Date Published: October 2017
Comments Due: October 25, 2017 (public comment period is CLOSED)
Email Questions to: iot-ddos-nccoe@nist.gov
Withdrawn: December 14, 2017
Author(s)
W. Polk (NIST), Murugiah Souppaya (NIST), William Barker (Dakota Consulting)
Announcement
The objective of this project is to reduce the vulnerability of Internet of Things (IoT) devices to botnets and other automated distributed threats, while limiting the utility of compromised IoT devices to malicious actors. The scenarios envisioned for this NCCoE project emphasize home and small-business applications, where plug-and-play deployment is required. In one scenario, a home network includes IoT devices that interact with external systems to access secure updates and various cloud services, in addition to interacting with traditional personal computing devices. In a second scenario, a small retail business employs IoT devices for security, building management, and retail sales, as well as computing devices for business operations, while simultaneously allowing customers to access the internet.
The primary technical elements of this project include:
- network gateways/routers supporting wired and wireless network access;
- Manufacturer Usage Description (MUD) Specification controllers and file servers;
- Dynamic Host Configuration Protocol (DHCP) and update servers;
- threat signaling servers;
- personal computing devices; and
- business computing devices.
While the security capabilities of these components will not provide perfect security, they will significantly increase the effort required by malicious actors to compromise and exploit IoT devices on a home or small-business network. This project will result in a freely available NIST Cybersecurity Practice Guide.
The building block objective is to reduce the vulnerability of Internet of Things (IoT) devices to botnets and other automated distributed threats, while limiting the utility of compromised IoT devices to malicious actors. The primary technical elements of this building block include network gateways/routers supporting wired and wireless network access, Manufacturer Usage Description (MUD) Specification controllers and file servers, Dynamic Host Configuration Protocol (DHCP) and update servers, threat signaling servers, personal computing devices, and business computing devices. The security capabilities of these components will not provide perfect security, but will significantly increase the effort required by malicious actors to compromise and exploit IoT devices on a home or small-business network. The scenarios envisioned for this NCCoE building block emphasize home and small-business applications, where plug-and-play deployment is required. In one scenario, a home network includes IoT devices that interact with external systems to access secure updates and various cloud services, in addition to interacting with traditional personal computing devices. In a second scenario, a small retail business employs IoT devices for security, building management, and retail sales, as well as computing devices for business operations, while simultaneously allowing customers to access the internet. This project will result in a freely available NIST Cybersecurity Practice Guide.
The building block objective is to reduce the vulnerability of Internet of Things (IoT) devices to botnets and other automated distributed threats, while limiting the utility of compromised IoT devices to malicious actors. The primary technical elements of this building block include network...
See full abstract
The building block objective is to reduce the vulnerability of Internet of Things (IoT) devices to botnets and other automated distributed threats, while limiting the utility of compromised IoT devices to malicious actors. The primary technical elements of this building block include network gateways/routers supporting wired and wireless network access, Manufacturer Usage Description (MUD) Specification controllers and file servers, Dynamic Host Configuration Protocol (DHCP) and update servers, threat signaling servers, personal computing devices, and business computing devices. The security capabilities of these components will not provide perfect security, but will significantly increase the effort required by malicious actors to compromise and exploit IoT devices on a home or small-business network. The scenarios envisioned for this NCCoE building block emphasize home and small-business applications, where plug-and-play deployment is required. In one scenario, a home network includes IoT devices that interact with external systems to access secure updates and various cloud services, in addition to interacting with traditional personal computing devices. In a second scenario, a small retail business employs IoT devices for security, building management, and retail sales, as well as computing devices for business operations, while simultaneously allowing customers to access the internet. This project will result in a freely available NIST Cybersecurity Practice Guide.
Hide full abstract
Keywords
botnets; internet of things (IoT); manufacturer usage description (MUD); router; server; software update server; threat signaling
Control Families
None selected