Print Page   |   Contact Us   |   Sign In   |   Register
From the President


ISSA International President Keyaan Williams

Securing the Internet of Things

The April Journal focuses on security and the Internet of Things (IoT). The articles in this edition discuss the risks, impacts, concerns, and solutions used to secure the IoT in modern enterprises. The role that the security professionals play in IoT security is an important part of the conversation. Developing the right knowledge and awareness is key to managing the unique concerns inherent in the IoT. It is also important to distinguish between the industrial Internet of Things (IIoT) found in industrial environments and commercial IoT developed for traditional enterprises and consumers.

Many security professionals are unfamiliar with the distinction between IoT and IIoT. They are also unfamiliar with the nuances and requirements in IoT that differ from what people normally encounter in a traditional corporate enterprise, data center, or the cloud. As security professionals, we must understand and engage with operations security standards to ensure the risks of industrial and commercial IoT are managed properly in our respective organizations, for example, understanding how Internet-based protocols like Message Queuing Telemetry Transport (MQTT) operate to influence the design of controls and security architectures for IoT.

Numerous studies and analyses show that the cybersecurity skills gap is a growing problem. Most of these assessments focus on traditional enterprise security and overlook the need for skilled operations and industrial control systems (ICS) security professionals. The need is no longer restricted to manufacturing and critical infrastructure verticals. As the IoT continues to permeate modern businesses, the shortage of people who understand and are equipped to manage its security poses a serious risk to safety and operational resilience of organizations across all industries with few exceptions. Failing to understand the foundations of operations security can lead even experienced enterprise security professionals to jeopardize the infrastructure upon which we all depend.

Security professionals can develop a deeper understanding of IoT security by learning the standards for industrial automation and control systems security. For example, "ISA99 outlines standards, recommended practices, technical reports, and related information that define procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance."1 Security practices defined by ISA99/62443 and functional reference models like the Purdue Enterprise Reference Architecture, which establishes logical operating zones based on the functional capabilities of ICS equipment, provide the knowledge required to make the right decisions about managing the risks posed by industrial and commercial IoT.

Security professionals also have many opportunities to engage in person at operations security events and conferences. It is imperative that professionals responsible for managing IoT security attend events that help outline the scope of the ICS security problem and provide meaningful practices and solutions that attendees can apply in their environments. Some of the most mature and successful industrial cybersecurity events include Digital Bond’s S4 events, the Cyber Security for Critical Assets Summit (CS4CA), the SANS ICS Security Summit, and the Industrial Control Systems Joint Working Group (ICSJWG) meetings.

ISSA Has a New Executive Director

Effective April 2, 2018, Marc Thompson will serve the ISSA as our new executive director. Marc brings nearly 20 years of executive management experience to the ISSA. He is best known for managing (ISC)2 during its rapid growth years (2001-2011), leading all the CISSP education efforts, founding (ISC)2 event programs and member publications, and building out the international infrastructure. Marc was also instrumental in the early years of ISSA development, including founding one of the largest chapters (Northern Virginia) and working with ISSA chapters around the world to help build CISSP training programs. Marc will help ISSA complete the transition to self management and will help the association grow substantially over the next few years by increasing membership value through education and improved chapter initiatives.


Thank you,

~Keyaan Williams

1 "ISA99, Industrial Automation and Control Systems Security," The International Society of Automation, 2018 -

Community Search
Sign In
Sign In securely

5/2/2018 » 5/4/2018
ISSA Los Angeles Summit X

ISSA Thought Leadership Series: Why Automation is Essential to Vulnerability Management

ISSA Mid-Altantic Conference

Cornerstones of Trust

Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information