Standardising a Moving Target: The Development and Evolution of IoT Security Standards

The standards landscape for IoT security is currently devel- oping in a fragmented manner. This paper provides a re- view of the main IoT security standards and guidelines that have been developed by formal standardisation organisations and transnational industry associations and interest alliances to date. The review makes three main contributions to the study of current IoT standards-development processes. First, gov- ernments and regulatory agencies in the EU and the US are increasingly considering the promotion of baseline IoT secu- rity requirements, achieved through public procurement obli- gations and cybersecurity certification schemes. Second, the analysis reveals that the IoT security standards landscape is dominated by de facto standards initiated by a diverse range of industry associations across the IoT ecosystem. Third, the pa- per identifies a number of key challenges for IoT security stan- dardisation, most notably: a) the difficulty of setting a baseline for IoT security across all IoT applications and domains; and b) the difficulty of monitoring the adoption, implementation and effectiveness of IoT security standards and best practices. The paper consequently contributes to a better understanding of the evolution of IoT security standards and proposes a more coherent standards development and deployment approach.