DHS has released a paper titled Strategic Principles for Securing the Internet of Things (IoT), which establishes a set of principles and best practices for the public and private sector to follow regarding the development and deployment of IoT technology. The principles paper is designed for IoT manufacturers and "high-level" business adopters, rather than casual consumers.
The report espouses six principles, each with its own set of best practices:
- Incorporating security at the design phase recommends manufacturers should be utilizing recent operating systems, hardware that incorporates security features and enabling security by default.
- Promoting security updates recommends manufacturers should be automating security updates and coordinating vulnerability disclosures.
- Building on security practices recommends network operators should be practicing basic software security with IoT devices, practicing defense in depth and using information sharing.
- Prioritizing security measures based on impact recommends network operators should be performing red team attacks against IoT devices, authenticating device traffic and keeping to the intended use of the device.
- Promoting IoT transparency recommends manufacturers should be creating a method of disclosing responses to vulnerabilities.
- Connecting carefully recommends consumers should be building in selective network connectivity controls.
IoT is the common term used for the array of automated devices that are connected to the internet. According to DHS, the risks that interconnected systems can pose to vital infrastructure are a matter of homeland security.