This blog post has been reproduced by kind permission of Tara Seals and originally appeared here on Infosecurity Magazine. It references an independent survey from IOActive which illustrates widely held concerns on the lack of a security first approach (an IoTSF axiom). Nearly half (47%) of all respondents in the IOActive Internet of Things Security Survey distrust the
Here at IoTSF our mission is to unite the efforts of diverse IoT stakeholder groups to raise the bar on security. That's a truly noble and worthwhile cause - and it's also a mighty tall challenge too. It's such a huge task, that we can only meet our vision of safety of connection by working with
Launches 5 priority Working Groups Release Date: May 12 2016 The IoT Security Foundation (IoTSF), a non-profit member organisation established to raise the quality of security across IoT, has announced the formation of a number of working groups as it promotes the concept of the Supply Chain of Trust. Security is often considered in
In 2012, the World Economic Forum published a research report titled “The future of manufacturing: opportunities to drive economic growth [ref 1]. The development and adoption of the Internet of Things (IoT) is a critical element of smarter manufacturing. The next wave of manufacturing with IoT enabled systems is referred to Industrie 4.0, which
The IoTSF Plenary Chair Role is Key for Progress: Since we launched The Internet of Things Security Foundation last September, we have been widely welcomed by industry, stakeholder groups and press around the globe. This is because of the growing realisation that the expanding universe of connected devices and systems provides not just a
It is an interesting question to ponder - outside the closed industrial systems yet within an eco-system of products and services, who owns the security? And who is liable? What responsibilities should suppliers, integrators... users have? We gave Prof. Paul Dorey the challenge of speaking about the security challenge in IoT at the December 2015
Does the data need to be audited? So far in the IoT Security principles blog series we have looked at the architecture of devices, data privacy and trust, making sure that data gets to where it needs to be and on time, controlling access to devices, software updates and the transfer of ownership of devices.
Will ownership of the device need to be managed or transferred in a secure manner? This penultimate blog in the IoT Security principles series, addresses transfer of ownership and how to manage that in a secure manner. Many IoT devices will change ownership at some point in their lifetime. To preserve the security of
Is it necessary to update the software on the device? The last blog in this series was about restricting access to a device. This one provides some high level principles about software updates. If a device is running out-of-date software, it may contain unpatched security vulnerabilities. Such vulnerabilities may allow exploitation of the device
Is it necessary to restrict access to or control of the device? In part four of the blog series on principles for IoT security, we look at general requirements in order to help prevent unauthorised access or control. If an attacker gains control of the device they may be able to access sensitive data,
