Uncategorized

NIST Considerations for Managing IoT Cybersecurity and Privacy Risks Workshop, video uploaded

https://www.nist.gov/news-events/events/2018/07/considerations-managing-iot-cybersecurity-and-privacy-risks-workshop

https://www.nist.gov/sites/default/files/documents/2018/07/11/iot_risk_workshop_agenda.pdf

 

NIST’s Cybersecurity for IoT Program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale. This workshop will help the program through the development of the Cybersecurity for IoT Program and Privacy Engineering Program’s publication on an introduction to managing IoT cybersecurity and privacy risk for federal systems. This will include work to date identifying typical differences in cybersecurity and privacy risk for IoT systems versus traditional IT systems, considerations for selecting and using technical controls to mitigate IoT cybersecurity and privacy risk, and basic cybersecurity and privacy controls for manufacturers to consider providing in their IoT products. A pre-read document has been posted to help guide conversation.

Standard
Uncategorized

FBI: Cyber Actors Use IoT Devices as Proxies for Malicious Cyber Activities

Reboot your IoT Devices regularly!

https://www.ic3.gov/media/2018/180802.aspx

https://www.ic3.gov/media/2017/171017-1.aspx

“Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.”

https://www.us-cert.gov/ncas/tips/ST17-001

https://www.us-cert.gov/ncas/current-activity/2018/08/02/FBI-Releases-Article-Securing-Internet-Things

https://www.us-cert.gov/ncas/tips/ST17-001

 

 

Standard
Uncategorized

Microsoft announces the public preview of Windows 10 IoT Core Services

https://blogs.windows.com/windowsexperience/2018/07/18/microsoft-announces-the-public-preview-of-windows-iot-core-services-today/

https://docs.microsoft.com/en-gb/windows/iot-core/commercialize-your-device/iotcoreservicesoverview

Standard
Uncategorized

IEEE: 6 Reasons Why IoT Security Is Terrible

The Internet of Things bears little resemblance to traditional IT systems—and that makes it harder to protect
By Stacey Higginbotham

Connecting physical infrastructure to the Internet makes systems vulnerable to new security threats. What keeps executives awake at night varies by industry, but cybersecurity problems are worsening everywhere. Security officers in manufacturing worry about employees inserting infected USB drives into machines, while hospital administrators fear that malware will wipe out an unpatched MRI machine, or that a hacker will direct an infusion pump to administer a lethal dose of medicine. Josh Corman, chief security officer at PTC, a computer software firm based in Massachusetts, has codified six reasons why security for the Internet of Things (IoT) is different from—and more difficult to tackle than—traditional IT security.[…]

https://spectrum.ieee.org/telecom/security/6-reasons-why-iot-security-is-terrible

Standard
Uncategorized

Expliot: IoT Exploitation Framework (pronounced – expl-aa-yo-tee)

Expliot (Pronounced – expl-aa-yo-tee)

Internet Of Things Exploitation Framework

Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to create new plugins. The name expliot is a pun on exploit and explains the purpose of the framework i.e. IoT exploitation. It is developed in python3[…]

https://gitlab.com/expliot_framework/expliot

 

Standard