Internet of Things (IoT) Security Best Practices

(IEEE White Paper)

Access paper here

Abstract: The purpose of this paper is to present a set of well-investigated Internet of Things (IoT) security guidelines and best practices that others can use as a basis for future standards, certifications, laws, policies, and product ratings. Most, if not all, of these guidelines would apply to any Internet-connected device; however, this paper focuses on security measures either peculiar to the IoT or especially relevant to the IoT. This paper assumes the end-to-end processing model of the Internet, in which application features such as security are handled by end nodes of the network, client, and server hardware. It focuses on security mechanisms, including patching and updating, that should be considered at the manufacturing design phase rather than after devices have already been built or deployed. This paper expands on the findings of a 2016 project by the IEEE Internet Initiative, the IEEE Experts in Technology and Policy (ETAP) Forum on Internet Governance, Cybersecurity, and Privacy. Several ETAP events occurred in 2015 and 2016 in various regions worldwide, including Israel, China, India, and the United States. These events brought together technologists, policy-makers, and others interested in and expertise in technology policy. One of the issues consistently brought up in these events was the security of the IoT. This paper is intended for an educated lay audience. The recommendations offered in this paper are generally intended for implementation by manufacturers of IoT products. However, they are also designed to be readable by nontechnical but well-educated lawmakers, corporate and governmental policymakers, and participants in standard-setting bodies.