cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cts
Viewer II

Effective IOT Cyber Metrics

I am moving into a new cyber security role and need to get up to speed on cyber metrics for the IoT space. I know there are tons of cyber metrics but I am interested in knowing what this community thinks are the most interesting when it comes to understanding the security posture of IoT devices. Is there a common set somewhere? What is considered a baseline?  Thank you!

1 Reply
Caute_cautim
Community Champion

HI @ctsCTSViewer

 

I had a quick cast around, IEEE has a paper from 2018 on the subject,. it appears this subject is still forming and storming at the moment, but here is the link for starters:  https://ieeexplore.ieee.org/document/8378969

 

"To assist with this understanding, NIST mapped out five Network of Things (NoT) primitives.4

NoT is a term that applies to both cyber-physical systems and the IoT. The five NIST primitives of all NoT systems include:

 

  • sensor (something that measures physical properties),

  • aggregator (software to transform data from a sensor),

  • communication channel (data transmission, such as wired or wireless),

  • e-Utility (software or hardware to execute processes, such as a database), and

  • decision trigger (produces the final result, such as an output signal to an actuator).

 

These five primitives define the “Logo-like” building blocks used by any IoT-based system. The primitives are the Ts. The easiest way to think about this is that the “things” are what make up the IoT. That might offer a partial hint into IoT metrology. So, we will explore what metrics and measures we can offer related to these five classes of “things” as well as to their interactions given an IoT architecture (system) operating in real time."

There is another paper, if you have access to IEEE Xplore: 

 

https://ieeexplore.ieee.org/document/8328467/metrics#metrics

 

 I will see if I have access via my place of work, unless one has access via a University?

 

Regards

 

Caute_cautim