Tuesday, September 25, 2018: 3:30 PM - 5:30 PM
Overview: The Internet of Things (IoT) is the increasing connection of devices beyond smart phones, tablets and computers to include devices like wearables, smart appliances, home devices, smart grid, and vehicles for consumers, as well as specialized devices to support specific industries including energy, finance, health care, manufacturing, distribution, etc. IoT devices include sensed information of the devices, environment, and person. This information can be used for monitoring, decision making, and control of the physical world. As the number of devices increases, there is an increasing vulnerability of these systems to attacks, such as the Mirai Distributed Denial of Service (DDoS) attack that involved insecure IoT devices in 2016. During this session, an overview will be given on cybersecurity for IoT, as well as activities of NIST in this area.
Federal Presentation: Katrina Megas, NIST
- NIST’s Cybersecurity for IoT Program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. To this end, NIST is preparing a document to help federal agencies manage IoT cybersecurity and privacy risks. This guidance explains how IoT differs from conventional IT and focuses on helping agencies understand the challenges in using conventional IT controls for IoT. This includes controls for user and device identification that affect asset management, access management, and data protection. This session will focus on the challenges to securing IoT devices in these areas, potential ways to address these challenges, and the planned direction of future NIST work to help agencies overcome these challenges.
- Shawnna M. Hoffman-Childress, IBM
- The Convergence of IOT and Blockchain
- Andrew Whelchel, Okta
- Securing the Droids You are Looking For (with IoT API Security)
- John Callahan, Veridium
- The Challenge of Authentication in the Internet of Trusted Things (IoTT)
- Session attendees will split into small groups – seated in roundtables, with a volunteer rapporteur. Each table will discuss cybersecurity considerations of an IoT use case.
- The Workshop MC will ask a subset of the small groups to briefly share their groups’ discussion and output, ask for feedback on the Meetup concept (in general, and how this one was arranged), then close by providing an update on FedID plans.