Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.


New NIST Report on Consideration for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

July 3rd, 2019 / in Announcements, policy, resources, workshop reports / by Helen Wright

I recently linked my child’s smart robot toy to the Internet. Did I feel a little strange about it? Yes. But was giving the robot the ability to play “Baby Shark” and dance to it while making my child laugh, worth it the risk? Yes, I thought, until I saw this…

Recently, the National Institute of Standards and Technology (NIST) released an informational report called Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTIR 8228). This is the first in a planned series of documents NIST is developing to help IoT users protect themselves, their data and their networks from potential compromise. Developed by the NIST Cybersecurity for IoT Program over more than two years of workshop discussions and interaction with the public, NISTIR 8228 is primarily aimed at federal agencies and other big organizations that are incorporating IoT devices into their workplace — organizations that may already be thinking about cybersecurity on a large-scale, enterprise level.

The report recommends the following for addressing cybersecurity and privacy risk mitigation challenges for IoT Devices.

  • Understand the IoT device risk considerations and the challenges they may cause to mitigating cybersecurity and privacy risks for IoT devices in the appropriate risk mitigation areas.
  • Adjust organizational policies and processes to address the cybersecurity and privacy risk mitigation challenges throughout the IoT device lifecycle.
  • Implement updated mitigation practices for the organization’s IoT devices as you would any other changes to practices.

The Computing Community Consortium (CCC) has also done a lot of work in the IoT space including publishing three white papers on Safety, Security, and Privacy Threats Posed by Accelerating Trends in the Internet of Things, System Computing Challenges in the Internet of Things, and Smart Communities Internet of Things.

While the purpose of this NIST publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their individual IoT devices, it is also a helpful reminder to individuals like myself. This publication is the introductory document providing the foundation for a planned series of publications on more specific aspects of this topic. See more here.

New NIST Report on Consideration for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

Comments are closed.