Internet of Things Working Group

Fill out the form below to view this webinar!

Introduction to the Internet of Things Working Group

ITU-T Y.2060 defines the IoT as a “global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies.” ITU-T Y.2060 also defines a device in the context of the IoT, as a “piece of equipment with the mandatory capabilities of communication and the optional capabilities of sensing, actuation, data capture, data storage and data processing.”

Although within this definition of the IoT there is a significant focus on the edge devices, services offered by or through the cloud play just as important a role in the successful implementation of IoT capabilities. These services include data collection, brokerage and storage, data analytics, inventory management, sensor management, visualization services and monitoring, as well as device relationship management. Additional cloud services will continue to sprout up as new ways of taking advantage of the IoT are thought through and autonomous relationships are built between today’s web services and IoT device middleware.

These complex systems require security controls be considered at each stage in their life-cycle and require that the supply chain of components that make up an IoT implementation are all designed and developed using security best practices. The Cloud Security Alliance IoT Working Group focuses on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations.

Download the Internet of Things Working Group Charter


Scope and Responsibilities

The working group is chartered to research the following areas:

  • Analysis of IoT implementation use cases in various industries
  • Best practices for securing IoT implementations
  • Mapping of IoT security controls to the Cloud Controls Matrix (CCM)
  • Identifying threats to IoT devices and implementations
  • Identifying gaps in standards coverage for IoT security
  • Identifying gaps in technology solutions for IoT security
  • Research into new methods for securing the IoT
  • Coordination with other CSA Working Groups and with external security organizations to de-conflict and jointly define cyber security controls for the IoT
  • Securing cloud infrastructure and services that support the IoT
  • Securing edge devices to remove the threat of follow-on compromise to the enterprise
  • Solutions for auditing, identity and access management, authentication, inventory management, privacy and risk management of the IoT


  • 24 July – Cheat Sheet: Identity and Access Management for IoT Devices
  • 14 August – Checklist for Secure IoT Device Development
  • 28 August
    • Analysis of Hardware Security Options for the IoT
    • Cheat Sheet: Auditing the IoT
  • 18 September – Security Guideance for Smart Retail: SMART Retail include new services such as proximity advertising, smart fitting rooms/mirrors, intelligent vending machines, automated check-out, inventory management, etc.
  • 2 October – IoT Security Guidance Inputs for the Cloud Control Matrix (CCM)
  • 19 October – Security Guidance for Smart Cities: SMART CITIES include next generation services that support connected living. Use cases include intelligent parking, pollution monitoring, efficient public transport (e.g., light priority), efficient lighting, etc).
  • 16 November – Security Guidance for Smart Health: SMART Health includes tele-medicine/ tele-surgery, implantable medical devices, smart bedsides, intelligent pill caps, remote and continuous monitoring, and many more capabilities that will enhance patient health.

Internet of Things Working Group Leadership

Internet of Things Co-chairs

Brian Russell

Brian Russell

Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos ( He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of high assurance cryptographic key management systems. Brian is the Chair of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group and serves on the Editorial Panel of the Center for Internet Security (CIS) 20 Critical Security Controls for Effective Cyber Defense. Brian also supports the Federal Communications Commission (FCC) Cyber Security Working Group and is a contributor to the Securing Smart Cities Initiative. Twitter: pbjason9

Internet of Things Working Group Initiatives

Please contact Internet of Things Working Group Leadership for more information.

Want to contribute to the Internet of Things Working Group?

Fill out the form below to join today!


Having read and understood the CSA’s Privacy Policy,

I specifically consent to receive marketing messages via the following channels:

Indicates a required field.

If you experience trouble using this form, please submit the information here.

Thanks for your interest!

Your request to join Internet of Things has been recorded. Someone will be in touch with you soon with more instructions.

Internet of Things Working Group Downloads

IoT Firmware Update Processes

Description: The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software.

Release Date: September 20, 2018

Using BlockChain Technology to Secure the Internet of Things – Chinese Translation

在过去的四年中,技术专家、首席数字官、营销经理、记者、博客作者和研究机构讨论 并 推广了一种新的分布式模型,将区块链技术应用于安全事务处理和存储。国际数据公司 IDC FutureScape 预测,到 2020 年,全球 20%的贸易融资将纳入区块链。

Release Date: August 03, 2018

Using Blockchain Technology to Secure the Internet of Things

Description: In the last four years, technical experts, chief digital officers, marketing managers, journalists, bloggers and research institutions have discussed and promoted a new distributed model for secure transaction processing and storage using blockchain technology. IDC FutureScape predicted that by 2020, 20% of global trade finance will incorporate blockchain.

Release Date: February 13, 2018

Observations and Recommendations on Connected Vehicle Security

The introduction of Connected Vehicles (CVs) has been discussed for many years. Pilot implementations currently underway are evaluating CV operations in realistic municipal environments. CVs are beginning to operate in complex environments composed of both legacy and modernized traffic infrastructure. Security systems, tools and guidance are needed to aid in protecting CVs and the supporting…

Release Date: May 25, 2017

Future Proofing the Connected World

Release Date: October 07, 2016