New Approach to IoT Realm?
This post is also available in: 
עברית (Hebrew)
IoT devices are an outcome of combining the worlds of information technology (IT) and operational technology (OT). Many IoT devices are the result of the convergence of cloud computing, mobile computing, embedded systems, big data, low-price hardware, and other technological advances.
The IoT market of smart, connected devices opens vast opportunities, but also poses serious security risks. The US National Institute of Standards and Technology (NIST) has issued a report, “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks,” in order to help federal and other organizations become more aware of the large number of IoT devices they are already using and how they may affect cybersecurity and privacy risks differently than conventional IT devices.
The publication is intended for personnel at federal agencies with responsibilities related to managing cybersecurity and privacy risks for IoT devices, although personnel at other organizations may also find value in the content. IoT device manufacturers and integrators may also find the publication useful.
NIST lays out three high-level risk mitigation goals:
- Protect device security
- Protect data security
- Protecting individuals’ privacy throughout the device lifecycle
According to the report, “organizations should ensure they are addressing the cybersecurity and privacy risk considerations and challenges throughout the IoT device lifecycle for the appropriate risk mitigation goals and areas.”
According to cshub.com, NIST elaborates on three recommendations:
Understand the IoT device risk considerations and the challenges they may cause to mitigating cybersecurity and privacy risks for IoT devices in the appropriate risk mitigation areas.
Adjust organizational policies and processes to address the cybersecurity and privacy risk mitigation challenges throughout the IoT device lifecycle.
Implement updated mitigation practices for the organization’s IoT devices.
