Circle
Events
Blog

Internet of Things

Latest ResearchJoin Group
CSA IoT Security Controls Framework v2
CSA IoT Security Controls Framework v2

Download

Join this working group
Internet of Things
Internet of Things (IoT) devices represent a wide variety of non-traditional devices such as medical devices, cars, drones, simple sensors and more. These unique devices often pose a security challenge due to the limited size and lack of innate security making them difficult to secure with traditional security controls and methodologies. It is a combination of these factors that has rendered many devices vulnerable to attacks like the Mirai botnet. 

Security risks of IoT
The Internet of Things is already beginning to transform consumer, business and industrial processes and practices. Some of the high level needs for IoT product security include the need to: 

  • Protect consumer privacy and limit exposure of PII and PHI
  • Protect business data and limit exposure of sensitive information
  • Safeguard against IoT products being used in DDoS attacks or as launching points into the network
  • Guard against damage or harm resulting from compromise of cyber-physical systems

What is CSA doing to help secure IoT?
The IoT Working Group's mission is dedicated to understanding relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their IoT ecosystem. This includes outlining best practices for securing IoT implementations, identifying gaps in standards coverage for IoT security, and identifying threats to IoT devices and implementations.

Other organizations working with CSA to secure IoT.
CSA is working to secure IoT in collaboration with OWASP, Securing Smart Cities, UL, IoT Security Foundation, the Industrial IoT Consortium, U.S. Federal Communications Commission (FCC) and Samsung Robotic Laboratories. 

Internet of Things

This working group focuses on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations.

Next Meeting

Dec 09, 2021, 10:00AM PST
Join the Meeting



Working Group Leadership

​Aaron Guzman Headshot
​Aaron Guzman
​Aaron Guzman

Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. He is co-author of the “IoT Penetration Testing Cookbook” and a technical editor for the "Practical Internet of Things Security” Packt Publishing books. Aaron is co-chair of CSA’s IoT working group as well as a leader for OWASP’s IoT and Embedded Application Security projects; providing practical guidance to address the most commo...

Read more

Brian Russell Headshot
Brian Russell
Brian Russell

Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos (www.leidos.com). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of hig...

Read more

Join this working group

Research for Securing the Internet of Things

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Future Proofing the Connected World

Future Proofing the Connected World

An IoT system is only as secure as its weakest link. This document provides actionable and useful guidance for securing the individual products that make up an IoT system - to raise the overall security posture of IoT products. It should be especially useful for organizations that have begun transforming their existing products into IoT-enabled devices. That is, manufacturers that do not have the background and experience to be aware of the myriad ways that bad guys may try to misuse their newly connected equipment. Those in the startup communities will also find this guide useful. Startups in the connected product/system space are challenged with getting their products to market quickly. Finding the right talent to help secure those products early in the development cycle is not an easy task. This document provides a starting point for creating a security strategy to help mitigate at least the most pressing threats to both consumer and business IoT prod...

CSA IoT Security Controls Framework v2

CSA IoT Security Controls Framework v2

The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies. The IoT Security Controls Framework provides utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The Framework also helps users identify appropriate security controls and allocate them to specific components within their IoT system. For instructions on how to use IoT Security Controls Framework spreadsheet, there is a companion guide. The companion guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by...

IoT Firmware Update Processes

IoT Firmware Update Processes

The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software. However, the Internet of Things (IoT)—with its vast ecosystem of connected devices deployed in many environments—introduces complexities associated with the update process that drives the need for process re-engineering. To answer that call, the Cloud Security Alliance IoT Working Group has compiled key recommendations for establishing a secure and scalable IoT update process. This document provides guidelines that developers and implementers can fully or partially integrate. Suggestions can be adapted and designed for custom firmware update processes that recognize unique constraints, dependencies, and risks associated with products a...

Blog Posts

Why Is Cybersecurity Critical in Protecting Infrastructure?
Taking a Practical Timely Opportunity to Evaluate the Security of Your Cloud Video Surveillance Solution
Behind the Scenes of the IoT Working Group with Mark Yanalitis