NIST calls again for public consultation about securing small business and home IoT devices using MUD

NIST (National Institute of Standards and Technology’s) and its National Cybersecurity Center of Excellence (NCCoE) published for the second time a draft practice guide NIST Special Publication 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD), for public comment. The guide demonstrates how to use MUD to reduce IoT devices’ vulnerability and the potential for harm from exploited IoT devices. The MUD architecture was introduced this last March by the Internet Engineering Task Force (IETF) and is designed to make sure IoT devices conduct themselves only as intended by their manufacturers. The guide itself details four possible MUD implementations that demonstrate how IoT device developers, network equipment developers, and service providers who employ MUD-capable components, can integrate and use MUD and other tools to satisfy IoT users’ security needs. The guide can help the following: (1) organizations that wish to protect their internet availability and performance against network-based attacks; (2) IoT device manufacturers that can use MUD to defend themselves from reputational damage that may result from their devices being exploited to support DDoS; (3) service providers that wish to reduce the number of IoT devices that can be used by malicious actors to participate in DDoS attacks against their networks and the service they provide for their customers and finally (4) users of IoT devices which can use MUD-capable products to defend their internal networks from being subverted by malicious actors. The deadline for public comments is January 21, 2020, and the draft practice guide is scheduled for release in 2020. The previous draft was released last April.