proofing the Connected World

An IoT system is only as secure as its weakest link, this document is our attempt at providing actionable and useful guidance for securing t...

Identity and Access Management for the Internet of Things - Japanese Translation
Identity and Access Management for the Internet of Things - Japanese Translation

This localized version of this publication was produced from the

Guidelines for Safe Smart Cities
Guidelines for Safe Smart Cities

Interest in the smart city concept has grown continuously over the past few years, with the top research being done in the Internet of Things...

Identity and Access Management for the Internet of Things
Identity and Access Management for the Internet of Things

This document is the first in a series of summary guidance aimed at providing easily understandable recommendations to information technology...

New Security Guidance for Early Adopters of the IoT
New Security Guidance for Early Adopters of the IoT

This document provides guidance for the secure implementation of Internet of Things (IoT)-based systems. We have provided the guidance in thi...

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Leadership

​Aaron Guzman Headshot

Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. He is co-author of the “IoT Penetration Testing Cookbook” and a technical editor for ...

 
​Aaron Guzman
 
Brian Russell Headshot

Brian Russell is co-author of the book “Practical Internet of ThingsSecurity” and is a Chief Engineer focused on Cyber Security Solutions forLeidos (www.leidos.com). He oversees the design and deve...

 
Brian Russell