In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.
As previously reported, the National Institute of Standards and Technology (NIST) is developing a voluntary Privacy Framework in collaboration with private- and public-sector stakeholders. The goal is to help organizations better identify, assess, manage, and communicate their privacy risks. Other benefits anticipated from this project are fostering the growth of innovative approaches to protecting individual privacy and creating greater trust in products and services that may use the Framework once it is established.
The National Institute of Standards and Technology (NIST) published its request for information (RFI) covering a series of questions designed to assist in the development of a voluntary framework meant to improve the management of the privacy risk that could arise from the collection, storage and use of individuals’ information in the Federal Register on November 14, 2018.
On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems. At a high level, the draft report is intended to:
- provide a functional description for IoT (Section 4);
- describe several IoT applications that are representative examples of IoT (Section 5);
- summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
- describe IoT cybersecurity objectives, risks, and threats (Section 7);
- provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
- map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).
On January 25, 2018, the National Institute of Standards and Technology (NIST) division of the U.S. Department of Commerce released a draft report of Blockchain technology (Overview). Recognizing the growing public awareness of the most well-known application of Blockchain technology – Bitcoin, the Overview draft report provides a high-level discussion of the technical components of Blockchain technology, addressing how data is encrypted, and how the data is verified and then distributed among the participating Blockchain parties. NIST is seeking comments on the scope and completeness of the draft Overview, which are due by February 23, 2018.
The Overview begins with a fairly detailed, yet accessible, overview of the architecture of Blockchain technology, covering both how data that is to be recorded and encrypted in the blocks, and how the individual blocks are then incorporated into the corresponding Blockchain. Discussions of hashing, nonces, forking and Merkle Trees are included, along with helpful charts for those with a preference for visuals.
The Georgetown Law Center for Privacy & Technology released a report that takes a harsh look at the Department of Homeland Security (DHS)’s “Biometric Exit” program. The “Not Ready for Takeoff: Face Scans at Airport Departure Gates” report highlights the myriad number of privacy and fairness issues associated with the use of biometric data for screening and other purposes. The Biometric Air Exit program uses biometric data to verify travelers’ identities as they leave the U.S. and has been deployed at Boston’s Logan International Airport and eight other airports. The program is operated by DHS and uses photographs of passengers taken at the gate while boarding to verify travelers’ identities as they leave the country. Prior to departure of an outbound international flight, DHS prepopulates the Traveler Verification Service (TVS) with biometric templates from the travelers expected on the flight. TVS either confirms the travelers face or rejects the face as a “non-match.” Non-matched travelers credentials will then be checked manually.