Security

Virginia Smart Community Test Bed Adopts IoT Security Best Practices Blueprint

The project will assess existing standards and test real-world applications.

Natalie Gross is a freelance journalist and podcast producer based in the Washington, D.C., area. She has a master’s degree in journalism from Georgetown University.

As the Internet of Things grows, so does the need to secure it.

That’s why a Virginia nonprofit and private companies are teaming up to compile a blueprint of best practices.

“It’s a very complex space and it covers this huge range of different types of devices,” says David Ihrie, CTO of the Virginia Innovation Partnership Corp., a nonprofit involved in this undertaking.

The U.S. Department of Homeland Security-funded project will include a look at how to secure all kinds of devices — from animal tracking collars used by the U.S. Geological Survey to remote sensor sites and critical infrastructure such as power plants.

EXPLORE: How StateRAMP is helping save time and resources when vetting vendors.

The groups will also work with funding from the Virginia Smart Community Testbed in Stafford County, Va., which launched last year as the first smart city test bed involving an Internet of Things platform, according to its website. The location serves as a hub for living laboratories around the state, including work on municipal drone operations in Winchester and port security in Norfolk.

The test bed has already allowed Virginia to deploy flood sensors in 15 communities, Ihrie says.

“For both Internet of Things and also for critical infrastructure, all of those are things that are vulnerable to cybersecurity-related attacks, and we’re seeing that in the real world as we speak,” he says. “I think there’s a big focus for the entire federal government and a lot of those stakeholders right now on the immediate threats that we’re seeing in that space.”

Click the banner below to get access to a customized content experience by becoming an Insider.

Stakeholders Develop Blueprint with an Eye Toward the Future

A big part of the blueprint will look toward the future, however, and security standards that all devices should meet.

“Once that immediate threat has kind of dissipated a little bit, how do we get ahead of the curve? How do we secure the new systems that we bring online as we implement 5G or broadband? How do we make sure that we don’t just find ourselves in the same hole three years, five years or 10 years from now?” Ihrie says.

He adds, “It’s not just who can get stuff into the market the fastest. We want those capabilities to have a certain level of security built into them. So, we’re hoping this guidance will make it easier for people buying those systems to really specify and procure more secure systems going forward.”

In the first phase of the project, Ihrie and his team have been working on assessing existing standards in this space. They’re doing this in the U.S. by working with the National Institute of Standards and Technology, and globally with organizations such as IEEE. They are also identifying common threads, as well as gaps.

DIVE DEEPER: How cities are adopting cloud computing and IoT for smarter transportation.

“In parallel with that, we’re building a reference implementation in the test bed. If we say, ‘All right, here’s a summary of these standards, here’s some guidance for you as a procurement officer on how to pick and choose among those things. And oh, by the way, you can take a look at the test bed, and we’ll show you commercially based implementation of that working in the real world with some of the types of devices that we’re talking about,’” Ihrie says.

“I think that ability to illustrate the standards but do it in practice in a way that people can touch and feel and experiment with, and we can do research against, is a really important aspect of what we’re doing,” he says.

The second phase of the blueprint will begin in July and run for a year, dealing mostly with experimentation and validation of the security technology baseline. The third phase has not yet been defined, though Ihrie expects it will consist of more testing and training.

Tippapatt/Getty Images