Dr. Michael J. Fagan, National Institute of Standards and Technology

IoT technologies bridge domains to create innovative solutions, but this can shift trust balances and strain cybersecurity and privacy. Since humans are commonly the beneficiaries or targets of IoT systems, concerns about privacy (and safety) may be heightened. Also, IoT can both have more sensitive position in a network and fewer power, computing, etc. resources than other equipment (i.e., is constrained). Towards solving these challenges, IoT can leverage existing standards, but new standards are needed for at least some cases. Of course, cybersecurity and privacy management is technology agnostic and standards for these domains certain apply to IoT, but especially for the cybersecurity practitioner, realities of IoT (e.g., constraints) can break expectations built into the standards or how they are generally understood and used. Today, standards and national efforts around cybersecurity and privacy of IoT abound. Notable examples in the United States are the Cybersecurity Improvement Act and CyberTrust Mark cybersecurity labeling program for consumer IoT. Globally, multiple nations are exploring their own labeling programs, including, but not limited to Singapore and Japan. In the European Union, efforts are underway to ensure the cybersecurity of IoT products via the Cyber Resiliency Act. In the standards space, we can look to solutions from IETF for device intent signaling and device on-boarding, among other topics and efforts such as 27400 series from ISO. These efforts are welcome since IoT adoption depends on delivering solutions that preserve cybersecurity and privacy. Research and then standards can help bridge these gaps and inform efforts to raise the bar of cybersecurity and privacy for IoT across all sectors since doing so can motivate trust in and adoption of the technology.

Speaker's Biography: Michael Fagan is a Computer Scientist and Technical Lead with the Cybersecurity for IoT Program which aims to develop guidance towards improving the cybersecurity of IoT devices and systems. The program works within the National Institute of Standards and Technology’s Information Technology Laboratory (ITL) and supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of IoT systems, products, connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, academia, and consumers, the program aims to cultivate trust and foster an environment that enables innovation on a global scale. Michael leads work exploring IoT cybersecurity in specific sectors or use cases, such as enterprise systems, the federal government, and consumer home networks. He holds a Ph.D. in Computer Science & Engineering.

View More Papers

DynPRE: Protocol Reverse Engineering via Dynamic Inference

Zhengxiong Luo (Tsinghua University), Kai Liang (Central South University), Yanyang Zhao (Tsinghua University), Feifan Wu (Tsinghua University), Junze Yu (Tsinghua University), Heyuan Shi (Central South University), Yu Jiang (Tsinghua University)

Read More

Enhance Stealthiness and Transferability of Adversarial Attacks with Class...

Hui Xia (Ocean University of China), Rui Zhang (Ocean University of China), Zi Kang (Ocean University of China), Shuliang Jiang (Ocean University of China), Shuo Xu (Ocean University of China)

Read More

SOCs lead AI adoption: Transitioning Lessons to the C-Suite

Eric Dull, Drew Walsh, Scott Riede (Deloitte and Touche)

Read More

A Two-Layer Blockchain Sharding Protocol Leveraging Safety and Liveness...

Yibin Xu (University of Copenhagen), Jingyi Zheng (University of Copenhagen), Boris Düdder (University of Copenhagen), Tijs Slaats (University of Copenhagen), Yongluan Zhou (University of Copenhagen)

Read More