Key Findings from NIST’s Report on Building a Trustworthy IoT Ecosystem
NIST’s Internet of Things (IoT) Advisory Board has recently completed its Report on Barriers to U.S. IoT Adoption. It was delivered to the IoT Federal Working Group for its review and consideration.
From the October 22nd report we learn: “One of the impediments to IoT adoption today is lack of trust in IoT.” The IoT Advisory Board’s report included several major trust-related findings among the 26 total findings about IoT adoption identified in the report:
- Microprocessors and components used in IoT often come from vulnerable global supply chains.
- Privacy concerns and IoT cybersecurity concerns are a significant barrier to widescale adoption.
- Establishing trust in IoT requires a multi-dimensional ecosystem security, including addressing supply chain integrity challenges, insuring that algorithms are explainable, and that produced outcomes are safe, secure, and reliable.
- Additional skilled workers are needed, to develop, integrate, deploy, operate, and maintain IoT devices, systems, and applications.
- Despite its potential, Artificial Intelligence (AI) introduces significant challenges that must be addressed.
Over one hundred recommendations were specified in the report, in six themes as outlined in the diagram below.
Regarding the ‘Establish Trust’ theme, at the center of the diagram, it was pointed out that “…trust is earned and kept when IoT devices and systems remain secure from unauthorized access, data is kept safe and used as intended, algorithms are accurate and explainable, and produced outcomes are safe, consistent, and reliable.”
Karamba XGuard and VCode software solutions address many aspects of this component, so that the device firmware and peripherals will not become tools for criminal activity by malicious actors:
- VCode identifies security vulnerabilities and developer security oversights through the supply chain.
- XGuard automatically adds security controls to the device binaries, as part of the build server, or bolt-on to the device firmware.
- XGuard allow list, and file protection harden the IoT device against malicious actors that try to implement foreign code (i.e. malware) or access privacy and sensitive data. The devices must be designed for resiliency, and be equipped with security controls that assure software integrity and the prevention of dropper, in-memory and other types of attacks.
Karamba tools are applied to both legacy and new architectures, and are integrated transparently to the engineering teams.