Analyzing IoT Security Best Practices

2020-06-25 12:09

Abstract: Best practices for Internet of Things security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices.

We explore not the failure to follow best practices, but rather a surprising lack of understanding, and void in the literature, on what "Best practice" means, independent of meaningfully identifying specific individual practices.

How do best practices, good practices, and standard practices differ? Or guidelines, recommendations, and requirements? Can something be a best practice if it is not actionable? We consider categories of best practices, and how they apply over the lifecycle of IoT devices.

For concreteness in our discussion, we analyze and categorize a set of 1014 IoT security best practices, recommendations, and guidelines from industrial, government, and academic sources.

As one example result, we find that about 70% of these practices or guidelines relate to early IoT device lifecycle stages, highlighting the critical position of manufacturers in addressing the security issues in question.

News URL

https://www.schneier.com/blog/archives/2020/06/analyzing_iot_s.html

#bestpractices #IOT #security