The National Cybersecurity Strategy 2023 was released by the White House on March 2nd and is a comprehensive plan to safeguard the nation’s critical infrastructure and citizens from cyber threats. With the exponential growth of the Internet of Things (IoT), the strategy recognizes the urgent need to address IoT cybersecurity concerns.

The IoT Security Foundation (IoTSF / Foundation) is a not-for-profit association that provides resources and guidance to individuals and organizations to secure IoT devices and networks. Publications on the Foundation’s website offer a wealth of information about IoT security, including best practices, guidelines, and certification schemes.

The National Cybersecurity Strategy 2023 and the resources found on the IoTSF website are complementary and interdependent. The strategy focuses on establishing policies and frameworks to ensure the security of IoT devices and systems, while the IoTSF provides practical tools and guidance to implement those policies and frameworks.

One of the key challenges in securing IoT devices is the lack of standardization and regulation. The National Cybersecurity Strategy 2023 recognizes this challenge and proposes a multi-stakeholder approach to develop and implement IoT security standards. This approach involves collaboration between government agencies, industry, academia, and civil society.

The IoTSF’s resources align with this approach by providing guidance on how to implement IoT security standards, such as the IoT Security Assurance Framework. The Framework is a comprehensive set of guidelines and best practices that help organizations design, develop, and deploy secure IoT devices and systems.

Another critical aspect of IoT security is the need for transparency and accountability. The National Cybersecurity Strategy 2023 emphasizes the importance of increasing transparency and accountability in the IoT ecosystem. This includes promoting the use of secure software development practices and ensuring that IoT devices are designed with security in mind. Our recent publications of the Software Bill of Materials for IoT and OT Devices and Securing the Internet of Things Supply Chain help companies understand these subjects in better detail.

The IoTSF’s resources also highlight the importance of transparency and accountability in IoT security. For example, the Foundation’s Vulnerability Disclosure Best Practice Guide includes guidelines for responsible disclosure, which encourages organizations to be transparent about security vulnerabilities and to take responsibility for addressing them.

In addition to transparency and accountability, the National Cybersecurity Strategy 2023 also emphasizes the importance of collaboration between government and industry to address IoT security concerns. The strategy proposes the creation of public-private partnerships to develop and implement IoT security standards and to share threat intelligence.

The IoTSF is an excellent example of such a partnership, bringing together industry leaders and experts to develop practical guidance and tools for securing IoT products. The Foundation collaborates with international government agencies, academic institutions, and other organizations to promote IoT security best practices and to raise awareness of the importance of IoT security.

To conclude, the National Cybersecurity Strategy 2023 and the resources found on the IoTSF website are both aligned and essential for addressing the growing cybersecurity challenges posed by the IoT. The strategy provides a comprehensive framework for securing IoT devices and systems, while the IoTSF offers practical tools and guidance to implement that framework. By working together, government, industry, and civil society can ensure that the benefits of the IoT are realized without compromising security or privacy.