W3C home > Mailing lists > Public > public-wot-ig@w3.org > August 2017

Re: References for "best practices" in IoT security needed

From: Peter Saint-Andre - Filament <peter@filament.com>
Date: Thu, 17 Aug 2017 15:50:34 -0600
To: "Mccool, Michael" <michael.mccool@intel.com>, David Rogers <david.rogers@copperhorse.co.uk>
Cc: "public-wot-ig@w3.org" <public-wot-ig@w3.org>
Message-ID: <9966f1d6-1075-d7eb-608d-deb1c069971a@filament.com>
The IIC IoT Security Framework is quite good:

http://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB-3.pdf

UL 2900-2-2 is excellent but paywalled.

And there's a big list here:

https://www.schneier.com/blog/archives/2017/02/security_and_pr.html

Peter

On 8/17/17 2:29 AM, Mccool, Michael wrote:
> Thanks!  I was aware of the second and third ones on your list (and will
> confirm they are kisted as references) but will look at your other
> collection.   The book I cited also has a bunch of references but from 2015.
> 
> I'm also aware of the bill proposed in the US Senate but its still just
> a bill, so...
> 
> Michael McCool, Principal Engineer, Intel
> SSG/DPD/Technology Pathfinding and Innovation
> 
> On Aug 17, 2017, at 15:44, David Rogers <david.rogers@copperhorse.co.uk
> <mailto:david.rogers@copperhorse.co.uk>> wrote:
> 
>> Hi,
>>
>> A list here (which I need to
>> update): http://blog.mobilephonesecurity.org/2016/11/iot-security-resources.html
>>
>> IoT Security Foundation Best Practices - 1.1 being launched
>> shortly: https://iotsecurityfoundation.org/best-practice-guidelines/
>>
>> Also checkout the GSMA IoT security
>> guidelines: https://www.gsma.com/iot/future-iot-networks/iot-security-guidelines/
>>
>> Cheers,
>>
>>
>> David.
>>
>>
>>
>> Sent from my mobile
>>
>> -------- Original message --------
>> From: "Mccool, Michael" <michael.mccool@intel.com
>> <mailto:michael.mccool@intel.com>>
>> Date: 17/08/2017 04:03 (GMT+01:00)
>> To: public-wot-ig@w3.org <mailto:public-wot-ig@w3.org>
>> Subject: References for "best practices" in IoT security needed
>>
>> I've been looking for references on "best practices" in IoT security. 
>> Ideally these would be standards we could cite or practices adopted or
>> required by major organizations (eg large companies or governments).
>>
>> While the following is not a standard (unfortunately), and I haven't
>> yet read through the whole thing, the following book is proving to be
>> pretty useful.  In particular, it highlights the interaction of safety
>> and security in IoT, something which is not necessarily a factor in
>> other cybersecurity contexts:
>>
>> Practical Internet of Things Security https://g.co/kgs/MSw7Yz
>>
>> At the same time, we DO still need better "anchor" citations from
>> standards bodies or similar organizations we can use for best practice
>> security recommendations *in IoT*.  If anyone on this list has
>> suggestions, please give them.
>>
>> We do have an existing set of references under the main github site.
>>
>> Michael McCool
>>
>>
Received on Thursday, 17 August 2017 21:51:01 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 17 August 2017 21:51:02 UTC