New NIST working group born out of IoT complexities

David Wollman, deputy director of NIST’s Smart Grid and Cyber-Physical Systems program office says things are changing so fast that it’s been difficult to discern concrete standards for the greater IoT ecosystem to use.

Given that tens of billions of “things” will be connected to the Internet by 2020, it’s probably worth setting out some standards on how these devices and their digital architectures will work together. 

That’s been the task of several people at the National Institute of Standards and Technology over the past few years as the Internet of Things — also referred to as cyber physical systems — has begun exploding in popularity. 

However, David Wollman, deputy director of NIST’s Smart Grid and Cyber-Physical Systems program office says things are changing so fast that it’s been difficult to develop concrete standards for the greater IoT ecosystem to use. 

Wollman spoke about NIST’s efforts at an American Bar Association event Thursday, outlining how parties from academia, industry and government have all pitched in as the standards agency looks to finalize a new framework. 


NIST released a draft framework for cyber-physical systems last September, which is meant to create some common vocabulary and best practices for how everything from connected cars to fitness trackers is architected and built to communicate with one another. 

“What we’ve learned in this is very important to be able to cover many different domains,” Wollman said, referring to things like smart transportation, manufacturing and energy grid systems. “You not only want a system to work, you want it to work together with other infrastructures. If you have your smartphone in your car, you want them to pair up and help you do something.” 

The complexity surrounded these systems has kept the framework in what Wollman called the “very early stages” despite being released in draft form. 

With the complexity of these systems comes a heightened amount of risk. Wollman said every IoT system — and the users — will to have to balance security, privacy, safety, resiliency and liability.

“Usually [those categories] are siloed,” he said. “What we’ve realized in developing this framework is that its really going to be the interactions between those groups that are important. It’s not going to be sufficient to do a separate security analysis and then have a separate safety analysis. 


“There are places where you need to understand where those two are linked.” 

Yet even has the final framework is delayed, NIST is using its own in-house programs to gather further input. 

A number of standards agencies have come together with NIST to form a new working group that will develop standards for IoT-enabled smart cities, using the projects created during the agency’s Smart City challenge. 

“Here the goal is not to develop anything new,” Wollman said. “We are very cognizant that there is already a lot of activity going on. What we want to do is look at the deployed field of architectures in smart cities. When you have a city where multiple architectures are going to pop up, you need to have an understanding of how they will possibly work together.” 

The group, which consists of the American National Standards Institute, FIWARE and the U.S. Green Building Council among others, will work to eliminate interoperability barriers and coalesce around standard architectural design for smart city systems. That work will eventually makes it way into NIST’s own framework. 


Wollman went on to say that figuring out how all these things work together, as well as how they work with the people that are planning to use them, is crucial to further the use of IoT. 

“If you are doing analysis, you can measure one system and put it right next to the analysis of another system, look at how you’ve understood the systems and by figuring out how they treated the human element, you’ll be able to understand those two systems can be linked together or if any additional things need to happen.”

Contact the reporter on this story via email at, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here:

Latest Podcasts