NIST Promotes Basic Security Features for Smart Devices

Perhaps you’ve heard the harrowing stories of hackers accessing baby monitors and Nest thermostats. Well, it is only going to get worse, say experts. Some devices with “smart” capabilities (meaning they are able to interact with a wireless network) are best in class for energy efficiency. But with more and more destined to come on the market, such devices could become targets for cyberattacks aiming to threaten national security. Picture hacked HVAC systems refusing to provide heat in the middle of winter or a software virus causing toasters to start house fires.

There are currently no agencies tracking instances of hacked devices and no nationwide mandatory security protocols for smart devices (though California recently passed its own law set to take effect in 2020). However, the National Institute of Standards and Technology (NIST) recently released a guide with a set of voluntary cybersecurity features that it recommends. While the guide is intended for manufacturers, designers that spec smart devices can also use it to better understand which security features to look for.  These features include:

• device identifiers that ensure a unique address is used when the device connects to a network
• data protection, usually some type of encryption to protect information that is stored
• limited access to interfaces, such as requiring users to sign in to access the device
• updateable software and firmware, allowing manufactures to send updates that are either automatically installed or manually installed by the user
• cybersecurity event logging to record attacks when they happen and help developers fix breaches