W3C home > Mailing lists > Public > public-wot-ig@w3.org > August 2017

Re: References for "best practices" in IoT security needed

From: Mccool, Michael <michael.mccool@intel.com>
Date: Fri, 18 Aug 2017 01:38:03 +0000
To: Peter Saint-Andre - Filament <peter@filament.com>
CC: David Rogers <david.rogers@copperhorse.co.uk>, "public-wot-ig@w3.org" <public-wot-ig@w3.org>
Message-ID: <2414E483-F637-4B36-89BC-5C2593067689@intel.com>
Thanks, I had the IIC one in the list of references already.  It's an excellent reference, but specifically for industrial use cases (and, with a bit of a stretch, to municipal and institutional use cases).  I also like that it specifically addresses the issue of combined security and safety engineering.

The main hole we have, I think, is a reference for smart home use cases.

Michael

> On Aug 18, 2017, at 6:50, Peter Saint-Andre - Filament <peter@filament.com> wrote:
> 
> The IIC IoT Security Framework is quite good:
> 
> http://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB-3.pdf
> 
> UL 2900-2-2 is excellent but paywalled.
> 
> And there's a big list here:
> 
> https://www.schneier.com/blog/archives/2017/02/security_and_pr.html
> 
> Peter
> 
>> On 8/17/17 2:29 AM, Mccool, Michael wrote:
>> Thanks!  I was aware of the second and third ones on your list (and will
>> confirm they are kisted as references) but will look at your other
>> collection.   The book I cited also has a bunch of references but from 2015.
>> 
>> I'm also aware of the bill proposed in the US Senate but its still just
>> a bill, so...
>> 
>> Michael McCool, Principal Engineer, Intel
>> SSG/DPD/Technology Pathfinding and Innovation
>> 
>> On Aug 17, 2017, at 15:44, David Rogers <david.rogers@copperhorse.co.uk
>> <mailto:david.rogers@copperhorse.co.uk>> wrote:
>> 
>>> Hi,
>>> 
>>> A list here (which I need to
>>> update): http://blog.mobilephonesecurity.org/2016/11/iot-security-resources.html
>>> 
>>> IoT Security Foundation Best Practices - 1.1 being launched
>>> shortly: https://iotsecurityfoundation.org/best-practice-guidelines/
>>> 
>>> Also checkout the GSMA IoT security
>>> guidelines: https://www.gsma.com/iot/future-iot-networks/iot-security-guidelines/
>>> 
>>> Cheers,
>>> 
>>> 
>>> David.
>>> 
>>> 
>>> 
>>> Sent from my mobile
>>> 
>>> -------- Original message --------
>>> From: "Mccool, Michael" <michael.mccool@intel.com
>>> <mailto:michael.mccool@intel.com>>
>>> Date: 17/08/2017 04:03 (GMT+01:00)
>>> To: public-wot-ig@w3.org <mailto:public-wot-ig@w3.org>
>>> Subject: References for "best practices" in IoT security needed
>>> 
>>> I've been looking for references on "best practices" in IoT security. 
>>> Ideally these would be standards we could cite or practices adopted or
>>> required by major organizations (eg large companies or governments).
>>> 
>>> While the following is not a standard (unfortunately), and I haven't
>>> yet read through the whole thing, the following book is proving to be
>>> pretty useful.  In particular, it highlights the interaction of safety
>>> and security in IoT, something which is not necessarily a factor in
>>> other cybersecurity contexts:
>>> 
>>> Practical Internet of Things Security https://g.co/kgs/MSw7Yz
>>> 
>>> At the same time, we DO still need better "anchor" citations from
>>> standards bodies or similar organizations we can use for best practice
>>> security recommendations *in IoT*.  If anyone on this list has
>>> suggestions, please give them.
>>> 
>>> We do have an existing set of references under the main github site.
>>> 
>>> Michael McCool
>>> 
>>> 
> 
> 
Received on Friday, 18 August 2017 01:38:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 18 August 2017 01:38:32 UTC