The security framework provides business, industry and the government a framework that is capable of addressing the emerging and prevailing IoT security challenges
The Internet of Things Security Institute (IoTSI), an academic and industry body dedicated to offering frameworks and supporting educational services to assist in managing security within IoT ecosystem, announced that it has released an IoT security framework for smart cities and critical infrastructure.
Commenting on the development, Alan Mihalic, President, IoTSI, said, “The goal of the IoTSI is to establish a comprehensive set of guidelines to help each of the supply chain participants specify, procure, install, integrate, operate and maintain IoT securely in buildings, smart precincts and cities. This includes intelligent buildings equipment and controls such as audio visual (AV), fire, HVAC, lighting and building security.”
Mihalic further said, “The IoTSI is focused on ensuring that recommendations produced are globally applicable and simple to adopt – fitting within existing processes wherever possible. To achieve this, the IoTSI opens the channels of communication between building occupiers, facilities managers, engineers, designers and urban planners in relation to the cyber security and privacy challenges affecting building environments.”
No licence cost or extra charges
The security framework provides business, industry and the government an open framework that is capable of addressing the emerging and prevailing IoT security challenges within the environment. The IoTSI framework is released under a Common Criteria licensing agreement and can be implemented without any cost of licensing or additional charges.
“We did not want to restrict framework adoption by imposing licensing costs or restricted access pending some kind of commercial consideration. The framework is there to be implemented and shared. Often the benefits of such initiatives get lost in the commercial requirements imposed,” said Mihalic.
“Of course, there’ll be organisations that will provide professional services to assist with the framework’s deployment. This is expected. Resource and competency considerations are always a determining factor to any cyber security or privacy process improvement activity. However, the framework is not a commercial offering. That in itself goes a long way to keeping costs in check,” he added.