Dr. Michael J. Fagan, National Institute of Standards and Technology

IoT technologies bridge domains to create innovative solutions, but this can shift trust balances and strain cybersecurity and privacy. Since humans are commonly the beneficiaries or targets of IoT systems, concerns about privacy (and safety) may be heightened. Also, IoT can both have more sensitive position in a network and fewer power, computing, etc. resources than other equipment (i.e., is constrained). Towards solving these challenges, IoT can leverage existing standards, but new standards are needed for at least some cases. Of course, cybersecurity and privacy management is technology agnostic and standards for these domains certain apply to IoT, but especially for the cybersecurity practitioner, realities of IoT (e.g., constraints) can break expectations built into the standards or how they are generally understood and used. Today, standards and national efforts around cybersecurity and privacy of IoT abound. Notable examples in the United States are the Cybersecurity Improvement Act and CyberTrust Mark cybersecurity labeling program for consumer IoT. Globally, multiple nations are exploring their own labeling programs, including, but not limited to Singapore and Japan. In the European Union, efforts are underway to ensure the cybersecurity of IoT products via the Cyber Resiliency Act. In the standards space, we can look to solutions from IETF for device intent signaling and device on-boarding, among other topics and efforts such as 27400 series from ISO. These efforts are welcome since IoT adoption depends on delivering solutions that preserve cybersecurity and privacy. Research and then standards can help bridge these gaps and inform efforts to raise the bar of cybersecurity and privacy for IoT across all sectors since doing so can motivate trust in and adoption of the technology.

Speaker's Biography: Michael Fagan is a Computer Scientist and Technical Lead with the Cybersecurity for IoT Program which aims to develop guidance towards improving the cybersecurity of IoT devices and systems. The program works within the National Institute of Standards and Technology’s Information Technology Laboratory (ITL) and supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of IoT systems, products, connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, academia, and consumers, the program aims to cultivate trust and foster an environment that enables innovation on a global scale. Michael leads work exploring IoT cybersecurity in specific sectors or use cases, such as enterprise systems, the federal government, and consumer home networks. He holds a Ph.D. in Computer Science & Engineering.

View More Papers

SURGEON: Performant, Flexible and Accurate Re-Hosting via Transplantation

Florian Hofhammer (EPFL), Marcel Busch (EPFL), Qinying Wang (EPFL and Zhejiang University), Manuel Egele (Boston University), Mathias Payer (EPFL)

Read More

Symphony: Path Validation at Scale

Anxiao He (Zhejiang University), Jiandong Fu (Zhejiang University), Kai Bu (Zhejiang University), Ruiqi Zhou (Zhejiang University), Chenlu Miao (Zhejiang University), Kui Ren (Zhejiang University)

Read More

HEIR: A Unified Representation for Cross-Scheme Compilation of Fully...

Song Bian (Beihang University), Zian Zhao (Beihang University), Zhou Zhang (Beihang University), Ran Mao (Beihang University), Kohei Suenaga (Kyoto University), Yier Jin (University of Science and Technology of China), Zhenyu Guan (Beihang University), Jianwei Liu (Beihang University)

Read More

Benchmarking transferable adversarial attacks

Zhibo Jin (The University of Sydney), Jiayu Zhang (Suzhou Yierqi), Zhiyu Zhu, Huaming Chen (The University of Sydney)

Read More