IoT (Internet of Things) security standards for Govt


  • An advanced training program covering the current state of the art security of Internet of Things for Govt adaptation ( mainly).
  • Cuts across multiple technology domains to develop awareness of security in IoT systems and its components and how it can help Govt employees and contractors to gain insight into security issues
  • Live demo of some of the security aspects of gateways, sensors and IoT application clouds .
  • The course also explains 30 principle risk considerations of current and proposed NIST standards for IoT security
  • OSWAP model for IoT security
  • Target Audience:

  • Engineers/managers who are assigned to develop IoT projects for the Govt.

  • Duration:    1 ( 10 hours / day)-Total 10 hours.


  • Basic knowledge devices, electronics systems and data systems
  • Basic understanding of software and systems
  • Basic understanding of Statistics (in Excel levels)
  • Understanding of Telecommunication Verticals

  • Overview:

    Estimates for Internet of Things or IoT market value are massive, since by definition the IoT is an integrated and diffused layer of devices, sensors, and computing power that overlays entire consumer, business-to-business, and government industries. The IoT will account for an increasingly huge number of connections: 12 B by 2019 and 100B+ by 2025.

    In the consumer space, many products and services have already crossed over into the IoT, including kitchen and home appliances, parking, RFID, lighting and heating products, and a number of applications in Industrial Internet.

    The underlying technologies of IoT are nothing new as M2M communication existed since the birth of Internet. However what changed in last couple of years is the emergence of number of inexpensive wireless technologies added by overwhelming adaptation of smart phones and Tablet in every home. Explosive growth of mobile devices led to present demand of IoT.

    Over the last three years, engineering in IoT has seen massive changes primarily driven by Microsoft, Google and Amazon. These large behemoths have invested billions of dollars to develop IoT platforms that are more easy to manage and secure. Also IoT edge has gained a lot of momentum in both research and deployment as only means for practical IoT implementation. 5G is also promising to transform the business of IoT. This has led to an unprecedented large swath of new areas of research funding in IoT.

    However Govt adaptation of IoT is slow due to security concerns at various levels. One of the major issue is, disagreement among different large IoT vendors on the matter of security. Microsoft Azure, Amazon AWS have pushed forward with its own security standards. Where as NIST is placing a more comprehensive one. OWASP model of 10 layers of IoT security did some impact but overall failed to get much ground due to non-adoption from major IoT platform like Azure or Google.

    Course Objective:

    Main objective of this course is to introduce emerging technological options, platforms and case studies of IoT implementation in emerging verticals ( smart cities, smart manufacturing, agriculture, public safety etc) and horizontals ( edge computing, PaaS platforms, 5G-IoT etc.) for the University researchers..

    1. Give introduction of all the technology stacks of IoT

    2. Drawing the layers of vulnerability at each stack and between the stack

    3. Learning about the NIST standard of IoT security

    Course Outline:

    Session 1:Basic and Advanced concepts of IoT architecture from security perspective
  • Basic -1: A brief history of evolution of IoT technologies
  • Basic-2: Wearable, Edge computing, IoT wireless protocols ( Sigfox, Lora etc.) , IoT cloud platforms.
  • Basic-3 : layered architecture of IoT — Physical (Sensors), Communication, and Data Intelligence
  • Advanced-1 : Edge architecture, edge computation and database
  • Introduction of all important modules in IoT projects- fleet management, sensor data management, control system, IoT communication protocols.
  • Understanding major IoT components for security- sensor, gateway, cloud platform, cloud application
  • Session 2:Introduction to all important aspects of IoT Infrastructure security
  • Protecting “The Things “ in Internet of Things
  • Physical and Cyber
  • Data protection and privacy
  • Sensor protection
  • Actuator protection
  • Datahub/Gateway security- North and South Bound
  • Methods of Intrusion into Gateway
  • Gateway to cloud/platform security
  • Amazon IoT -security standard
  • Azure IoT -security standard
  • Session 3:IoT management layer- and management layer vulnerability
  • Management of “The Thing”- Vulnerability and protection
  • Sensors –Data protection
  • Sensor- Calibration management and Data Integrity
  • IoT Hub management –layers of vulnerability
  • IoT Edge and edge management security
  • Connectivity management and security
  • OTA ( Over the top update) – and security
  • Fleet management- security issue
  • Log management- security issues
  • IoT cloud security issues
  • Session 4:Review of evolving NIST standards/recommendation for IoT -4 hours
  • Review of NISTIR 8228 standard for IoT security -30 point risk consideration Model
  • Review of OWASP model of 10 layers of IoT security