Skip to content
Notes by Max Knyazev

Automatic translation from Russian to English. It may contain inaccuracies.

Posts

🧠 When we talk about the security of the Internet of Things, most people think about use…

October 16, 2025 at 7:54 PMMax Knyazev is typing…Telegram mirror
🧠 When we talk about Internet of Things security, most people think about users: “set strong passwords”, “update firmware” and all that.

But at the end of September NIST ( US National Institute of Standards and Technology ) has rolled out an updated draft of the NIST IR 8259r2: Foundational Cybersecurity Activities for IoT Product Manufacturers - and it says very clearly: IoT security should start at the manufacturer's side, and not when the user first turns on the device

And, honestly, I couldn’t pass by this document. Because it describes exactly what I myself constantly say: you can’t just make a “smart light bulb” that connects to Wi-Fi and consider that the mission of the developer-manufacturer is over 😏

NIST proposes an approach in which the device must be more than just “secure” ( that is, protected ), and securable - that is, one that can be protected and its risks managed. This is already philosophy. The manufacturer is obliged to think through not only how the device will work, but also how it will be updated, what will happen to it after 5 years and how to safely remove it from service

A new section of the document even included an activity called Support Product Cybersecurity through End-of-Life. Simply put, now the manufacturer is obliged to think about how to “bury” their device so that it does not become part of another botnet when it stops receiving updates

NIST emphasizes that vendor-user interaction is not an option, but part of security. The manufacturer must be honest about what risks the product has, how long it will be supported, and what will happen when support ends. 😅

The document echoes other NIST initiatives ( SP 800-37, SP 800-53, IoT Core Baseline, SSDF ) and essentially combines the best cybersecurity practices to suit the needs of IoT manufacturers

And this is an important step. Security is no longer something that is “thrown in at the end.” It becomes part of the process - from idea to disposal

🤌 If manufacturers actually start following these guidelines, we might stop reading news like “smart kettle has become part of a botnet” or “surveillance cameras used for DDoS attacks.”

And right now the document can be read on the official NIST website. I highly recommend it if you are interested in the topic of IoT not only as “smart gadgets”, but also as an entire ecosystem where security finally ceases to be secondary 🙂

#Internet_of_things #information_security
Open original post on Telegram

Connection graph

How this work connects to others

No explicit connections have been configured for this work yet. You can still open the full graph or the timeline of all works.

Hover over a line to see what connects one work to another.

Use the mouse wheel to zoom the graph and drag it like a map.

Post
100%
🧠 When we talk about the security of the Internet of Things, most people think…. Open work

Discussion

Comments

Comments are available only to confirmed email subscribers. No separate registration or password is required: a magic link opens a comment session.

Join the discussion

Enter the same email that you already used for your site subscription. We will send you a magic link to open comments on this device.

There are no approved comments here yet.