Keep staff up to date on how researchers and real-world adversaries have compromised IoT devices and systems. This will help to drive responsive and adaptable defense in depth approaches to system design, as engineers conceptualize the myriad ways that others have broken into these systems.
Sources of information on the latest threats and cybersecurity alerts include the following:
- Automated vulnerability management from NIST: The National Vulnerability Database (https://nvd.nist.gov/)
- General cybersecurity alerts: The US Computer Emergency Readiness Team (US-CERT) (https://www.us-cert.gov/ncas)
- Industrial control system threat information: The Industrial Control System Cyber Emergency Response Team (ICS-CERT) (https://ics-cert.us-cert.gov ...