ISO/IEC IoT standards to mitigate cyber security risks and boost our global economy
I was very fortunate to moderate a panel on the mitigation of cyber risks for IoT leveraging standards this morning. I was supported by well known experts Torbjörn Lahrin, Walter Knitl, and Torbjörn Lahrin.
The scope of the conversation was based on following outline:
With the development and publication of standards such as ISO/IEC 27400, ISO/IEC 27402, and soon ISO/IEC 27404 stakeholders globally now have the means to quantify and mitigate known cybersecurity risks related to these devices and the industries that are now becoming increasingly dependent on them. IoT devices and solutions have become a foundation for economic growth and development in regions around the world not to mention that our lives are becoming “smarter” everyday due to these underlying technologies.
With the soon to be released ISO/IEC 27404 on labeling, manufactures can provide assurance and confidence to stakeholders that cybersecurity and privacy risks have been considered for their product when it was being developed. Given the changing landscape of risks having a good baseline such as those detailed in ISO/IEC 27402 will ensure that stakeholders understand the key buying decisions for their specific use cases. With more awareness to these standards and the others currently under development the overall risk aspect will only be reduced in the future.
This workshop will share the experiences of both global professionals and standards developers that possess years of knowledge in IoT which lead to the development of the current body of standards. This workshop will discuss how these standards are being used by stakeholders globally and in multiple sectors. It will touch on the complexities and concepts such as system-of-systems (SoS) which can layer additional risks that need to be considered and mitigated. We are anticipating a dynamic webinar with a usage and experience survey that will contribute to our open discussion.
The discussion was based around several questions and issues related to this topic including:
- Where are you using IoT based technologies currently?
- Have you increased your usage of IoT devices in base?
- What IoT standards are you aware of currently?
- What are the biggest barriers to the usage of IoT devices?
- What is lacking in current IoT Standards?
From this we were able to determine from our attendees that key aspects were understanding cyber risks specific to each product, gaining customer trust, and understanding the relationship to legislation were top of mind. It was also very clear from feedback that there is big need for implementation guidance from the standards writers.
As the WG 4 Convenor to SC 27, I will be looking to find ways that we can provide more implementation guidance not only to IoT but other standards we are developing. This includes how to conduct a proper risk assessment for IoT and related technologies.
I will be updating this post once the video is available.