Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (Draft)

[Project Description] Security for IoT Sensor Networks: Building Management Case Study

Date Published: February 2019
Comments Due: March 18, 2019 (public comment period is CLOSED)
Email Questions to: sensor-security-nccoe@nist.gov

Author(s)

Jeffrey Cichonski (NIST), Jeffrey Marron (NIST), Nelson Hastings (NIST), Jason Ajmo (MITRE), Rahmira Rufus (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project to protect building management systems’ IoT sensor networks. Our findings may be applicable to other industry sectors and are listed for consideration for inclusion as future NCCoE use cases. We will explore common components of sensor networks and the associated security requirements of those components for the secure functioning of the IoT sensor network. Detailed explorations of other considerations (e.g., physical security), while important, are outside the scope of this project.

These are the goals and objectives of the project:

  • Serve as a building block for sensor networks in general, future IoT projects, or specific sensor network use cases.
  • Establish a security architecture to protect a building management system sensor network by using standards and best practices, including the communications channel/network used to transmit sensor data to the back-end building control systems (hosts) for processing.
  • Explore the cybersecurity controls to promote the reliability, integrity, and availability of building management system sensor networks.
  • Exercise/test the cybersecurity controls of the building management system sensor network to verify that they mitigate the identified cybersecurity concerns/risks, and understand the performance implications of adding these controls to the building management system sensor network.

Please submit your feedback to help us shape and refine the scope of this project.

Abstract

Keywords

building management sensors; data integrity; device integrity; internet of things; IoT; networked sensors; sensors; sensor data; sensor security.
Control Families

Access Control; Security Assessment and Authorization; Configuration Management; Identification and Authentication; Risk Assessment;

Documentation

Publication:
Project Description

Supplemental Material:
Submit Comments (other)
Project homepage (other)

Topics

Security and Privacy
physical & environmental protection

Applications
Internet of Things

Technologies
networks; sensors