Best Practices for IoT Security: What Does That Even Mean?

04/25/2020
by   Christopher Bellman, et al.
0

Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. We explore not the failure to follow best practices, but rather a surprising lack of understanding, and void in the literature, on what (generically) "best practice" means, independent of meaningfully identifying specific individual practices. Confusion is evident from guidelines that conflate desired outcomes with security practices to achieve those outcomes. How do best practices, good practices, and standard practices differ? Or guidelines, recommendations, and requirements? Can something be a best practice if it is not actionable? We consider categories of best practices, and how they apply over the lifecycle of IoT devices. For concreteness in our discussion, we analyze and categorize a set of 1014 IoT security best practices, recommendations, and guidelines from industrial, government, and academic sources. As one example result, we find that about 70% of these practices or guidelines relate to early IoT device lifecycle stages, highlighting the critical position of manufacturers in addressing the security issues in question. We hope that our work provides a basis for the community to build on in order to better understand best practices, identify and reach consensus on specific practices, and then find ways to motivate relevant stakeholders to follow them.

READ FULL TEXT
research
09/02/2022

Security Best Practices: A Critical Analysis Using IoT as a Case Study

Academic research has highlighted the failure of many Internet of Things...
research
06/15/2021

Best Practices for Notification Studies for Security and Privacy Issues on the Internet

Researchers help operators of vulnerable and non-compliant internet serv...
research
03/25/2021

Authorship ethics: an overview of research on the state of practice

Authorship ethics is a central topic of discussion in research ethics fo...
research
11/14/2019

Design Requirements of Generic Hand Exoskeletons and Survey of Hand Exoskeletons for Rehabilitation, Assistive or Haptic Use

Most current hand exoskeletons have been designed specifically for rehab...
research
05/13/2022

Assessing the Linguistic Quality of REST APIs for IoT Applications

Internet of Things (IoT) is a growing technology that relies on connecte...
research
07/13/2020

Steps Towards Best Practices For Robot Videos

There are unwritten guidelines for how to make robot videos that researc...
research
05/17/2021

Confidence Assertions in Cyber-Security for an Information-Sharing Environment

Information sharing is vital in resisting cyberattacks, and the volume a...

Please sign up or login with your details

Forgot password? Click here to reset