Tom Anderson
Principal Technologist, ATIS



ATIS is developing an overall industry cybersecurity framework focused on the needs of the ICT industry. The work started by documenting the baseline of the current cybersecurity landscape, including existing ATIS initiatives and NIST/U.S. government cybersecurity frameworks and guidelines. From there it analyzed the expected threat landscape over the next three years.
Two reports have been published: 1) an Architectural Risk Analysis (ARA) Process for Security; and 2) an overview of IoT/M2M Cybersecurity activities and progress. ATIS is now building upon its new ARA process to allow systematic analysis of threats to new or existing service solutions and to develop appropriate risk mitigation. Determining priorities, testing strategies and aids for other steps in the solution production process have been defined.

The ARA process is being applied in a detailed analysis of IoT network-based security starting from a standard IoT network model. This work will identify specific functional use cases, associated abuse cases and threat models. It also will provide mitigation options and a technical risk analysis. Our detailed assessment is intended to provide both insight into effective security measures for IoT, as well as an excellent model that can be used by operator and vendor network solutions development organizations to assess the solution’s security risks.