A recent article published on InnovationAus.com discussed the growing demand for IoT standards, specifically as they relate to building smart cities. The piece focused mainly on the need for “interoperability and security protocols to take advantage of truly smart cities potential” and quoted a local official who stated, “The notion of creating a framework of trust based on common principles that each of the varying security protocols can adhere, and incorporating smart cities, is part of the highest mountain to climb.” The piece made fair points on the need for IoT security standards, but like many articles and commentaries that address this realm, it shared little information on how they would be built.
The conversation around security standards often lacks true substance and does not include details, specifically regarding one fundamental element: secure coding for embedded, connected devices. “Secure coding practices – that were used heavily in the past – create the foundation for secure IoT products,” notes Terry Dunlap, Founder & CEO of Tactical Network Solutions. “Most connected devices built today include insecure code, as evidenced by the growing news of hacked and ‘owned’ devices. Many people don’t practice secure coding or talk about it anymore.”For the conversation about secure IoT standards to have meaning and take shape, it must include:
- Discussion about secure coding practices
- Definitions of secure coding practices
- Use cases showing both the inclusion and lack of secure coding on IoT devices
The topic of standards is not a new one. Those that are effective and have staying power are specific, clear and embody primary components at the outset. To build useful IoT standards, the IoT and embedded design community must accurately and fully define universal best practices that serve as the foundation for the standards.