• European Data Protection Supervisor (EDPS)
• Recommendations on the EU’s Options for Data Protection Reform - 27 July 2015
• EDPS Opinion (10p PDF, July 2015)
• EDPS Blow-by-Blow - Recommended Changes to Reform Text (500+p PDF, July 2015)
• EDPS Mobile App on this page! Compares proposed text EU Commission, Parliament, EDPS ...
  
  
• Data Protection Regulation - Details of Reforms ahead 
• Article 29 Working Party (most action)
• Data Protection Regulation - Targeted for 2015 - Wikipedia
• Opinion 8/2014 on the Recent Developments on the Internet of Things  (24p PDF, Sept 2014)
• Data Protection Reform Progress - 24 June 2015
• Data Protection Eurobarometer (2015 Survey Results) 
• Fact Sheet (4p PDF, June 2015)
• Summary (31p PDF, June 2015)
• Full Report (220+p PDF, June 2015)
  
  
• IoT-A Reference Model, part of European Lighthouse Project
• Concepts and Solutions for Privacy and Security (57p PDF, Feb 2012) 
  
  
• Mauritius Declaration on the Internet of Things by Data Protection and Privacy Commissioners (2p PDF, Oct 2014)
• European Union Agency for Network and Information Security (enisa) - IoT and Smart Infrastructure
• Architecture model of the transport sector in Smart Cities (54p PDF, Jan 2016)
• Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations (68p PDF, Jan 2016)

• Security and Resilience of Smart Home Environments (77p PDF, Dec 2016)

• NSIA, Infineon, NXP and STMicroelectronics – Common Position On Cybersecurity (5p PDF), Dec 2016 

• EU Commission's Proposal for a Regulation on Privacy and Electronic Communications, Jan 2017
• 38p PDF Proposal for a Regulation of the European Parliament and of the Council Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC
  
  
• <much more coming - still digging>

Others to watch

• IEEE IoT!
• Internet of Things Ecosystem Study (Reg Req'd 35p PDF, Jan 2015) 
• IEEE Study - WearFit:  Security Design of a Wearable Fitness Tracker (24p PDF, Feb 2016)
• Securing the Internet of Things, IEEE Xplore, Sept 2011 98p PDF)
  
  
• BuilditSecure.ly
   
• I Am The Cavalry
• Five Star Automotive Cyber Safety Framework, (5p PDF, Feb 2015)
• Hippocratic Oath for Connected Medical Devices, (5p PDF, Jan 2016)
• Stanford Secure Internet of Things Project
• OWASP Internet of Things Project (previously IoT Top 10 project)
• DEFCON Presentation discusses new direction (60p PDF)
• IoT Testing Guidance/Methodology (1p PDF)
• IoT Security Guidance (Manufacturers, Developers and Consumer) 
  
  
• Industrial Internet Consortium - Specifically, their Security Working Group 
• Industrial Internet Security Framework  (174p PDF, Sept 2016)
  
  
• Consumer Report's Policy & Action Group - Driver Safety and Privacy Worries
• The Digital Standard Initiative (Consumer Reports)
• The Digital Standard, 48p PDF, Mar 2017
• Github Repository (created for community contributions)
  
  
• Online Trust Alliance Internet of Things Initiative & The Internet Society (ISOC) - IoT Coverage 
• IoT Security & Privacy Checklist (1p PDF, Oct 2016)
• Draft IoT Trustworthy Framework released (5p PDF, Jun 2015)
• IoT category added to Annual Online Trust Privacy Audit & Honor Roll (38p PDF, Jun 2015)
• Consumer Oriented Smart Device Purchase and Setup Checklist (1p PDF, Dec 2015)
• IoT Trust Framework v2.5 (6p PDF, June 2017)
• The Internet of Things Overview - Understanding the Issues and Challenges ...  of a More Connected World
  (50p PDF, Oct 2015)
• Cyber Incident &Breach Trends Report, (11p PDF, Jan 2018)
  
  
• Symantec's IoT area including IoT Security Reference Architecture (Reg Req'd. 20p PDF, 1q2015?)
  
  
• NCC Group - Implementers Guide to Cyber Security for the Internet of Things (40p PDF, April 2014)
  
  
• Cloud Security Alliance Mobile Working Group now has an IoT Activity spun-up (interesting taxonomy in there)
• CSA's Internet of Things Working Group - now a standalone working group?
• Security Guidance for Early Adopters of IoT (50+p PDF, Apr 2015) - Press Release 4/20/2015, 
• Identity and Access Management For The Internet of Things - Summary Guidance (15p PDF, Sept 2015) - Press Release 9/30/2015.
• Future Proofing the Connected World (75p PDF, Oct 2016)
  
  
• International Internet of Things Security Foundation (IoTSF) 
• Initial white paper (Exec Overview HERE):   Insecurity in the Internet of Things (20p PDF, Oct 2015)
• Establishing Principles for Internet of Things Security, (16p PDF, Sept 2015)
• Follow Working Group Activities
• The IoT Security Compliance Framework - Jan 2017, Register via https://iotsecurityfoundation.org/
• IoT Security Compliance Framework Release 2 (Dec 2018, 46p PDF)
  IoT Security Compliance Framework v1.0, 38p PDF 
  Checklist to guide organisations through a security assuring process.
• Vulnerability Disclosure Best Practice Guidelines, 8p PDF  
  What IoT firms should and also, should not do, to manage third party vulnerability reporting.
• The Connected Consumer Products Best Practice Guidelines v1.0, 16p PDF 
  Advice for firms that are bringing IoT class products to market.
• Secure Design Best Practice Guides v1.2.1 (Dec 2018, 17p PDF)
• HOME IoT Security Architecture and Policy Release 1 (Nov 2018, 40p PDF)
• ENTERPRISE IoT Security Architecture and Policy Release 1 (Nov 2018, 37p PDF)
• IoT Cybersecurity: Regulation Ready Nov 2018 - Landscape report
• FULL Version (Nov 2018, 57p PDF)
• Concise Version (Nov 2018, 22p PDF)
  
  
• Consumer Electronics Association (CEA)
• Guiding Principles on the Privacy and Security of Personal Wellness Data (5p PDF, Oct 2015)
  
  
• GSM Association (GSMA) - IoT Security Guidelines, Feb 2016 - Zip File with Full Set
• IoT Security Guidelines Overview Document (40p PDF, Feb 2016)
• IoT Security Guidelines for Service Ecosystem (60p PDF, Feb 2016)
• IoT Security Guidelines for Endpoint Ecosystem (80p PDF, Feb 2016)
• IoT Security Guidelines for Network Operators (30p PDF, Feb 2016)
  
  
• prpl Foundation:  Security Guidance for Critical Areas of Embedded Computing (58p PDF, Jan 2016)
  
  
• The Thread Group
• Thread Commissioning (Authentication) 2.0 White paper (25p PDF - July 2015)
  
  
• ISO
• ISO/IEC JTC 1/SWG 5 - Preliminary Report on IoT (17p PDF, Sep 2014)
• ISO/IEC JTC 1/SC 41 - Internet of Things and related Technologies 
  
  
• oneM2M.org's Standards Initiative -
• Release 1 Specifications, Security in TS 0003 (90+p PDF, Jan 2015)
• Release 2 Specifications (August 2016)
• Security - IoT Security issues. requirements and procedures & Mechanisms (42p PDF,  Aug 2016)
• Security Solutions - Defines security solutions applicable w/in M2M systems (190p PDF, Aug 2016)
  
  
• European Telecommunications Standards Institute (ETSI) - Also part of oneM2M
• Standard for Consumer Internet of Things (IoT) Security (16p PDF, Feb 2019) - Release Note
  
  
• International Telecommunications Union - Internet of Things Global Standards Initiative
• Study Group 20:  IoT and its applications including smart cities and communities AKA ITU-T SG20
• ITU Internet Reports 2005:  The Internet of Things - (Exec Sum Free 25+p PDF), Full Report $$, Nov 2005)
• ITU-T Y.2060 - Overview of the Internet of Things (22p PDF, Jun 2012)
  
  
• International Society for Automation (ISA) 
• ISA99 Working Group's ISA/IEC 62443 Standards on Industrial Automation and Control Systems (IACS) Security 
• Quite a few ISA99 working documents HERE
  
  
• Internet of Things Activity/Cluster
   includes M2M & IoT security Activities - Whitepaper lists security activities (95p PDF, Jun 2015)  
  
  
• Open Connectivity Foundation (PKA Open Interconnect Foundation
• OIC Security Specifications in Larger Spec zip download (Full zip 7M, Security Spec, 95p PDF, Sept 2015)
• OCF Security Specification, v2 PDF Jun 2018
• Related IoTivity Open Source Project - Hafta dig a bit for Security features
• Press Release - OIC Acquires assets of UPnP  (2p PDF, Nov 2015)
• Introduction of the OIC Standard - Presentation (85p PDF, Jan 2016) 
• Name Change, Feb 2016:  OIC->OCF - Open Connectivity Foundation Brings Massive Scale to IoT Ecosystem
• Allseen Acquired, October 2016
• Press Release - AllSeen Alliance Merges with Open Connectivity Foundation to Accelerate the Internet of Things
• Allseen Alliance - Open Source Framework - Data Sheet (2p PDF).  Security High-Level
  
  
• Center for Internet Security (CIS)
• CIS Controls for Effective Cyber Defense V 6.0 - IoT Companion Guide (20p PDF, Oct 2016)
  
  
• IOTA Project (www.iotatoken.com)
• Overview/Article @ http://bitcoinist.net/iota-internet-things-without-blockchain/
• Tangle Whitepaper (25p PDF, April 2016)
  
  
• IETF IoT Security Related - more to weed through
• RFC 7452 - Architectural Considerations in Smart Object Networking, March 2015
• Draft Machine-to-Machine (M2M) Public Key Certificate Format, March 2016
• Interesting proposal for MUD (Manufacturer Usage Descriptors), Article Oct 2016
• IETF DRAFT Manufacturer Usage Description Specification, August 2016 
• The Internet of Things Unchecked, Nov 2016 IETF Journal
  
  
• IoT Alliance Austrailia (IOTAA), July 2016 
• Internet of Things Security Guidelines v1.0 (48p PDF, Feb 2017)
• 2 Workstreams to follow:
• OPEN DATA & PRIVACY
• CYBER SECURITY & NETWORK RESILIENCE
• IoTAA Security Guideline V1.2 (50p PDF, Nov 2017)
• Strategic Plan to Strengthen IoT Security in Australia V4 (16p PDF, Sept 2017)
• Good Data Practice- A Guide for B2C IoT Services for Australia (20p PDF, Nov 2017)
  
  
• W3C 
• June 2016 Presentation "Tackling Data Security and Privacy Challenges for the Internet of Things" 
• Hopefully more to come - watch Web of Things Interest Group
  
  
• Petras Internet of Things Research Hub
• Watch Privacy & Trust and Safety & Security Themes
  
  
• TOR Project
• Interesting:  A Quick, Simple Guide to Tor and the Internet of Things (so Far), July 2016
  
  
• Onvif - IP-based Security Standard
• Whitepapers and Documentation
• Specifications
  
  
• AUTO-ASAC - Automotive Information Sharing and Analysis Center 
• Automotie Cybersecurity Best Practices, July 2016 
  
  
• Smart Card Alliance 
• Internet of Things Security Council
• Also maintains IoTSecurityConnection.com
  
  
• Broadband Internet Technology Advisory Group (BITAG)
• Internet of Things (IoT) Security and Privacy Recommendations (43p PDF) - Press Release, Nov 2016
  
  
• Open Mobility Alliance
• Technical Specs 
• Working Groups 
  
  
• IPSO Alliance - Charter Here
• Security, Privacy and Identity (SPI) Working Group Charter, 2p PDF Jan 2017
  
  
• IoT Design Manifesto from iotmanifesto.com, 1p PDF May 2015
• www.IoTiap.com - Principles, Practices and a Prescription for Responsible IoT Embedded Systems Development, Nov 2016
• Microsoft
• Microsoft Project Sopris 
• Initial paper:  The Seven Properties of Highly Secured Devices, March 2017 (11p PDF)  
• Standards for a highly secure Windows 10 device (includes arm), Nov 2017
  
  
• Google
• ProjectZero - Search for IoT related activities via https://googleprojectzero.blogspot.in/search?q=iot
• Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1), April 2017
• Cloud IOT Core - Secure device connection and Management - (beta, Oct 2017)
  
  
• IoT Privacy Forum - nonprofit think/do tank promoting privacy in world of connected devices
• Full Report: Privacy and the Internet of Things, Oct 2017, 60+ pages, registration req'd
• Clearly Opaque.  Provacy Risks of the Internet of Things, May 2018, 151p PDF
  
  
• IoT M2M Council - The International Journal of IoT Law & Public Policy, April 2018 PR
  "Keep up with government action affecting IoT, worldwide!"
• AT&T - The CEO's Guide to Securing the Internet of Things (24p PDF, Sept 2017)
• BSI UK IoT Committee  "Focusing Privacy, Security, Trustworthiness and Protection"
• Center for Long-Term Cyber Security (CLTC @ UC Berkeley) 
• Privacy and the Internet of Things: Emerging Frameworks for Policy and Design, 28p PDF, June 2018
• AgeLight - IoT Safety Architecture & Risk Toolkit (v3.1, Mar 2019, 8p PDF)
• Council for Securing the Digital Economy (CSDE) - 2018 International Anti-Botnet Guide (48p PDF, Nov 2018)

• IoTPractioner Security resources 
• IoTCommunity - Security Privacy & Trust in IoT Center of Excellence (SPTIoTCoE) 

Training

• IoTSF - IoT Security Training
• Attify - IoT Penetration Testing AND IoT Security Training 
• InfoSec Institute
• IoT Security Awareness
• Mapping the IoT Security Attack Surface 
• TONEX - IoT Security Training Course 
• Independent Security Evaluators (ISE) - Hacking the Internet of Things
• Cisco (partners) - Internet of Things Specialization
• Experfy - Reasonable online training - IoT Training and Certification Track
• Cyber Security for the IoT - Online Training, $99
• Cyber Security for Connected Healthcare - Online Training, $99
• Securing Enterprise Internet of Things Implementations - Online Training, $99
• TÜV Rheinland - Global Center of Competence for IoT Privacy 
• Design New's Continuing Education Center:  Security for the Industrial Internet of Things (IIoT)

Certification

Products/Vendors

F-Secure Sense - Security WiFi Router and Mobile App.  Device+Subscription Availabile in late 2016
Bastille Networks, Inc
• IoT Past, Present, Future Whitepaper (4p PDF 2015)
• Enterprise IoT Security Whitepaper (7p PDF)
CSS - VerdeTTo IoT Security Platform 
BullGuard - Previously known as Dojo Labs (Seems like home IDS) Device+subscription 
• Dojo 'pebble', APP and Intelligence (preorderable)
Gemalto - IoT Security - Device, Cloud and Security lifecycle management
Bitdefender BOX - Home Device Security
Samsung ARTIK Cloud (IoT Development Environment) - Overview.  Device Security Accommodations Here
Mocana - Software Development Platform (Embeddable)
UL - Cyber Security Assurance Program - Announced in April 2016
• UL 2900-1:  Standard for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements, July 2017
• UL 2900-2-1:  Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems June 2016
• UL 2900-2-2: Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 2-2: Particular Requirements for Industrial Control Systems, March 2016
Senrio Sensor - IoT Cybersecurity Sensor - June 2016 Launch
Nokia IMPACT IoT Platform - Securely manage devices 
Claroty Platform - Industrial Controls/Operational Technology
Intel 
• Intel Gateway Solutions for IoT - Product Brief (4p PDF)
• Intel Secure Device Onboard - 4p PDF Product Brief
Microsoft 
• Azure - Internet of Things Security Overview
• Internet of Things Security Architecture
• Microsoft's Project Sopris (also listed in research area below including published works) 
Azure Sphere.  April 2018 Announcement
Arxan 
• Application Protection for IoT and Embedded
SIDN Labs - opensource project called SPIN on Github focusing on Security for in-home Networks
FireFX - Network Guardian Internet of Things (IoT) Cyber-Security Router and Intrusion Prevention System
Neuromesh, interesting IoT Security and Intelligence Platform 
Zingbox, Inc - IoT Guardian "Internet of Trusted Things" - Feb 2017 Press Release
Icon Labs (saw security framework a while ago - added here too)
• Floodgate IoT Toolkit - Developer tools: secure boot, secure software updates, firewall, intrusion detection, MQTT, TLS, and a management agent.
• Floodgate Security Framework (Draft) May 2015
ADI Engineering - MicroFirewall IoT Security Appliance 
Cloudflare Orbit (IoT VPN) added, April 2017 Press Release
Shodan IoT Search Engine
• Malware/BOT Search 
Zvelo IoT Security Sensor, June 2017 Press Release
SecureRF - Security for embedded devices.  Sensors, toolkits and applications
Cisco IoT Threat Defense
Norton Core - Secure WiFi Router for connected home

Avira SafeThings - Router-based Home/Biz IoT Intrusion Prevention - Nov 2017 Press Release
ForeScout - CounterAct - dynamically identifies and evaluates devices and applications as they connect
Indegy - ICS Security and Control solutions
MagicCube - Software Trusted Execution Environment
Centri IoTAS - Standards-based IoT security platform
WISeKey - IoT security / Root of Trust + MegaSync Program 
Trustonic - Device Security and Authentication - Trusted Identities
Ericsson's IoT Security Offering 
Rambus' CryptoManager IoT Security Service
VDOO - IoT Security Platform
Zuul Technology - Industrial IoT Security
Device Authority (PKA Cryptosoft) IoT Security Blueprint.  April 2018 Press Release
ForceShield
• GatewayShield Network protection for OT and IoT
• DeviceShield Embedded Security
Trustonic Solutions for IoT - application class processors as well as resource constrained microcontrollers
Armis See Everything Solution - Agentless device security that instantly protects businesses
Xage - blockchain-protected security platform for Industrial IoT.
Extreme Networks Extreme Defender for IoT  - secure medical and connected devices
VisualThreat Added - Connected Car Security Solutions
Karumba Security - Automotive Security
KudeIski IoT Security Platform - End-to-End Device & Data Protection
SecureThingz - Secure Programming Services, Embedded Trust,  Guardian Product & Secure Deployment
Project Alias - Interesting security for smart speakers, open source

Research/Publications

• Independent Security Evaluators 
• Hacking Hospitals & Securing Hospitals Research Study and Blueprint (70p PDF, Feb 2016)  
• MIT Technology Review
• Cyber Survival Report  includes IoT Insecurity section (High-level, 16p PDF, Feb 2016) Registratio Req'd
• O'Reilly
• Governing the IoT - Free (registration required) e-book, (19p epub, mobi or pdf, Feb 2016)
• Pew Research 
• Report on Privacy and Information Sharing (47p PDF, Jan 2016) - Intro/Summary
• Beecham Research
• IoT Security Study Initial Report:  Executive Summary (3p PDF, July 2014)
• IoT Security Threat Map - 300dpi Image (4p PDF Overview, March 2016)
• Embedded Security for Internet of Things (Ukil, Sen and Koilakonda)
• Adventures in Automotive Networks and Control Units (Miller and Valasek)
• Security Challenges of IP-Based Internet of Things (Heer, Garcia-Morchon, Hummen, Keoh, Kumar and Wehrle)
• Industry Self Regulation of Consumer Data Privacy and Security (Listokin)
• Privacy Mediators:  Helping IoT Cross the Chasm (Davies, Taft, Satyanarayanan, Clinch, Amos) Feb 2016
• BitDefender Research Paper - The Internet of Things: Risk in the Connected Home (16p PDF, Feb 2016)
• Trend Micro Study:  Privacy and Security in Connected Life (50p PDF, March 2016)
• Intel Security's Study:  Smart Homes and the Internet of Things (12p PDF by Atlantic Council, March 2016)
• Berkman Center's Don't Panic report on 'going dark', (37p PDF)
• NSA's reaction letter to Sen Ron Wyden, May 2016
• IoT Privacy and Security Challenges for Smart Home Environments, Lin & Bergmanb, July 2016
• Challenges and Opportunities for SecuringIntelligent Transportation System, Zha, Walker & Wang, Feb 2013
• IoT Goes Nuclear:  Creating a ZigBee Chain Reaction, Ronen. O'Flynn, Shamir & Weingarten (17p PDF)
•  Project Website - with demos
• Mozilla's internethealthreport.org
• Privacy and Security Section  (v1 online, Jan 2017)
  
• IoT Privacy Guide - *privacy not included
• isaca.org
• Risks and Rewards ofthe Internet of Things, 2013 
• Security and Privacy Challenges of IoT Enabled Solutions, ISACA Journal Number 4, 2015
• Ponemon Institute 
• 2017 Study on Mobile and IoT Application Security, 28p PDF, Jan 2017
  
• Medical Device Security: An IndustryUnder Attack and Unprepared to Defend, (35p PDF), May 2017
• University of Michigan IoT Security Research
• Security Analysis of Emerging Smart Home Applications
  Earlence Fernandes, Jaeyeon Jung, and Atul Prakash 
  Security Analysis of Emerging Smart Home Applications (19p PDF) 
  In Proceedings of 37th IEEE Symposium on Security and Privacy, May 2016
• FlowFence: Practical Data Protection for Emerging IoT Application Frameworks
  Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash 
  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks (19p PDF)
  In Proceedings of the 25th USENIX Security Symposium, August 2016
• ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms 
  Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, and Atul Prakash 
  ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms 
  21st Network and Distributed Security Symposium (NDSS 2017), Feb 2017
• Institute for Critical Infrastructure Technology (ICIT)
• Rise of the Machines: The Dyn Attack Was Just a Practice Run, 62p PDF Dec 2016
• Security and Privacy Consideration for Internet of Things in Smart Home Environments,  Desai & Upadhyay, (11p PDF, Nov 2014)
• Industroyer: Biggest threat to industrial control systems since Stuxnet, June 2017
• Duo Labs' Bug Hunting, Drilling into the Internet of Things, June 2017 (31p PDF)
• Internet of Things Security Research:A Rehash of Old Ideas or New Intellectual Challenges?, Fernandes, Rahmati, Eykholt and Prakash,  (5p PDF) July 2017
• Spying on the Smart Home: Privacy Attacksand Defenses on Encrypted IoT Traffic, Apthorpe, Reisman, Sundaresan, Narayanan & Feamster, (16p PDF, Aug 2017)
  
• University of South Wales School of Electrical Engineering:  Inside job - Security and privacy threats for smart-home IoT devices (40p PDF, May 2017)
• KRACK:  Vanhoef & Piessens:  Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (16p PDF, Oct 2017)
• The Internet of Things:Implications for Consumer Privacy under Canadian Law, Trosow, Taylor & Hanam (97p PDF, Oct 2017) 
• Blockchain for IoT Security and Privacy: The Case Study of a Smart Home, Dorri, Jurdak, Kanhere & Gauravaram (7p PDF, Oct 2017)
• Altman Vilandrie & Co. Whitepaper - Are your company’s IoT devices secure?Internet of Things Breaches are Common, Costly for U.S Firms (7p PDF, June 2017)
• Forrester - The State of IoT Security 2018 ($$$, Jan 2018)
• ESET Report - IoT AND PRIVACY BYDESIGN IN THE SMARTHOME (19p PDF, Feb 2018)
• Cyber Security Research Institute - Pinning down the IoT (24p PDF, Jan 2018, sponsored by F-Secure)
• Vodafone - IoT Barometer 2017/18 (36p PDF, Sept 2017)
• DÏoT: A Self-learning System for Detecting Compromised IoT Devices, May 2018
• Princeton's' Center for Information Technology Policy added.  Interesting IoT Inspector project
• BlackIoT: IoT Botnet of High Wattage DevicesCan Disrupt the Power Grid, Princeton. 19p PDF, Aug 2018 
• Personalized Privacy Assistants for the Internet of Things, 2018 IEEE Pervasive Computing: Special Issue - Securing the IoT, Apr 2018, 11p PDF
• Added PrivacyAssistant.org project, focused on user-oriented machine learning techniques
• Ponemon's Second Annual Study on the Internet of Things (IoT): A New Era of Third-Party Risk, March 2018 42p PDF
• Zingbox 2018 Annual Threat Report Medial Devices, 16p PDF
• Web-based Attacks to Discover and Control Local IoT Devices,  Aug 2018, 7p PDF
• Infoblox report:  What is Lurking on your Network, exposing the threat of shadow devices, May 2018, 7p PDF
  
• ACM Proceedings of 2018 Workshop on IoT Security and Privacy
• HighIoT - Token Launch Whitepaper on decentralized storage of IoT behavior profiles for protecting devices, 30p PDF, June 2018
• State of IoT Security Report, DigiCert (8p PDF, Nov 2018)
• Nokia Threat Intelligence Report 2019 (Reg Req'd, 22p PDF, Nov 2018)
• Darkcubed - The State of IoT Security Report (Reg Req'd, Feb 2019)
• Securing the Modern Economy:Transforming CybersecurityThrough Sustainability, Stifel, Public Knowledge (22p PDF, Apr 2018) 
• BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid, Soltan, Mittal, and Poor, Princeton University (19p PDF, Aug 2018)
• Standardisation and Certification of the ‘Internet of Things’. Leverett, Clayton, Anderson (20p PDF, May 2017)
  
• Gemalto - The State of IoT Security – Global Survey Report – Oct. 2017 (16p PDF reg req'd)
  
• Synopsys - State of Fuzzing 2017 (32p PDF, Aug 2017)

• Gartner:  The Connected Home:  Impact on CIOs and Buisness Leaders 
• Rapid7 - Hacking Iot:  A Case Study on Baby Monitor Exposures and Vulnerabilities (17p PDF, Sept 2015)
• ITU & Cisco's Report: Harnessing the Internet of Things for Global Development (60p+ PDF, Jan 2016)
  Relevant discussion beginning on pg 41 - Challenges to the Deployment in Developing Countries
• Symantec's Insecurity in the Internet of Things (20p PDF, Mar 2015)
• TRAPX Anatomy of an Attack - Internet of Things (20+p PDF, Mar 2015) 
• Vericode Internet of Things Research Study - household IoT Devices (Reg req'd 12p PDF, Apr 2015) 
• HP IoT Security Study -  Widely shared: 10 popular devices tested, 70% vulnerable (6p PDF, July 2014)
• Intel/McAfee - 2017 Threats Predictions Report (57p PDF) Nov 2016 
• Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER) added
• Cisco Warns of Actively Exploited DoS Flaw in Security Appliances
  
  
• IoT Related Advisories (Still digging here - need to find a better way!)
• IC3/FBI 
• Alert I-031716-PSA, "MOTOR VEHICLES INCREASINGLY VULNERABLE TO REMOTE EXPLOITS", March 2016
• Alert I-091015-PSA, "IOT  POSES OPPORTUNITIES FOR CYBER CRIME", Sept 2015
• Alert I-071717-PSA, "INTERNET-CONNECTED TOYS COULD PRESENT PRIVACY AND CONTACT CONCERNS FOR CHILDREN", July 2017
• Public Service Announcments
• I-091015-PSA - INTERNET OF THINGS POSES OPPORTUNITIES FOR CYBER CRIME, Sept 2017
• I-101717a-PSA - COMMON INTERNET OF THINGS DEVICES MAY EXPOSE CONSUMERS TO CYBER EXPLOITATION, Oct 2017
• I-080218-PSA - CYBER ACTORS USE INTERNET OF THINGS DEVICES AS PROXIES FOR ANONYMITY AND PURSUIT OF MALICIOUS CYBER ACTIVITIES, Aug 2018
• Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
• Alerts 
• Advisories
• Cert Vulnerability Note 656302:  Belkin Wemo Home Automation Devices (Orig Feb 2014)
• Official Belkin Support - Wemo & Security, fixes, versions & related (Feb 2014)
• Cert Vulnerability Note 796883:  HomeSeer HS2 Web Interface (Orig 2011)
• Cert Vulnerability Note 525132:  Foscam IP camera authentication bypass (Orig Mar 2014) 
• Cert Vulnerability Note 265532:  Multi-vendor IP camera web interface authentication bypass (Orig Oct 2012)
• IOActive:  Petcube Remote Wireless Pet Camera Vulnerabilities (2p PDF, Apr 2015)
• Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems
• FDA Safety Alert, 13 May 2015
• Cert Advisory (ICSA-15-125-01A), 13 May 2015
• Original post @ 0XTech, 28 April 2015
• Cert Vulnerability Note VU#719736:  Fisher-Price Smart Toy platform unauthenticated web API commands
• Cert Alert IR-ALERT-H-16-056-01 - Cyber Attack Against Ukrainian Critical Infrastructure, Feb 2016
• New York City Consumer Affairs Warns Parents to Secure Video Baby Monitors, Jan 2016 
• CERT Advisory ICSMA-16-196-01 - Philips Xper-IM Medical Monitoring System, July 2016
• CERT Advisory ICSMA-16-089-01 - Carefusion Pyxis SupplyStation System . March 2016
• CERT Advisory ICSMA-16-279-01 - Animas OneTouch Ping Insulin Pump Vulnerabilities, Oct 2016
• CERT/NIST Vulnerability Summary for CVE-2016-6452 - Cisco Prime Home Authentication Bypass 
• CERT/NIST Vunerability Summary for CVE-2016-6408 -  Cisco Prime Home Web-Based User Interface 
• CERT Advisory ICSMA-17-009-01 - St. Jude Merlin@home Transmitter Vulnerability, Jan 2017
• CERT ICS-ALERT-17-102-01A - BrickerBot Permanent Denial-of-Service Attack, April 2017
• CERT Alert (TA17-293A) - Persistent Threat Activity Targeting Energy & Critical Infrastructure Sectors, Oct 2017
• CERT/NIST Vulnerability Summary for CVE-2018-10987 - Dongguan Diqee Diqee360 vacuum cleaner remote code execution vulnerability, July 2018
• CERT/NIST Vulnerability Summary for CVE-2018-10988 -  Diqee Diqee360 devices execute code, without a digital signature, as root, July 2018

IoT Security News

Revision History