IoT Cybersecurity: 29 Security Laws, Regulations, Standards, and Best Practices

Security Automation Tools

An easy to reference table with summaries and links to each of the twenty-nine

Internet of Things (IoT) cyber security has come a long way over the past five years. The Miller-Valasek hack of 1 million plus vehicles (you can see the very funny Charlie Miller Chris Valasek DEF CON 23 presentation here) opened many eyes.

The awareness for the need for cyber security in connected embedded devices (a.k.a. IoT devices) has grown significantly since then. In response, new cyber security teams, industry groups, and even a new ISAC have been formed (you can learn more about the Automotive ISAC here). Many best practice recommendations, standards, regulations, and laws have been issued. There is actually a surprising number as you can see from the table below.

The list looks overwhelming but breaking it down by industry is a good first step to understand what is relevant to your products. A good second step is realizing that there is quite a bit of commonality ranging from Threat Analysis and Risk Assessments (TARA), to security features required in IoT products, to life-cycle management.

In the comings months we will profile a number of the laws/standards/best practices listed below. The goal is to have a single resource to help clarify which applies to what sort of IoT products and how.

If you have recommendations of which you would like to see profiled first, let me know.

To learn more how BG Networks’ engineering services can help develop software to meet a certification or comply to a particular standard, see our services page at the link below