NordVPN Promotion

Home / Blogs

IoT Developments: NIST Issues Tech Guidance while NTIA Seeks Broad Input, Global Efforts Percolate

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

This article was co-authored by Megan L. Brown (a partner in Wiley Rein LLP’s Telecom, Media & Technology and IoT practices) and Umair Javed, Christen B’anca Glenn, and Madeleine Lottenbach (associates in the firm’s Telecom, Media & Technology and IoT practices).

As the federal government grapples with Internet-connected devices and applications that make up the Internet of Things (IoT), the National Institute of Standards and Technology (NIST) is forging ahead to provide “technical leadership” for “the operation, trustworthiness, and lifecycle of IoT” (NIST, Special Publication 800-183, Network of Things, July 2016). Such efforts complement—and contrast—recent policy efforts at the National Telecommunications and Information Administration (NTIA) and elsewhere to promote IoT innovation while addressing security, privacy, and interoperability. This federal activity will influence domestic policy and may be critical to shape international efforts that threaten global innovation.

NIST’s Recent SP 800-53 Joins Efforts to Address IoT Design

NIST is a non-regulatory agency responsible for creating security guidelines for federal information technology. Through various components and partnerships, NIST provides technical guidance, increasingly with an eye toward private sector use. NIST has been at the forefront of data security, cybersecurity, and privacy. Its work is influential and included in security standards and procurement requirements. NIST has been looking at several aspects of IoT.

NIST recently released a publication providing a model to define IoT and its fundamentals, in hopes of creating more secure and reliable technology. According to NIST, the five basic building blocks of IoT technology, or “primitives,” are: sensors, aggregators, communication channels, external utilities, and decision triggers. NIST seeks to provide researchers and developers a common language for resolving security challenges that arise in Internet-connected devices and networks. NIST discusses factors affecting security and reliability and the trade-offs of open and closed systems. After identifying the general model for IoT systems and determinants of reliability and security, NIST discusses potential challenges. For example, NIST identifies issues related to car speed sensors, and how wearable, transmitting health devices may depend on communication channel security.

This recent publication is just one of NIST’s efforts on mobility and IoT. NIST has long looked at cyber-physical systems of all sorts, and has released guidelines addressing mobile device security and applications and information sharing architectures. While NIST’s standards and guidelines are consensus-based and voluntary (for the private sector), they can be binding on federal agencies, are often used by state and local governments, and are incorporated in other federal and private standards, including procurement demands.

NTIA Is Forging Ahead on IoT Policy

While NIST addresses technical models and best practices, NTIA is active in IoT, championing multistakeholder processes. NTIA earlier this summer sought and received comments on the potential federal role in promoting IoT innovation, as well as whether and how privacy, security, and interoperability can best be addressed. NTIA also sought comment on what role, if any, the United Nations’ International Telecommunication Union (ITU) should play in setting technical standards for IoT.

Last week, NTIA announced that it will convene an IoT multistakeholder process focused on cybersecurity and upgradability of IoT devices and applications. This multistakeholder process will attempt to create a set of definitions, descriptions, and guidelines about security patches and upgrades in order to promote greater transparency about the data that IoT devices and applications may collect. According to Angela Simpson, the Deputy Assistant Secretary for Communications and Information, the multistakeholder process could lead to standardized descriptions of security upgradability or a set of tools to better communicate security upgradability. NTIA plans to host the first meeting in early fall 2016.

Multistakeholder models are well-suited to the evolving nature of threats and responses in technically complex areas such as cybersecurity. Recognizing the benefits of collaboration over regulation, NTIA convened a cybersecurity vulnerabilities multistakeholder process in 2015 to understand vulnerabilities created by information technology systems in the digital economy, such as those associated with IoT, and to establish best practices and coordinate efforts regarding cybersecurity and information sharing. These efforts continue.

U.S. Developments Occur Amidst Global IoT Activity

These activities are taking place while global policymakers address IoT. There has been considerable controversy in recent years over what some perceive as “mission creep” by the ITU into IoT standardization activities. The ITU’s standardization work primarily is carried out by technical study groups, and, in 2015, a new Study Group 20 was created to focus specifically on IoT and its applications. Some countries, including China, Russia, Saudi Arabia, and South Korea, now are positioning through SG20 to make the ITU the sole global registry for IoT addressing. Citing IoT privacy and security concerns, these countries seek to mandate the proprietary Digital Object Architecture (DOA) as the sole global IoT addressing system. The ITU currently has rights to that intellectual property.

These ITU activities can have far-reaching economic and social consequences, including for U.S. businesses. Although DOA is useful in many contexts, such as libraries, SG20 proposals seeking to “Recommend” DOA as the sole global IoT addressing system are inconsistent with principles of technology neutrality and threaten to supplant the important role of the technical community, other standards development organizations, and business and civil society in IoT standards development. If adopted, such action could place IoT addressing squarely under the control of intergovernmental organizations and governments.

Not surprisingly, the private sector has been almost unanimous in urging NTIA to ensure that IoT technical and interoperability standardization activities remain in voluntary, open-participation, globally recognized, and consensus-based bodies, and that outcomes at this early stage of IoT development are technically neutral. As IoT continues to mature, innovators should continue to urge federal experts and policymakers to reflect and promote the values of technical neutrality and regulatory humility at NIST, NTIA, and beyond.

Companies assessing IoT opportunities should heed these and other legal and policy developments as they develop products, services, and business partnerships.

By Megan L. Brown, Partner at Wiley Rein LLP

Filed Under

Comments

While NIST Issues Tech Guidance and NTIA Seeks Broad Input, FCC Goes Its Own Way Bruce Levinson  –  Aug 11, 2016 3:49 PM

The Internet of Things (IoT) includes cable television set-top boxes. The FCC in its rush to “unlock” these set-top boxes has gone its own way, however, on cyber security. Instead of integrating its efforts to secure future “unlocked” set-top boxes as part of the government’s broad IoT efforts, the Commission is conducting its own IoT cyber security mini-proceeding as a part of its set-top box rulemaking, MB Docket No. 16-42. By going its own way on IoT security, the FCC is inviting the world’s cyber criminals into America’s living rooms. See, http://www.circleid.com/posts/20160420_is_fcc_inviting…

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion