NIST seeks industry help to secure tiny IoT medical devices | Health Data Management
These tiny IoT devices, which include sensors, actuators (components of a machine that move or control a mechanism or system) and other micromachines will need a new class of defense mechanisms against cyberattacks.
The devices will work on scant electrical power and use less complex circuitry than chips found in the simplest cell phone, according to the NIST. Some of these small electronics exist today, such as in the keyless entry fobs to turn on cars.
A major challenge to using the devices is how to encrypt them; current encryption methods may demand more electronic resources than the devices can hold, experts say.
NIST has sent out a call for a project to develop ways to secure data in a constrained environment and seeks help in developing requirements and guidelines. The agency released a draft document, available here, to the software community and will soon make a formal request to developers to produce appropriate encryption algorithms.
“The IOT is exploding, but there are tons of devices that have nothing for security,” says Kerry McKay, a NIST computer scientist. “There’s such a diversity of devices and use cases that it’s hard to nail them all down. There are certain classes of attacks to consider and lots of variations. Our thinking has to be broad for that reason.”