NIST's IoT Guidance: A Look at the DraftKat Megas Describes Effort to Help Safeguard Devices
The U.S. federal government is increasingly using IoT devices for across its agencies, but that has also raised concerns about security.
See Also: Rule Life Cycle Management
For example, the government is using drones to inspect the outside of buildings and also is implementing IoT smart controls for buildings, says Kat Megas, program manager for the National Institute of Standards and Technology’s Cybersecurity for IoT Program.
The use of IoT devices presents a variety of risks. For example, the devices could become infected as part of a botnet or could be targeted for ransom extortion campaigns, she says.
In December, the Internet of Things Cybersecurity Improvement Act was enacted, and NIST published drafts of four documents that are designed to provide guidance for the federal government and IoT manufacturers (see First Federal IoT Security Legislation Becomes Law).
Megas says the documents, which define core baseline security requirements for IoT devices, are open for public comments through February.
In this video interview, Megas discusses:
- How the federal government is using IoT;
- NIST’s role in carrying out the Internet of Things Cybersecurity Improvement Act;
- How NIST is working with private industry.
Megas is program manager for NIST's Cybersecurity for IoT Program. Her experience includes custom software development, systems integration and deploying enterprise technologies such as identity and access management systems, public key infrastructure and digital and electronic signature applications.