Previous 1 / 5 Next

General Framework for Secure IoT Systems National center of Incident readiness and Strategy for Cybersecurity (NISC) Government of Japan August 26, 2016 1. General Framework Objective Internet of Things (IoT) systems consist of connected things and networks and thus should be regarded as an integrated system of IT with physical components. It is important to ensure physical safety in addition to existing information security measures. It is essential that IoT systems are designed, developed and operated under the principle of “Security by Design,” while looking ahead to the future where many individual systems are interconnected with new vulnerabilities possibly introduced. To rationally accomplish this, a two-step approach is appropriate: instituting general requirements on design, development, and operation of all IoT systems, in addition, sector-specific requirements for development and operation based on characteristics of respective sectors. Based on this concept, this framework aims to clarify the fundamental and essential security requirements for secure IoT systems. It is expected that this framework will contribute to promoting the industry’s active involvement in the development of secure IoT systems and will create an environment in which IoT systems users can utilize the systems with a condition that security and safety is assured, by promoting the interoperability of IoT systems and the implementation of security requirements. 2. Perspectives of the General Framework An IoT system is a system that produces added value by connecting things or physical objects through the Internet. Safety needs to be considered because physical systems are involved. However, while generating added value by connecting an IoT system to another one, there is concern for a vulnerability in one IoT system which affect other IoT systems. Therefore, keeping this possibility in mind, we should recognize IoT systems as aggregated IoT systems, which should be called a “System of Systems (SoS)”. In addition, it is important to ensure safety as well as existing information security for the services provided by such IoT system. 1

Select target paragraph3

● ● ●

General Framework for Secure IoT Systems

Document

State

Japan

Type of Document (for States): Strategy Documents: Other Strategy Documents

Topics

Data Protection
Public-Private Partnership
Research and Development
Risk Mitigation and Management

United Nations Regional Group

Asia-Pacific States

Issuing Body

National Center of Incident Readiness and Strategy for Cybersecurity (NISC) of Japan

Summary

Aims to clarify fundamental and essential security requirements for secure Internet of Things (IoT) systems
Builds on the assumption of assurance of 4 requirements to IoT systems: safety, confidentiality, integrity, and availability
Outlines Security by Design as the fundamental principle for designing, deploying and operating IoT systems
Identifies a set of policy measures to be prioritized for ensuring securiry of IoT systems:
- Clarification of requirements;
- IoT system modeling;
- Response based on informed risk;
- Proper application of performance requirements and specification requirements;
- Step-by-step and continuous approach;
- Collaboration and role sharing;
- Consideration of other operational rules

Source Link 1: https://www.nisc.go.jp/eng/pdf/iot_framework2016_eng.pdf

Source Link 2: https://www.nisc.go.jp/eng/ https://www.nisc.go.jp/eng/

Year Published: 2016

Date Published: Aug 26, 2016

Document Language(s)

English

Preview

Map

Latitude: 36.204824

Longitude: 138.252924

Map (linked Document): Japan

Primary Documents

2016_Japan_en_General Framework for Secure IoT Systems.pdf
english
Download View