Overview:
The National Institute of Standards and Technology (NIST) is seeking IoT Management Solutions to support the use of secure wearable devices. With this mission in mind, NIST must understand ways to manage these IoT devices and apply security best practices to those devices that could assist in reducing the potential risk of security vulnerabilities that impact a first responder’s daily life saving activities.
Background:
Public safety practitioners utilizing the forthcoming Nationwide Public Safety Broadband Network (NPSBN) will have smartphones, tablets, and wearables at their disposal. Although these devices should enable first responders to complete their missions, any influx of new technologies will introduce new security vulnerabilities. Smartphones and tablets have mobile device management (MDM), mobile threat defense (MTD), and mobile application vetting solutions (MAVs) to support the secure use and management of those mobile devices.
IoT devices within the general workplace are becoming more common. A way to manage these IoT devices and apply security best practices to those devices could assist in reducing the potential risk of security vulnerabilities that impact a first responder’s daily life saving activities.
Constraints:
Required:
Technologies must have any of the following capabilities:
- Identify wearable devices in close range or within a geographical area
- Identify wearable devices interacting with an organization’s network
- Update the wearable device security configuration
- Update the wearable device firmware and software
- Management of multiple types of devices on one IoT management portal
- Any integration with the wearable apps through a management platform
- Wearable device vetting capabilities; reporting a wearable that is using an outdated or vulnerable OS or communication protocol
- Disconnect a device from accessing an organizations network if it is found to be malicious
- Remote lock a wearable (e.g. a smart watch) if it is lost or stolen
Desired:
- Easily deployable to large organizations
- Low cost
Possible Solution Areas:
- Proprietary Hardware/Software System: completely closed, vertically integrated solution. The same company provides IoT devices, network access, possibly an IoT gateway, and a cloud service.
- Open Platform Ecosystem: semi-closed ecosystem for an application. An example of this is Samsung’s SmartThings home automation service. With these services, IoT devices (from different providers) are certified for compatibility by Samsung with their IoT gateways.
- Standards-based device management: IoT devices whose identity and firmware are managed using a standardized process and are entirely independent from the application layer service. Any consumer IoT device should be easily associated with any consumer IoT gateway that supports its protocols and be able to get to the device vendor’s management service.
Desired outcome of the solution:
NIST PSCR is open to potential collaborations or partnership opportunities.
Field of use and intended applications:
Provide first responders with secure management of IoT devices.
