Standardising a Moving Target: The Development and Evolution of IoT Security Standards

• Published in: IET Conference Proceedings
• Main Authors: Brass, I, Tanczer, L, Carr, M, Elsden, M, Blackstock, J
• Format: Conference Proceeding
• Language: English
• Published: Stevenage The Institution of Engineering & Technology 28.03.2018
• Subjects: Cybersecurity; Evolution; Internet of Things; Moving targets; Security management
• ISBN: 1785618431; 9781785618437
• DOI: 10.1049/cp.2018.0024

The standards landscape for IoT security is currently developing in a fragmented manner. This paper provides a review of the main IoT security standards and guidelines that have been developed by formal standardisation organisations and transnational industry associations and interest alliances to date. The review makes three main contributions to the study of current IoT standards-development processes. First, governments and regulatory agencies in the EU and the US are increasingly considering the promotion of baseline IoT security requirements, achieved through public procurement obligations and cybersecurity certification schemes. Second, the analysis reveals that the IoT security standards landscape is dominated by de facto standards initiated by a diverse range of industry associations across the IoT ecosystem. Third, the paper identifies a number of key challenges for IoT security standardisation, most notably: a) the difficulty of setting a baseline for IoT security across all IoT applications and domains; and b) the difficulty of monitoring the adoption, implementation and effectiveness of IoT security standards and best practices. The paper consequently contributes to a better understanding of the evolution of IoT security standards and proposes a more coherent standards development and deployment approach.