DHS Developing IoT Security Framework of Principles
The principles will not be a regulatory document or overly prescriptive or technical, he said. Instead, the agency will be detailing best security practices, putting them on a platform and making them available to the public and the various players involved, Silvers said. It will address such issues as the need for updating and patching policies to protect against security vulnerabilities, building security into the IoT devices at the design stage and figuring out how to secure those products already on the market, and encouraging transparency throughout the supply chain, from manufacturers and suppliers to system and component makers and end users. In addition, the platform will stress the need for standards to accelerate innovation. It will be a "foundational" document upon which others can build strategies. Silvers pushed back at a question about whether DHS' plans essentially outline principles that have been developed elsewhere, saying the agency has the responsibility to take such principles that have not gained much traction and make them more accessible to the industry and public. "We need long-term solutions and short-term actions in parallel," he said. "The longer we deliberate, the further ground we're going to have to recover, so let's all get together with focus and resolve, because … we want a future that's innovative and secure."