One of the clearest indications of the lack of maturity in the IoT space is the inability for most devices (and ecosystems) to produce basic logging events.
Without logging events you can’t do detection and response. And without detection and response you can’t have security.
It’s a problem.
To that end I’ve just created a sub-project within the overall OWASP IoT Security Project, called the OWASP IoT Logging Project.
The project aims to give people a starting point for minimum logging on IoT-related systems. That means consumer devices, enterprise devices, and even ICS/SCADA.
It’s based on detection points from the excellent AppSensor Project, but I added a number of IoT-specific categories, such as handling enrollment issues, dealing with device tampering, etc.
Again, it’s early but I think functional already—even if you don’t use every event type. We simply need to start logging, capturing those logs, parsing them, and responding. It’s nothing less than foundational for any security program, and IoT is about to be a major part of that.
- The way Craig Smith and I run the project is as a collection of sub-projects, so if you are interested in running one on a particular topic, let us know.