Organization: UK Department for Transport, Centre for the Protection of National Infrastructure, and Centre for Connected and Autonomous
Reference: Principles of cyber security for connected and automated vehicles
Published on: 6 August 2017
As vehicles continue to become smarter, it’s crucial that we take the correct steps to make them cyber secure.
The 8 principles in this guidance set out how the automotive sector can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior level executives.
The quick start guide to vehicle cyber security lists the 8 principles:
organisational security is owned, governed and...
Organization: Online Trust Alliance (OTA)
Reference: OTA – IoT Trust Framework (V2.0)
Published on: Latest Update: 4 May 2017 Initially published: 5 January 2017
The IoT Trust Framework includes a set strategic principles to help secure IOT devices and their data when shipped and throughout their entire life-cycle. Through a consensus driven multi-stakeholder process, key principles have been identified for connected home, work and wearable technologies including toys and fitness devices. The Framework outlines mandatory requirements including comprehensive and security patching post warranty.
Organization: oneM2M
Reference: Release 2 Specifications Within Release 2 Specifications the Security Technical Report is here
Published on: 30 August 2016
Standard for M2M deployment covering requirements, architecture, API specifications, security solutions and mapping to common industry protocols such as CoAP, MQTT and HTTP.
Organization: IoTiap
Reference: Principles, Practices and a Prescription for Responsible IoT and Embedded Systems Development
Published on: 2 December 2016
This document addresses security challenges related to the Internet of Things (IoT). As a working paper, it outlines ideas and approaches to improve the situation.
Organization: International Organization for Standardization (ISO)
Reference: CD 30141 Internet of Things Reference Architecture (IoT RA) (Committee Draft)
Published on: 10 September 2016 This document provides a standardized IoT reference architecture using a common vocabulary, reusable designs and industry best practices. It uses a top down approach, beginning with collecting the most important characteristics of IoT, abstracting those into a generic IoT conceptual model, deriving from the conceptual model to a high level system based reference model and then breaking down from reference model to the five architecture views (functional view, system view, user view, information view and communication view)...
Organization: Secure Technology Alliance (Previously: Smart Card Alliance)
Reference: Embedded Hardware Security for IoT Applications
Published on: December 2016
This white paper describes basic security principles that are critical for IoT implementations and then reviews the application of these security principles for an example use case – managing the lifecycle of IoT devices. The white paper discusses embedded security – where hardware and/or software security mechanisms are built into the end devices used in an IoT architecture. The white paper then further focuses on embedded hardware security, where end devices include hardware features and functions to ensure that the appropriate security requirements...
Organization: European Union Agency for Network and Information Security (ENISA)
Reference: Securing Smart Airports
Published on: 16 December 2016
In response to the new emerging threats faced by smart airports, this report provides a guide for airport decision makers (CISOs, CIOs, IT Directors and Head of Operations) and airport information security professionals, but also relevant national authorities and agencies that are in charge of cyber-security for airports. Based on an in depth examination of existing knowledge as well as validation interviews with subject matter experts, this report highlights the key assets of smart airports. Built on this, a detailed analysis and threats...
Organization: IoT Security Foundation (IoTSF)
Reference: Vulnerability Disclosure Best Practice Guidelines
Published on: 6 December 2016
The Connected Consumer Products best practice guide provides clear advice for firms that are bringing IoT class products to market. The guidelines cover the most important security elements to consider when designing a product such as application security, encryption, network connections and software updates. The guidelines take a practical approach and provide a comprehensive overview of the subject matter with additional in-depth materials supplied online.
Organization: IoT Security Foundation (IoTSF)
Reference: IoT Security Compliance Framework
Published on: 6 December 2016
The framework provides a comprehensive and practical checklist to guide organisations through a security assuring process. It offers a methodical approach to determining an organisation’s unique security posture for both business processes and technical requirements. The framework is intended to be used by key staff such as senior management, technical, manufacturing and logistics from producer companies, yet it could also be used by purchasers to assess suppliers. The framework is designed to be generally applicable and extendable with release 1.0 targeted at the consumer product category. Follow-on...
Organization: I Am The Cavalry
Reference: Five Star Automotive Cyber Safety Program
Published on: 15 February 2015
High-level principles for the automotive industry cyber safety.
Organization: Industrial Internet Consortium (IIC)
Reference: Industrial Internet Security Framework (IISF)
Published on: 26 September 2016
The Industrial Internet Security Framework (IISF) is a cross-industry-focused, comprehensive (173-pages) security framework outlining number of best practices.
Organization: Internet of Things - Architecture
Reference: Architectural Reference Model for the IoT v3.0
Published on: 15 July 2013
IoT-A, the European Lighthouse Integrated Project created the proposed architectural reference model together with the definition of an initial set of key building blocks. Together they are envisioned as foundations for fostering the emerging Internet of Things. Using an experimental paradigm, IoT-A combined top-down reasoning about architectural principles and design guidelines with simulation and prototyping in exploring the technical consequences of architectural design choices.
Organization: The Institute of Electrical and Electronics Engineers (IEEE)
Reference: 2413 Standard for an Architectural Framework for the Internet of Things (IoT) (Draft)
Published on: 3 September 2015 (Draft - Work in Progress) This standard defines an architectural framework for the Internet of Things (IoT), including descriptions of various IoT domains, definitions of IoT domain abstractions, and identification of commonalities between different IoT domains. The architectural framework for IoT provides a reference model that defines relationships among various IoT verticals (e.g., transportation, healthcare, etc.) and common architecture elements. It also provides a blueprint for data abstraction and the quality "quadruple"...
Organization: The Internet Engineering Task Force (IETF)
Reference: Best Current Practices for Securing Internet of Things (IoT) Devices (Draft)
Published on: 3 July 2017
In recent years, embedded computing devices have increasingly been provided with Internet interfaces, and the typically-weak network security of such devices has become a challenge for the Internet infrastructure. This document lists a number of minimum requirements that vendors of Internet of Things (IoT) devices need to take into account during development and when producing firmware updates, in order to reduce the frequency and severity of security incidents in which such devices are implicated.
Organization: Microsoft
Reference: Internet of Things security best practices
Published on: 3 July 2017
To secure an Internet of Things (IoT) infrastructure requires a rigorous security-in-depth strategy. This strategy requires you to secure data in the cloud, protect data integrity while in transit over the public internet, and securely provision devices. Each layer builds greater security assurance in the overall infrastructure.