NIST Releases Draft Internet of Things Framework | Practical Law

NIST Releases Draft Internet of Things Framework | Practical Law

The National Institute of Standards and Technology (NIST) has released a draft Framework for Cyber-Physical Systems, which addresses a set of complex challenges, including privacy and security, presented by the emergence of cyber-physical systems (also known as the Internet of Things).

NIST Releases Draft Internet of Things Framework

Practical Law Legal Update 2-619-0696 (Approx. 3 pages)

NIST Releases Draft Internet of Things Framework

by Practical Law Intellectual Property & Technology
Published on 29 Sep 2015USA (National/Federal)
The National Institute of Standards and Technology (NIST) has released a draft Framework for Cyber-Physical Systems, which addresses a set of complex challenges, including privacy and security, presented by the emergence of cyber-physical systems (also known as the Internet of Things).
On September 18, 2015, the National Institute of Standards and Technology (NIST) released draft guidance, Framework for Cyber-Physical Systems (Framework), aimed at helping cyber-physical developers create new cyber-physical systems (CPS) that can work seamlessly with other smart systems that bridge the physical and computational worlds. CPS is NIST's terminology for the Internet of Things.
The Framework was developed by the NIST CPS Public Working Group (CPS PWG). This group brings together a wide range of CPS experts to help define and shape key characteristics of CPS and to better manage development and implementation among multiple “smart” application domains, including smart manufacturing, transportation, energy and healthcare.
The Framework is intended to:
  • Satisfy the need for a reference CPS description language on which tools, standards and documented applications can be based.
  • Aid users in determining the properties of a CPS.
  • Provide guidance so that if two CPS prototypes are either independently derived or tailored from this Framework, both will nonetheless be in substantial alignment.
In particular, the Framework recognizes and addresses significant cybersecurity and privacy challenges affecting CPS, including:
  • The need for reliability and resilience in situations where environmental conditions have deliberately and intentionally been manipulated by malefactors.
  • The impact of physical attacks on a CPS.
  • The application of existing cybersecurity paradigms to CPS.
  • The potential cybersecurity effects of orphaned devices and code.
  • Privacy issues associated with the collection, retention and disposal of personal information.
  • Concerns associated with data leakage or data exhaustion.
Interested parties may submit comments on the CPA PWG website through November 2, 2015.