4.5. IEEE

The Institute of Electrical and Electronics Engineers (IEEE) Standards Association has various programmes on security standards in verticals, including critical infrastructure, power, consumer and healthcare, plus IoT framework standards.

This is a listing of some of the cybersecurity standardisation activities which are currently ongoing or published within the IEEE-SA. A prefix “P” in front of the number indicates that it’s an active working group, currently developing the standard; in many situations, the P standard will also have a published version, as the work on the next revision is ongoing.

IoT Framework Standards focused on Security

• IEEE 2413-2019, Standard for an Architectural Framework for the internet of things
• IEEE P2994: Standard for Security Assessment Framework for the internet of things (IoT) Application Deployments

 Healthcare/Wearables/Consumer:

• IEEE 11073 Series of Standards: IEEE 11703 has one part on cybersecurity for medical devices under the P11073-40101 – IEEE Draft Standard – Health informatics – Device interoperability – Part 40101: Cybersecurity – Processes for vulnerability assessment IEEE P1912: Standard for Privacy and Security Architecture for Consumer Wireless Devices
• IEEE 2621 Working Group: Standard for Wireless Health Device Security Assurance 

There are 3 standards within this framework 

• IEEE P2621.1: Standard for Wireless Diabetes Device Security Assurance: Product Security Evaluation Program
• IEEE P2621.2: Project Title: Standard for Wireless Diabetes Device Security Assurance: Protection Profile for Connected Diabetes Devices
• IEEE P2621.3: Project Title: Standard for Wireless Diabetes Device Security Assurance: Guidance for Mobile Devices

• IEEE PHD (Personal Healthcare Devices): Cybersecurity Standards Roadmap – Whitepaper
• IEEE SA Pre-Standards Workstream Report: Clinical IoT Data Validation and Interoperability with Blockchain – White paper
• IEEE P2933: Standard for Clinical Internet of Things (IoT) Data and Device Interoperability with TIPPSS – Trust, Identity, Privacy, Protection, Safety, Security 
• IEEE 2410-2020: IEEE Standard for Biometric Privacy 
• IEEE P2418.6: Standard for the Framework of Distributed Ledger Technology (DLT) Use in Healthcare and the Life and Social Sciences 

Energy/Smart Grid

• IEEE C37.240-2014: IEEE Standard Cybersecurity Requirements for Substation Automation, Protection, and Control Systems 
• IEEE 1686-2013: IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities 
• IEEE P2030.102.1: Standard for Interoperability of Internet Protocol Security (IPsec) Utilised within Utility Control Systems 
• IEEE P1711: Standard for a Cryptographic Protocol for Electric Power System (EPS) Communications Links 
• IEEE P1711.1: Standard for a Cryptographic Protocol for Cybersecurity of Substation Serial Links: Substation Serial Protection Protocol 
• IEEE P2658: Guide for Cybersecurity Testing in Electric Power Systems 
• IEEE 802.15.4-2020: IEEE Approved Draft Standard for Low-Rate Wireless Networks
  • The IEEE 802.15.4 protocol is used in smart grid applications (smart metering) and has several security features such as access control, frame integrity, and confidentiality
• IEEE SA has also initiated some key work on blockchain focused around energy
  • IEEE P825: Guide for Interoperability of Transactive Energy Systems with Electric Power Infrastructure (Building the Enabling Network for Distributed Energy Resources) 
• IEEE P2418.5: Standard for Blockchain in Energy 

• IEEE 692-2013: The IEEE Standard for Criteria for Security Systems for Nuclear Power Generating Stations, developed by WG 3.2 – Security Systems Working Group addresses security system equipment for ‘detection, assessment, surveillance, access control, communication, and data acquisition’.
• The numerous IEEE smart grid systems standards include a number focused on security, e.g. IEEE C37.240-2014 – the IEEE Standard Cybersecurity Requirements for Substation Automation, Protection, and Control Systems and the IEEE 1686-2013 – the IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities developed by WGC1 – Substations Working Group C1.

FinTech:

• IEEE P1940: Standard Profiles for ISO 8583 authentication Services 

o   IEEE P1940 is mainly focused around financial transactions (e.g. point-of-sale (POS), automated teller machine (ATM) cash withdrawal transactions, etc.) Such services include biometric authentication (as defined by IEEE Std. 2410), PIN-based, Fast Identity Online (FIDO), and One-Time Password (OTP) and Time-based OTP (TOTP) authentication methods including risk and presentation attack defence (PAD) measures

Mobility/Automotive:

• IEEE P1609.2: Standard for Wireless Access in Vehicular Environments-Security Services for Applications and Management Messages  

Software:

• IEEE Computer Society Cybersecurity and Privacy Standards Committee 
• IEEE 1619 series on crypto protection for storage devices:
  • IEEE 1619-2018: the IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices 
  • IEEE 1619.1-2018: the IEEE Standard for Authenticated Encryption with Length Expansion for Storage Devices
  • IEEE P1619.2: Standard for Wide-Block Encryption for Shared Storage Media 
  • IEEE P2883: Standard for Sanitising Storage 
• IEEE 1667-2018: IEEE Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices 
• IEEE P2986: Recommended Practice for Privacy and Security for Federated Machine Learning (C/AI)
• IEEE P2994: Standard for Security Assessment Framework for IoT Application Deployments (COM/Mobile)

 IEEE 802 standards:

• The IEEE 802.1AE standard defines a Layer 2 security protocol called Medium Access Control Security (MACSec) that provides point-to-point security on ethernet links between nodes for securing wired LANs.
• IEEE 802.11 standard also includes security features: Service Set Identifier (SSID) which is used to control access to an Access Point (AP), the Access Control List (ACL) to prevent unauthorised access, and the Wired Equivalent Privacy (WEP) protocol
• IEEE 802.11bh: Operation with Randomised and Changing MAC Addresses (LAN/MAN)
• IEEE 802.11bi: Enhanced Service with Data Privacy Protection
• IEEE 802E: Privacy considerations for IEEE 802 Technologies

The IEEE Standards on Blockchain:

• The IEEE has about 30–40 standards focused in the area of Blockchain, some of which are highlighted as part of the energy and healthcare vertical above
• The IEEE Blockchain & Distributed Ledger Standards Committee
  • The IEEE P3200 series of standards are being developed within this committee focusing on identity, interoperability, and security (there are about 10 standards in the IEEE 3200 series)

IEEE Cybersecurity Industry Connections Programs (Pre-Standardisation):

• IC20-021-01: Meta Issues of Cybersecurity
• IC20-011: IoT Ecosystem Security
• Cybersecurity in the era of Agile Cloud Computing
• IEEE SA submits responses to public open consultations or requests, including NIST policy papers 

4.5.1. How to engage in standards development at the IEEE

The IEEE Government Engagement Program on Standards (GEPS) is a tailored program for government officials. Through the program, government officials can gain strategic insights into IEEE standardisation and members can contribute to discussions at the intersection of technology, standards and policy. Members receive tailored information and resources including bespoke webinars, and bi-lateral consultations with technical and standards experts.The GEPS is free join and there are currently 12 African government bodies participating in the program, including the Ministry of Development of the Digital Economy and Posts Burkina Faso, Ministry of Communication, ICT and Media (MINCOTIM) and Telecommunications & ICT Regulatory Authority (ARCT) Burundi, National Telecom Regulatory Authority (NTRA) Egypt,  National Communications Authority (NCA) Ghana, Ministry of ICT and Innovation (MINICT) and Rwanda Utilities Regulatory Authority (RURA) Rwanda, Ministry of Digital Economy and Telecommunications Republic of Senegal, Tanzania Communications Regulatory Authority (TCRA)  Tanzania, Uganda Communications Commission (UCC) Uganda and Zambia Information & Communications Technology Authority (ZICTA), Zambia.

To enhance engineers’ ability to meet future standardisation requirements, the IEEE Blended Learning (BLP) programme focuses on capacity building. The IEEE BLP offers a comprehensive set of courses on the IoT, EMI/EMC, WiFi, Innovation Management, with the  launch of  cybersecurity training expected.