Security for IoT Sensor Networks

Current Status

The comment period has closed for the draft project description, "Security for IoT Sensor Networks."  Thanks to everyone who shared their feedback with us. We are currently reviewing the comments received, and will share information about next steps for this project soon. 

Summary

The Internet of Things (IoT) universe is continuously evolving and expanding as new products and technologies are introduced to the marketplace. IoT sensor networks—networks of small devices, or nodes that detect, analyze, and transmit physical data—are a prime example of this ongoing evolution. Fueled by the development of cheaper, smaller sensors and by users’ appetites for more smart and wearable devices, the wireless sensor network market was valued at $573 million in 2016 and is projected to increase to at least $1.2 billion by 2023.

IoT sensor networks are especially valuable to organizations for monitoring and reacting to the physical characteristics of a building’s environment, such as temperature, pollution and humidity levels, and electrical usage. People need not be on the premises—sensors do all the work by translating environmental readings into electrical impulses that may make a physical adjustment (e.g., opening air vents to change the internal temperature). IoT sensor networks are the conduit between the physical and digital worlds.

More and more, organizations are using the data taken from their IoT sensor networks for decision-making and process control. In many of these use cases, the accuracy, integrity, and availability of the data being reported and monitored by a sensor network can be critical to safety. However, detecting and preventing an attack are challenging because IoT sensor networks typically have limited processing power and a constrained ability for security monitoring and maintenance.

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is proposing a project to protect building management systems’ IoT sensor networks. Our findings may be applicable to other industry sectors and are listed for consideration for inclusion as future NCCoE use cases. We will explore common components of sensor networks and the associated security requirements of those components for the secure functioning of the IoT sensor network. Detailed explorations of other considerations (e.g., physical security), while important, are outside the scope of this project.

These are the goals and objectives of the project:

  • Serve as a building block for sensor networks in general, future IoT projects, or specific sensor network use cases
  • Establish a security architecture to protect a building management system sensor network by using standards and best practices, including the communications channel/network used to transmit sensor data to the back-end building control systems (hosts) for processing
  • Explore the cybersecurity controls to promote the reliability, integrity, and availability of building management system sensor networks
  • Exercise/test the cybersecurity controls of the building management system sensor network to verify that they mitigate the identified cybersecurity concerns/risks, and understand the performance implications of adding these controls to the building management system sensor network