The recent release of the National Institute of Standards and Technology’s (NIST) Recommendations for IoT Devices Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline marks a key milestone for organizations seeking policy solutions for the increasingly connected world powered by the continuous rise of emerging technologies such as Internet of Things. The recommendations and baseline help enhance cybersecurity for all new IoT devices. The fact that a large portion of the IoT market is comprised of low or medium complexity devices makes it more important that we seek to identify a baseline that is applicable across all IoT devices and that is recognized globally. A consensus baseline, grounded in international standards with broad support across industry, will help enable interoperable IoT security policies worldwide.
In comments submitted to NIST in February, ITI commended NIST’s collaborative effort by partnering with industry and facilitating international harmonization, and also offered suggestions to separate foundational activity and core baseline to reflect its weigh and consensus. We are pleased to see these items included in the final publication. We continue to encourage NIST and others in the U.S. government to work with industry across sectors on identifying consensus IoT security solutions and advancing work on Administration’s Botnet Roadmap. In March 2019, ITI also joined 20 other industry groups and technology organizations to develop global, industry-driven consensus on IoT security baselines convened by the Council to Secure the Digital Economy (CSDE). To ensure global interoperability, we continue to support efforts to drive globally harmonized solutions through open, consensus-driven international standards.
Earlier this year, ITI released new IoT Security Policy Principles. These principles outline guidance for policymakers to secure the entire IoT ecosystem and bolster resilience in the face of malicious actors, while also providing the benefits and conveniences that consumers demand. The policy principles were developed in collaboration with ITI member companies, which represent the full spectrum of the tech industry including hardware and networking equipment manufacturers, software developers, cybersecurity and internet companies, and other global leaders from across the sector.