By Thomas Carter, CEO of True I/O
In the rapidly advancing digital age, the Internet of Things (IoT) has opened up a world of possibilities, transforming how we interact with everyday objects. From smart refrigerators to wearable devices, IoT has become an integral part of our lives, offering convenience and efficiency. However, this convenience comes with an inherent risk - cybersecurity vulnerabilities in internet-connected devices. As the IoT continues to grow, ensuring robust cybersecurity measures becomes paramount. Recently, the National Institute of Standards and Technology (NIST) has taken a significant step forward by launching the consumer IoT product labeling program. As the CEO of True I/O, this program marks an essential milestone, but to maximize its impact, we need to introduce the Universal Communication Identifier (UCIDTM), leveraging blockchain technology.
NIST's consumer IoT product labeling program, also known as the "U.S. Cyber Trust Mark," aims to protect Americans against the cybersecurity risks associated with IoT devices. By enabling consumers to make informed decisions about their purchases, the program establishes cybersecurity criteria for internet-connected devices. The distinct shield logo displaying the Cyber Trust Mark will indicate products that meet these criteria, ensuring more robust cybersecurity measures for consumers.
The proposed baseline product criteria by NIST are indeed commendable. They address crucial aspects such as asset identification, product configuration, data protection, interface access control, software updates, cybersecurity state awareness, documentation, information and query reception, and information dissemination. These criteria lay the foundation for enhancing the security of consumer IoT products. However, we can further strengthen their implementation by integrating the Universal Communication Identifier and blockchain technology.
The Universal Communication Identifier (UCIDTM) is a revolutionary concept that can transform how devices communicate and authenticate digitally. It is a unique identifier for every IoT device, allowing secure and standardized communication across various platforms and networks. By adopting UCIDTM, IoT devices will have a digital fingerprint, making tracking, identifying, and authorizing their interactions with other devices or systems easier.
Blockchain technology, on the other hand, is well-known for its decentralized and immutable nature. It provides a transparent and tamper-proof system, perfect for ensuring the authenticity and security of data exchange in the IoT ecosystem. Integrating blockchain with UCIDTM can create a robust cybersecurity framework for IoT devices, ensuring secure data transmissions and effective enforcement of access control measures.
Combining UCIDTM and blockchain technology offers several advantages for NIST's consumer IoT product labeling program. Firstly, it provides a standardized and interoperable communication protocol that enables seamless interactions between devices from different manufacturers. Secondly, the decentralized nature of blockchain ensures that data breaches or manipulations become highly improbable, safeguarding sensitive information.
Moreover, using UCIDTM and blockchain can enhance incident detection capabilities by allowing real-time tracking of device behavior. Any suspicious activity can be immediately identified, enabling swift responses to potential threats.
The Information Communications Technology (ICT) industry faces significant challenges in ensuring supply chain security, as evidenced by the annual sales of approximately $140B in counterfeit parts. To address this issue, the TIA has initiated the development of the Supply Chain Security 9001 Standard, which aims to improve supply chain security by incorporating proven elements of existing industry-driven standards and adding new requirements specific to modern networks and technologies.
At True I/O, we are a blockchain solution provider focused on developing cross-industry interoperable blockchain-based solutions. In partnership with TIA, our primary goal is to use blockchain to securely record, automate, verify, and ensure the provenance of supply chain security-related data. One of our key innovations is the Universal Communication Identifier (UCIDTM), based on the globally unique 56-bit identification number known as the MEID. The MEID, administered by the TIA, is permanently affixed to mobile station equipment and used for identification and tracking.
By attaching the MEID to a blockchain, we create a globally unique digital token, the UCIDTM, capable of representing any associated physical or digital asset. This tokenization process enhances supply chain visibility and security by including hardware bill-of-material (BOM), software BOM, and software remediation activity. Additionally, our partnership with Rypplzz adds geolocation and geofencing data to the UCIDTM solution, enabling advanced supply chain security and management capabilities based on asset location.
UCIDTM has numerous applications, including automating internal management processes and facilitating information exchange between different stakeholders in the supply chain. For example, vulnerabilities can be automatically detected, recorded, and flagged for action based on specified severity levels. The distributed ledger can also record digital signatures validating initial BOMs, subsequent modifications, and supplier performance data, enhancing security maturity and external provider management.
Our collaboration with TIA has led to the identification of how the UCIDTM can collect key supply chain security measurements, and we plan to demonstrate its application in four specific ICT industry-relevant use cases as part of the SCS 9001 pilot activity:
NIVID IT: Internet of things management for smart city deployments.
ComSovereign: Wireless device deployment and management across US government, military, and commercial networks.
EIM Sensor: Virtual asset management on smart televisions and other light-emitting diode (LED) displays in the Hospitality industry sector.
ComSovereign/VirtualNetCom/Saguna Networks: Edge computing solutions within the Computer industry sector.
As a Certifying Body candidate for the SCS 9001 pilot, TechnoGen will play a crucial role in assuring compliance with the standard and registering firms into the SCS 9001 ecosystem.
NIST's consumer IoT product labeling program is a significant stride toward enhancing IoT cybersecurity. However, to successfully push this standard across the cyber industry, integrating the Universal Communication Identifier (UCIDTM) with blockchain technology is the way forward. This powerful combination will ensure standardized and secure communication among IoT devices and foster a safer digital environment for consumers and businesses. As CEO of True I/O, I strongly advocate for adopting UCIDTM and blockchain technology, revolutionizing the IoT landscape, and paving the way for a safer, interconnected future.