NIST highlights RFID risks

Guidance for Securing Radio Frequency Identification (RFID) Systems

A draft publication from the National Institute for Standards and Technology highlights some of the security and privacy risks associated with radio frequency identification technology.

Some of the risks involved can be serious. The threat can extend from the RFID tags to central databases on an agency's network, according to the report. But NIST experts are not trying to scare agencies from using the technology.

"Like any new technology, RFID presents new security and privacy risks that must be carefully mitigated through management, operational, and technical controls in order to realize the numerous benefits the technology has to offer," the report states.

One danger is that an unauthorized user with a RFID reader, which is also called an interrogator, could gather information about the contents of a container, making it easier to decide what to steal. So agencies need to decide how much information to include on the tags and how to protect it.

Even if a tag contains nothing more than identifier, it can reveal more than agencies realize. For example, observers could monitor tagged materials as they arrive at their destination, giving them information about the quantity of tagged products. “Adversaries could obtain valuable intelligence from the mere existence of a tag,” the report states.

There is greater danger if an RFID system is tied to a back-end database. An intruder could use the interrogator as a back door to that database, if it has not been properly secured with access controls, password-protection and cryptography.

But these and other dangers can be addressed, according to NIST. "When practitioners adhere to sound security engineering principles, RFID technology can help a wide range of organizations and individuals realize substantial productivity gains and efficiencies," the report states.

The guidance is intended to help current and future RFID users understand those risks and the best-known safeguard, according to the report.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected