DHS Releases Strategic Principles for Securing Internet of Things

The Department of Homeland Security (DHS) recently issued a set of “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0.” These principles highlight approaches and suggested practices to fortify the security of the IoT and will equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use Internet-connected devices and systems.

“The growing dependency on network-connected technologies is outpacing the means to secure them,” said Secretary of Homeland Security Jeh Johnson. “We increasingly rely on functional networks to advance life-sustaining activities, from self-driving cars to the control systems that deliver water and power to our homes. Securing the Internet of Things has become a matter of homeland security. The guidance we issued today is an important step in equipping companies with useful information so they can make informed security decisions.”

Visitors walk by the logo of Samsung Electronics Co. at its showroom in Seoul, South Korea, last year. Samsung’s intent to sell the digital brains that go into billions of “smart” home appliances, industrial products and other Internet-connected gadgets — whether those gadgets are made by Samsung or its competitors — is only one of the reasons that it’s important for us to stay ahead of the Internet of Things threat.
(AP Photo/Lee Jin-man, File)

The purpose of these principles is to provide stakeholders with tools to comprehensively account for security as they develop, manufacture, implement, or use network-connected devices. It is a first step to motivate and frame conversations about positive measures for IoT security among IoT developers, manufacturers, service providers, and the users who purchase and deploy the devices, services and systems.

The principles focus on the following key areas: incorporating security at the design phase; advancing security updates and vulnerability management; building on proven security practices; prioritizing security based on potential impacts; promoting transparency across the IoT ecosystem; and connecting carefully and deliberately.

“Today is a first step,” said Assistant Secretary for Cyber Policy Robert Silvers at the time. “We have a rapidly closing window to ensure security is accounted for at the front end of the Internet of Things phenomenon. These principles will initiate longer-term collaboration between government and industry. Together we will work to develop solutions to address the resilience of the Internet of Things so that we can continue to benefit from the remarkable innovation that is driving our increasingly connected world.”

This effort is in line with DHS’ leading role in working with the private sector to enhance cybersecurity and share best practices, and reflects the Department’s mission to secure cyberspace, protect critical infrastructure, and ensure public safety.

For full text of the document, and other resources, visit www.dhs.gov/securingtheIoT.