Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Take the Understanding Data Risk Survey to help shape the future of data security!

Research Topic

Internet of Things

Latest ResearchWorking Group
CSA IoT Security Controls Framework v2
CSA IoT Security Controls Framework v2

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Internet of Things
Internet of Things (IoT) devices represent a wide variety of non-traditional devices such as medical devices, cars, drones, simple sensors and more. These unique devices often pose a security challenge due to the limited size and lack of innate security making them difficult to secure with traditional security controls and methodologies. It is a combination of these factors that has rendered many devices vulnerable to attacks like the Mirai botnet. 

Security risks of IoT
The Internet of Things is already beginning to transform consumer, business and industrial processes and practices. Some of the high level needs for IoT product security include the need to: 
  • Protect consumer privacy and limit exposure of PII and PHI
  • Protect business data and limit exposure of sensitive information
  • Safeguard against IoT products being used in DDoS attacks or as launching points into the network
  • Guard against damage or harm resulting from compromise of cyber-physical systems

What is CSA doing to help secure IoT?
The IoT Working Group's mission is dedicated to understanding relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their IoT ecosystem. This includes outlining best practices for securing IoT implementations, identifying gaps in standards coverage for IoT security, and identifying threats to IoT devices and implementations.

Other organizations working with CSA to secure IoT.
CSA is working to secure IoT in collaboration with OWASP, Securing Smart Cities, UL, IoT Security Foundation, the Industrial IoT Consortium, U.S. Federal Communications Commission (FCC) and Samsung Robotic Laboratories. 


Internet of Things

Discuss this topic in Circle

View discussion community

Participate

View the working group

Press MentionSourceDate
CSA announces the launch of their Zero Trust Advancement Center and how it can help play a role in protecting IoT, IIoT and ICS systems, PodcastTelecom ResellerJuly 12, 2022
View all

Research for Securing the Internet of Things

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Future Proofing the Connected World

Future Proofing the Connected World

An IoT system is only as secure as its weakest link. This document provides actionable and useful guidance for securing the individual products that make up an IoT system - to raise the overall security posture of IoT products. It should be especially useful for organizations that have begun transforming their existing products into IoT-enabled devices. That is, manufacturers that do not have the background and experience to be aware of the myriad ways that bad guys may try to misuse their newly connected equipment. Those in the startup communities will also find this guide useful. Startups in the connected product/system space are challenged with getting their products to market quickly. Finding the right talent to help secure those products early in the development cycle is not an easy task. This document provides a starting point for creating a security strategy to help mitigate at least the most pressing threats to both consumer and business IoT...

Access this guide
CSA IoT Security Controls Framework

CSA IoT Security Controls Framework

The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies. The IoT Security Controls Framework provides utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The Framework also helps users identify appropriate security controls and allocate them to specific components within their IoT system. For instructions on how to use IoT Security Controls Framework spreadsheet, there is a companion guide. The companion guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a colu...

Access this framework
IoT Firmware Update Processes

IoT Firmware Update Processes

The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software. However, the Internet of Things (IoT)—with its vast ecosystem of connected devices deployed in many environments—introduces complexities associated with the update process that drives the need for process re-engineering. To answer that call, the Cloud Security Alliance IoT Working Group has compiled key recommendations for establishing a secure and scalable IoT update process. This document provides guidelines that developers and implementers can fully or partially integrate. Suggestions can be adapted and designed for custom firmware update processes that recognize unique constraints, dependencies, and risks associated with produ...

Access these guidelines
View All Research

Webinars

Security Challenges for Mobile Networks
Security Challenges for Mobile Networks

October 20 | online

Learn more

View All Webinars

Blog Posts

Navigating IT-OT Convergence: A Strategic Imperative for Enterprise Success
Read Now
Threats to Water: The Achilles’ Heel of Critical Infrastructure
Read Now
Defining 12 CSA Research Topics
Read Now
View All Blog Posts