Cybersecurity for the Internet of Things Program

Overview
The NIST's Cybersecurity for the Internet of Things Program ("Program") supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the Program aims to cultivate trust and foster an environment that enables innovation on a global scale.

The expanding IoT landscape is subject to an equally expanding list of risks, attacks, and corresponding outcomes. As the Program learned through stakeholder outreach, the list of risks is extensive. It includes, but is far from limited to, opportunities for malicious actors to highjack communication channels, change sensor data, access sensitive information, disrupt vital services, and alter signals and data for nefarious purposes. Outcomes vary and may include the collection of bad data, and actual, physical harm. Stakeholders have expressed interest in the NIST producing guidelines to help organizations understand and manage cybersecurity and privacy risks associated with the use of IoT.