Guide to the technical implementation of IoT security
A new guide helps IoT operators assess their current and targeted security maturity levels.
The new guide "Security Maturity Model (SMM) Practitioner's Guide", developed by experts from Kaspersky Lab together with other members of the Industrial Internet Consortium (IIC), builds on concepts introduced in 2016 as the IIC Industrial Internet Security Framework have been defined. The model is the first of its kind to address the newly established security maturity approach for the Internet of Things, Kaspersky points out. It identifies a security framework for IoT stakeholders based on their security level and assesses the security maturity of an organization's IoT systems based on governance, technology and system management. The SMM guide covers all of these aspects and highlights relevant elements of existing models to recognize existing work on them and avoid duplication, the cybersecurity firm says.
The guidelines were drawn up in consultation with various IoT stakeholders. The reason: In times of digitalization, the security of infrastructure that connects information systems with physical objects is essential for operators of industrial plants, developers of special software, owners of relevant companies and regulatory authorities. The IoT SMM takes into account
therefore, unlike the usual regulatory standards and requirements, the interests and security requirements of all organizations and individuals involved in and managing IoT operations.
Guide contains three case studies
In addition, the guide includes three case studies to help apply the Security Maturity Model. These include:
- an intelligent, data-controlled filling system
- an automotive gateway that supports OTA updates
- Security cameras used in residential areas
"Prioritizing security measures, setting goals, and developing a strategy to make a system 'sufficiently secure' impacts organizations' long-term economic planning," said Kaspersky's Ekaterina Rudina. "A timely approach that fits this includes the use of what is called a 'nudge,' which is the creation of a selected architecture that supports efficient decision-making in the IoT domain. The IoT SMM forms a framework for such a choice architecture. It allows IoT stakeholders to take the first step - and then the second, third, and so on - toward a secure system, whether it's a large industrial manufacturing facility or the manufacturer of a fitness wristband."
The SMM Practitioner's Guide is a companion document to the ,IoT SMM: Description and Intended Use White Paper', which was published back in 2018.
Source: Kaspersky Lab