From smart watches and digital assistants to connected cars, web-enabled Internet of Things (IoT) devices and technologies are transforming daily life and industry. To ensure the integrity and safety of IoT systems, Kaspersky experts are contributing to the development of a new International Organization for Standardization (ISO) standard for IoT devices: “ISO/IEC TS 30149 Internet of Things (IoT) – Trustworthiness principles”. This standard is being established in collaboration with experts from the Joint Technical Committee 1 between ISO and International Electrotechnical Commission (IEC). The standard sets out the factors making IoT devices safe and trustworthy, analyzing the relations between unconditional trust and assured system dependability, formalizing the general concept of trust.
With the complexity of today’s IoT solutions and increasing sophistication of cyberattacks targeting these devices, having a technical understanding of solutions is crucial for mitigating the inherent risks of these products. Kaspersky perceives trust as a concept to ensure all relevant stakeholders understand the specific trust elements of an IoT solution, and any potential risks in their given use case.
Developed over the last five years, the standard sets requirements for the trust of cyber-physical systems, including various devices and systems of IoT and industrial Internet of Things (IIoT). The standard defines a complex and ambiguous concept of trust, as well as principles for building and managing trust in the system life cycle.
The document also describes principles for IoT system trust management and building trusted systems, with the standard annex containing best practices for IoT system trustworthiness. They include participative (stakeholder-based) approach, trustworthiness characterization method, system maturity models, and impact assessment, among others. The annex also specifies a trustworthiness view that covers practical aspects of assuring the quality and security of IoT system usage.
The document standard regulates the principles of trust in terms of reliability, security, information security, personal data security, and robustness in the face of attacks. It outlines principles for building and managing trust and confidence in IoT and IIoT systems throughout their life cycle, considering both the informational and physical aspects.
Ekaterina Rudina, Security Analysis Group Manager at Kaspersky, noted:
“The operation of IoT systems is a serious process that should be secured on both cyber and physical levels. The trustworthiness of these systems is a key factor for developers and users. We are always committed to creating the highest security standards and constantly work on sharing our global expertise. It's encouraging to see how the international expert community continues to work and to make significant progress in this area.”
To learn more about the standard visit the ISO/IEC website. The terms and definitions database can be found at http://www.electropedia.org/, http://www.iso.org/obp.