Site icon

NIST and the Industrial Internet of Things

From the comfort of smart homes and the convenience of wearable devices to the intelligent operations of manufacturing systems and the functionality of smart cities, the Internet of Things (IoT) serves as the connective tissue of a digitally unified world. While a hallmark of modern innovation, this proliferation of interconnectivity also introduces a multifaceted set of cybersecurity challenges that necessitate vigilant attention and robust countermeasures. 

Leading the charge to secure this interconnected world, the National Institute of Standards and Technology (NIST), a global frontrunner in defining standards, has crafted extensive guidelines to mitigate cybersecurity risks. This article will illuminate the pervasive influence of IoT across industrial and manufacturing contexts, focusing on Industrial IoT (or IIoT). Further, it will dissect these crucial NIST documents, translating their intricate technical specifics into understandable insights. 

 

What Is the Industrial Internet of Things?

The Industrial Internet of Things refers to IoT technologies in industrial settings, such as manufacturing, logistics, or energy/utilities. The adoption of these technologies has become so widespread that it is often considered part of a wider economic evolution called the Fourth Industrial Revolution (or Industry 4.0). 

The IIoT involves the interconnection of devices, sensors, and machines used in industrial operations, allowing them to communicate and share data and with human operators. The data collected from these devices can be analyzed to improve efficiency, enhance productivity, and reduce operational costs.

Key elements and technologies of IIoT include:

 

How Does NIST Govern Security for IoT Systems?

NIST provides extensive guidance on the issue of cybersecurity in the Internet of Things. They have published several documents that provide recommendations and best practices for securing IoT devices and systems.

Note that aside from these documents, most IIoT requirements will also refer back to NIST Special Publication 800-53.

These documents include:

NISTIR 8259, “Foundational Cybersecurity Activities for IoT Device Manufacturers”

NISTIR 8259, “Foundational Cybersecurity Activities for IoT Device Manufacturers,” is a document that guides manufacturers in improving the cybersecurity of IoT devices. The document outlines six high-level technical activities and three supporting activities that manufacturers should consider in the device cybersecurity lifecycle. 

Those activities are:

Pre-Market Activities

 

Post-Market Activities

 

Supporting Activities

By following these activities, IoT device manufacturers can make their devices more secure, helping protect their customers and the broader internet from potential threats. This is especially critical in the current digital age, where cybersecurity risks constantly evolve.

 

NISTIR 8259A, “IoT Device Cybersecurity Capability Core Baseline”

“NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline” is a document that identifies a core baseline of cybersecurity capabilities that IoT devices should ideally have to be securable. This baseline is essentially the floor of what IoT systems should be to remain securable.

The document also recommends that manufacturers identify additional device capabilities beyond the core baseline that may be needed to support specific customers, applications, or environments.

This document can be used by manufacturers, policymakers, and procurement officers to evaluate and improve the cybersecurity features of IoT devices. The identified baseline capabilities can guide design, development, and acquisition decisions.

 

NIST SP 800-82, “Guide to Industrial Control Systems (ICS) Security”

NIST Special Publication 800-82, “Guide to Industrial Control Systems (ICS) Security” is a publication by NIST that provides guidance on how to secure Industrial Control Systems. While not specifically tailored to IoT, the principles and recommendations within are highly relevant given the increasingly networked nature of modern industrial environments.

The document also recommends that manufacturers identify additional device capabilities beyond the core baseline that may be needed to support specific customers, applications, or environments.

This document can be used by manufacturers, policymakers, and procurement officers to evaluate and improve the cybersecurity features of IoT devices. The identified baseline capabilities can guide design, development, and acquisition decisions.

 

NIST Cybersecurity for IoT Program

While not a document, this program demonstrates NIST’s focus on IoT security. It aims to develop standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed:

The document also recommends that manufacturers identify additional device capabilities beyond the core baseline that may be needed to support specific customers, applications, or environments.

 

Manage IIoT Security and NIST Compliance with Continuum GRC

Continuum GRC is a cloud platform that can take something as routine and necessary as regular vulnerability scanning and reporting under FedRAMP and make it an easy and timely part of business in the public sector. We provide risk management and compliance support for every major regulation and compliance framework on the market, including:

And more. We are the only FedRAMP and StateRAMP Authorized compliance and risk management solution worldwide.

Continuum GRC is a proactive cyber security® and the only FedRAMP and StateRAMP Authorized cybersecurity audit platform worldwide. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.

[wpforms id= “43885”]

Exit mobile version