IoT is vast and has many security related issues – how do we go about addressing them?
The answer is collaboratively and in partnership with our members.
When IoTSF was launched in 2015, the Executive Steering Board (ESB) mandated a priority set of working groups including
- The IoT Security Assurance Framework (previously known as the IoT Security Compliance Framework)
- The Secure Design Best Practice Guides
- The Vulnerability Disclosure Best Practice Guide
The ESB also established Consumer IoT regulation as a priority area and the Smart Built Environment Working Group to further expand contextualised focus.
Since June 2021, IoTSF has established its international Chapters initiative. The Chapters serve many functions which help to propagate good security practice at a local level – they also create the basis for requesting and leading new working groups which are open to the wider ‘Plenary’ membership.
Currently, IoTSF has a number of Plenary Working Groups to encourage the building of an Internet of Trust – these Working Groups are where much of the practical work takes place.
Here is a list of the current priority work items:
Regulatory Watch Working Group
The purpose of this industry working group is to keep IoTSF members updated on regulatory matters and compliance with international regulations, shape/influence regulations by engaging with global regulatory bodies and to raise public awareness of the group’s work.
The working group is open to all IoTSF member organisations and Professional members that are interested in participating.
The working group will meet regularly to discuss regulatory developments and to plan its activities.
ManySecured Working Group
The ManySecured open standards initiative aims to protect users, organisations and industry from the security risks posed by the Internet of Things (IoT) through ‘smart’ control at the network, router and gateway level.
The ManySecured Gateway WGG and project partners are developing publicly available open specifications and resources aimed at router/IoT gateway vendors, service and solution providers, in a bid to deliver interoperable, scalable and intelligent IoT-secured deployments which are resilient to attack throughout their lifecycle.
To find out more about the initiative, its partners and how you can take part – see the dedicated project website MANYSECURED.NET
IoT Security Assurance Framework
NOTE: The IoT Security Compliance Framework has been renamed The IoT Security Assurance Framework from Release 3.0 (November 2021). The Assurance Framework is a maintained document and is 100% compatible with previous versions of the IoT Security Compliance Framework.
The objective of this working group is to create a master framework which can be used to select, manage and document comprehensive security provisions in products and working practices. It provides guidance for product management, developers and vendors to improve the quality and pervasiveness of security throughout their operation including design, deployment, maintenance, supply chain and end of life .
The deliverables are the publicly available document and member-only tools which cover a comprehensive set of requirements and guidance notes. This makes the Framework a practical resource with actionable methods and processes. This continues to be increasingly important to help industry align with numerous/multiple international security legislations and labelling schemes which are emerging to control the market. The primary public output of the working group is publishing and maintaining the IoT Security Assurance Framework.
- Board champion: Richard Marshall, Xitex Ltd.
- Chair: Trevor Hall, Synaptics
IoT Security Best Practices
The objective of this working group is to assess the security challenges with IoT products and beyond to produce easy to consume best practice guides and sector specific security architectures. This group’s output can be found on the Best Practice Guidelines page.
- Board champion: Ken Munro, Pen Test Partners
- Chair: Jeff Day, BT
Consumer IoT Security
IoTSF has championed the role of cybersecurity in consumer markets since it was first established. As such, we have numerous guides and outputs relating to this sector and the work is on-going – especially w.r.t regulation.
Smart Built Environment and Smart Buildings
This working group has been set up to establish a set of guidelines to help each of the supply chain participants specify, procure, install/integrate and operate/maintain IoT securely in buildings. Find out more
- Board Champion: Sarb Sembhi, Virtually Informed
- Chairs: Sarb Sembhi, Virtually Informed & James Willison, Unified Security
Supply Chain Integrity
The Supply Chain Integrity Project’s mission is to help actors throughout the IoT supply chain protect themselves and their customers from cyber-attacks on IoT deployments launched via design, production and distribution processes. The project will gather information on IoT supply chains (including the software bill of materials or SBOMs) in order to build a representative model, security analysis of which will lead to a set of prioritised recommendations accessible to a wide audience beyond the security community.
Contributions are sought from hardware and software vendors, system integrators, owners and operators of connected devices and service providers, from all parts of the ecosystem, as well as from security and risk management experts.
- Board Champion: Haydn Povey, Secure Thingz
- Chair: Amyas Phillips, Ambotec
About the Working Groups
Each Working Group is populated by IoTSF members who contribute to producing best practice guidelines. Each working group also has project teams within it to achieve specific deliverables.
Members collaborate via physical meetings and via online meeting facilities: i.e. our messaging/document file platform. This allows flexibility for members to discuss and exchange ideas regardless of location. The schedule is organised by each working group chair, and updates are provided regularly between the working groups in face to face / virtual meetings. In this way we ensure members are kept updated and the groups work in harmony.
IoTSF members can join any of the working groups and contribute to creating best practice guidelines.
If you are a member of IoTSF and would like to join any of the working groups, contact us by clicking here and let us know which groups you are interested to join – we’ll take care of the details.