The IoT Security Foundation Conference
The world’s longest-running conference dedicated to IoT cybersecurity.
IET, London | 23rd October 2024
This year’s one-day event takes place on 23rd October and we return to the modern majesty of the IET, London.
The Annual IoTSF Conference has built a loyal global following from the IoT stakeholder communities and is renowned for delivering high-quality conference programmes and this is the 10th Annual Conference.
Advances in quantum computing and the democratisation of AI/ML in recent years have added more threats, yet have also given us more tools to use in our defences. New approaches such as zero trust and continuous assurance processes continue to evolve. Getting the basics right with training, certifications and audits continue to be trusted staples.
Our theme is therefore…
IoT Security: Past, Present and Future.
Register for the 10th Annual IoT Security Foundation Conference
We’re pleased you’ve decided to join us
Here are a few details about your registration for this event…
Frequently asked questions
What’s included with the ticket?
Ticket price includes a full conference day pass, refreshments, buffet lunch and drinks reception.
Member ticket: What if I’m unable to attend?
We know that plans can change! If you cant make it to an event – to help manage our costs – please let us know as soon as possible, no less than 7 days in advance. If you fail to attend the event without prior notice, we reserve the right to invoice your company for the full cost of a non-member ticket. Thank you for understanding.
Non-Member / Professional Member ticket: Refund Policy
Refunds will be given for cancelled tickets up until 7 days before the event. Refund amount will be the original ticket price minus administration fees. Tickets purchased within 7 days of the event are non-refundable.
If I cant attend, can someone go in my place?
Yes, just email us the details to [email protected].
Terms and Conditions / Privacy Policy
By signing up to this event you are agreeing to our Privacy Policy and our Terms and Conditions.
Register on Eventbrite HERE
SPEAKER
AI Risks and Rewards: Calculus for the Future
Apostol Vassilev
Research Manager, Computer Security Division, NIST
SPEAKER
IoT Tech Abuse – Protecting At-Risk Communities
Dr Leonie Maria Tanczer
Associate Professor, University College London (UCL)
SPEAKER
Evolving Threats and Evolving Defenses for XIoT in Critical Infrastructure
Toby Wilmington
CEO, qomodo
SPEAKER
Securing the Future: Harnessing the Power of Ecosystems in IoT Security
Darron Antill
CEO, Device Authority
SPEAKER
International: Key lessons and takeaways from Internet of Things Cybersecurity Standards, Legislation, Product Certifications and Cybersecurity Labelling Schemes (CLS)
Matt Tett
Subject Matter Expert (SME), IoT Security Mark P/L
SPEAKER
Hardware based security for advanced threat detection and mitigation
Rasadhi Attale
Senior Hardware Engineer, Siemens
SPEAKER
Securing the Decentralized Future: Open and Auditable Hardware
Security for IoT Ecosystems and Web3
John Sirianni
CEO, Tropic Square
SPEAKER
Implementing Cross Domain Security Patterns for IoT
Phil Day
Director of Engineering, Configured Things
SPEAKER
Reading the R-IoT act – responding to an IoT incident
Jennifer Williams
Director of IT and Operations, Secarma
SPEAKER
Why does my TV still think it is a fridge?
Jonathan Marshall
Founder, SafeShark
SPEAKER
How secure is your IoT device? – Indispensable ingredients for a secure IoT product!
Andrew Bott
Principal Security Architect, IAR Systems AB
SPEAKER
From Risk to Return: A Two-Part Framework for Prioritising and Measuring Security Investment Returns
Kay Ng
Managing Director, CyberAnalytics
SPEAKER
What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats
David Ihrie
CTO, Virginia Innovation Partnership Corporation (VIPC)
SPEAKER
What Things Are Really on Your Network?
Trusted IoT Onboarding and Lifecyle Management
Paul Watrobski
IT Security Specialist, NIST
SPEAKER
10 Rules to Build Unsecure Embedded Systems
Stephan Janouch
Technical Marketing Director, EMEA, Green Hills Software GmbH
SPEAKER
Where is your weakest link? Observations from teaching Embedded System Security
Dr Des Howlett
Senior Member Technical Staff , Doulos Ltd
SPEAKER
Building Secure IoT Products from the Ground Up
Zahra Khani
Principal Product Manager for IoT Security Assessment, Keysight Technologies
PANELIST
Antoinette Hodes
Global Solution Architect & Evangelist, Check Point Software Technologies
As a not-for-profit organisation, we welcome your interest and support for the conference. We have a number of sponsorship opportunities on offer which help us to cover our costs.
Sponsoring IoTSF’s 2024 Conference will deliver a number of promotional benefits for your organisation whilst contributing to our shared mission to build secure, buy secure and be secure.
Why Sponsor?
The IoTSF Annual Conference attracts a wide range of stakeholder groups and decision-makers throughout the event lifecycle – in the build-up, during the event itself, and once the event has taken place and provides the perfect environment to not only promote your brand, but to build lasting relationships with customers and get to know other businesses:
- Build reputation & increase brand visibility
- Unique access to our IoT Security community and stakeholders
- Lead generation & sales
- New business partnerships
- Strengthen relationships with existing customers – most of our packages include guest passes and can be added to other sponsorship options on request
- Post-conference networking – a drinks reception accompanies the conference.
Agenda
We are currently building our agenda but, for the moment, click on an image to find out more about our speakers. Note that details are subject to change.
08:30 | Registration / Exhibition | ||||
09:30 | Opening Plenary Session: IoT Security: Past, Present, Future | ||||
The opening plenary session sets the stage for the rest of the day, exploring the cutting edge of IoT cybersecurity, AI and emerging themes. Following the welcome address, we will have two keynote talks that look at the emerging innovation and technology future. We will also take a look at what is in store for the IoTSF and its members with insights from the Executive Steering Board via a panel session taking the theme of the conference: IoT security – past, present and future. This plenary session promises to equip attendees with a comprehensive understanding of the cybersecurity landscape, setting the context for the specialized tracks that follow. Attendees will not want to miss this opportunity to gain valuable insights from industry leaders and connect with fellow professionals at the forefront of IoT security. |
|||||
11:00 | Break | ||||
Kelvin Lecture Theatre | Turing Lecture Theatre | Watson-Watt Room | |||
11:30 | Track 1 | 11:30 | Track 2 | 11:30 | Track 3 |
The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks | IoT Foundations of Trust: Secure by Design | The CISO Journey: From Coax to Resilience | |||
This session explores the evolving landscape of IoT security through keynote talks from leading business and technical experts. On the business side, we discuss the shift from isolated security solutions to collaborative, ecosystem-based approaches in securing IoT devices. Attendees will also learn about supply chain integrity for IoT and AI systems, including innovations for creating operational and trusted bills of materials.
New developments in the evolution of the IoT Security Foundation’s popular security assurance framework will be announced and we will explain its transformation from a developer checklist to a corporate reference for automating audits and certification. We also highlight the recent and important work from NIST on IoT Device Onboarding and Lifecycle Management which addresses real-world trust challenges across enterprise, industrial and consumer networks. Join us to understand the collaborative future of IoT security and its practical implications. |
This session explores contemporary cutting-edge approaches to building security into IoT devices and systems from the ground up. Experts will outline the essential elements for secure IoT products and also look at solutions for decentralized and autonomous IoT applications, examining how to leverage hardware security modules to protect vehicle-to-everything (V2X) communications. We will also delve into the critical role of true randomness in cryptography with a focus on preparing for emerging AI and quantum computing threats. Attendees will gain practical insights into implementing robust security measures at the hardware and system level to create resilient IoT systems. |
In this session, we look at how cyber security has changed over the last 20+ years from the CISO perspective. Where once upon a time all they worried about were operating systems, printers, memory sticks and shadow IT. But soon every new technology became shadow IT, with mobile phones, ipads, social media, cloud services, etc. This session will explore how CISOs started from overseeing information security, which included computers, users, the network, etc. to today, where they have to view things from an enterprise cyber resilience perspective. Does this really mean that there is nothing that they can rule out from having to provide guidance on or be responsible for? These and many other questions will be explored with our expert panel who will provide perspectives of what cyber resilience means to them in their daily world view for an enterprise. |
|||
13:00 | Lunch / Exhibition / Networking | ||||
14:00 | Track 4 | 14:00 | Track 5 | 14:00 | Track 6 |
The Practice of IoT Security: From Breach Response to Threat Anticipation | The Business of IoT Security: Mastering the Economics | Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future | |||
This illuminating session equips IoT security practitioners with actionable strategies to tackle current and emerging challenges. Attendees will learn effective breach response protocols for when things go wrong, techniques for anticipating threats in newly connected OT domains like critical infrastructure and healthcare, and methods for applying cross-domain architectural principles to enhance security in the industrial Internet of Things (IIoT). The session also includes best practices for comprehensive testing of products with diverse supply chain components. Through expert-led talks and interactive discussions, participants will gain valuable insights to strengthen their organization’s IoT security posture. |
In this session we look at security through the economics lens – how can security help us win in business? What do we need to know beyond the technical requirements, how do we weigh up risk and reward – how can the approach be used to underpin, even boost business objectives? IoT technology has many commercial applications, and the resilience to attack of the connected systems is essential for business success. Context is king when determining security features, yet the business case dominates the feasibility of any successful, sustainable, security posture. |
This engaging IoT security session will equip attendees with valuable insights and practical strategies to enhance their IoT defences. We’ll examine historical patterns, extracting crucial lessons to fortify future IoT implementations. Prepare yourself for a humorous yet eye-opening journey through the “10 Rules to Build Unsecure Embedded Systems” highlighting common pitfalls and misguided practices that compromise security. We’ll also explore the cutting-edge world of eSIMs, uncovering their unique security properties and how they can future-proof IoT device protection. This session blends historical analysis, satirical reflection, and emerging technology insights to provide a comprehensive view of IoT security challenges and solutions. |
|||
15:30 | Break | ||||
16:00 | Track 7 | 16:00 | Track 8 | 16:00 | Track 9 |
IoT Security Compliance: Navigating the Regulatory Landscape | Memory Safety: The Pernicious Challenge | The Human Side of IoT Security: Protecting People, Spaces, and Systems | |||
As connected devices become ubiquitous in our homes, businesses, and cities, the need for security oversight has never been more critical. Yet, the path to regulation is fraught with challenges. This session illuminates the complex reality of IoT security regulation and compliance, where innovation and protection must coexist. We’ll explore the global regulatory landscape, focusing on Europe’s CRA and RED, the UK’s PSTI, NIST CSF 2 and NIS2. Our expert speakers will dissect the delicate balance between fostering innovation and ensuring user safety, addressing the concerns of compliance professionals grappling with legal uncertainties and potential penalties. Whether you’re an IoT manufacturer, policymaker, developer, consultant, or security professional, this session will equip you with the knowledge and insights needed to navigate the evolving regulatory landscape. Don’t miss this opportunity to stay ahead of the curve and contribute to a more secure and innovative IoT future. |
What is the memory safety challenge? How big an issue is it and what can be done? Join this session to learn about the complexities of memory safety, explore current solutions, and glimpse into the future of secure IoT systems. Whilst memory safety in computing has been identified as a challenge since the 1970’s, it became a significantly bigger problem with the growth of connected and distributed systems – such as the IoT. Solutions to the memory safety challenge are beginning to emerge from the research labs toward real-world applications underpinned by a range of hardware and software technologies. This session dives into the critical world of memory safety and its implications for secure IoT systems. Beginning with an academic exploration of memory safety fundamentals, we progress to cutting-edge industry solutions. We’ll examine the UK government-backed CHERI project, discuss the role of memory-safe languages like Rust, and explore industry efforts to popularize these technological advances This session is intended for designers, developers, manufacturers, and users of IoT technology, providing them with the knowledge and tools needed to improve the security and reliability of connected systems. |
This session explores critical aspects of IoT security, focusing on protecting vulnerable communities and public spaces while addressing technical challenges in embedded systems. Experts will discuss how IoT technologies can be misused to target at-risk groups and strategies to mitigate these threats. We’ll examine the importance of language and framing when discussing IoT deployments in public areas, emphasizing transparency and community engagement. The session will also delve into common vulnerabilities in embedded systems, sharing insights from hands-on security education. A guest speaker will highlight the crucial role of cross-sector collaboration in building a more secure IoT landscape. Attendees will gain a wider view of IoT security challenges and practical approaches to address them. |
|||
17:30 | Closing Remarks followed by Drinks Reception |
Agenda
We are currently building our agenda but, for the moment, click on a title to find out more. Note that details are subject to change.
09:30
Kelvin Lecture Theatre
11:00-11:30 Break
Kelvin Lecture Theatre
Turing Lecture Theatre
Watson-Watt Room
13:00-14:00 Lunch / Exhibition / Networking
Kelvin Lecture Theatre
Turing Lecture Theatre
Watson-Watt Room
15:30-16:00 Break
Kelvin Lecture Theatre
Turing Lecture Theatre
Watson-Watt Room
17:30-19:00 Closing remarks followed by drinks reception
The IET
The Institution of Engineering and Technology (IET) is a prestigious and globally recognized professional organization dedicated to advancing the field of engineering and technology. Established in the United Kingdom in 1871, the IET has a rich history of promoting excellence in engineering and supporting innovation in various technological domains. With a diverse membership of engineers, technologists, and professionals from around the world, the IET provides a platform for knowledge sharing, networking, and collaboration. The organization actively fosters the development of engineering and technology skills through educational programs, publications, and events.
Travel
There are a number of different options for travelling to The IET. There are a number of underground lines providing easy access, the best stations being Covent Gardens, Embankment, London Charing Cross and Temple. If arriving by train, Liverpool Street, Euston, Kings Cross, Victoria and Waterloo either have direct links to one of the underground stations or provide access to the tube system.
Location
Accommodation
There are a number of hotels near the venue and the IET has setup some special room rates.
The IoT Security Foundation Conference
The world’s longest-running conference dedicated to IoT cybersecurity.
IET, London | 23rd October 2024
This year’s one-day event takes place on 23rd October and we return to the modern majesty of the IET, London.
The Annual IoTSF Conference has built a loyal global following from the IoT stakeholder communities and is renowned for delivering high-quality conference programmes and this is the 10th Annual Conference.
Advances in quantum computing and the democratisation of AI/ML in recent years have added more threats, yet have also given us more tools to use in our defences. New approaches such as zero trust and continuous assurance processes continue to evolve. Getting the basics right with training, certifications and audits continue to be trusted staples.
Our theme is therefore…
IoT Security: Past, Present and Future.
Register for the 10th Annual IoT Security Foundation Conference
We’re pleased you’ve decided to join us
Here are a few details about your registration for this event…
Frequently asked questions
What’s included with the ticket?
Ticket price includes a full conference day pass, refreshments, buffet lunch and drinks reception.
Member ticket: What if I’m unable to attend?
We know that plans can change! If you cant make it to an event – to help manage our costs – please let us know as soon as possible, no less than 7 days in advance. If you fail to attend the event without prior notice, we reserve the right to invoice your company for the full cost of a non-member ticket. Thank you for understanding.
Non-Member / Professional Member ticket: Refund Policy
Refunds will be given for cancelled tickets up until 7 days before the event. Refund amount will be the original ticket price minus administration fees. Tickets purchased within 7 days of the event are non-refundable.
If I cant attend, can someone go in my place?
Yes, just email us the details to [email protected].
Terms and Conditions / Privacy Policy
By signing up to this event you are agreeing to our Privacy Policy and our Terms and Conditions.
Present at the IoT Security Foundation Conference
If you’ve got something important to say on a whole range of subjects related to improving the status of IoT, now or in the future, we’d like to hear it and invite you to submit a talk proposal.
If you would like to guarantee a speaking slot, we would encourage you to take one of our limited sponsorship packages – they’re very cost-effective (see our sponsorship guide).
Talk Themes
Our attendees will be interested in business, technical, operational, standards, regulatory, educational and policy-related themes. Some of those themes may include (but are not limited to):
- New or emerging themes in IoT security
- All themes related to the defence against AI/automated attacks
- Using AI/ML to improve IoT security
- Zero trust environments
- Cryptography
- Standards and certification
- We are keen to hear practical examples of effective (cost and efficacy) third-party certification schemes
- The economics of IoT security
- Automation and continuous assurance
- Updates on the latest threat landscape, attacks and how to avoid them.
- Best practice for building/engineering ‘secure by design’ and/or ‘secure by default’ products and/or systems
- Testing IoT products (hardware and software) – against common and emerging attacks
- How to’ specify fit for purpose security when purchasing
- Securing the supply chain
- Software bill of materials and open source
- Maintaining security and/or achieving resilience throughout the lifecycle
- Emerging research or intelligence
- Ethical hacking of IoT systems
- Ethical design for security and privacy
- Use cases: application specific examples of cyber security best practice in context e.g.:
- Automotive
- Critical Infrastructure
- Healthcare
- Industrial/Industry 4.0/Manufacturing
- Smart Buildings / Smart Cities / Connected Places
- Practical “How To’s” (or how not to…) – e.g.
- How to manage secure updates
- How to build a secure and agile development culture
- Respond to a security breach
- Build an effective vulnerability and/or bug-bounty program
- Assess your liability and risk
- Threat modelling
- Real life experiences/war stories/lessons learned
Submitting a Talk Proposal
To submit a paper presentation to be considered for the IoTSF Conference, please complete the submission form with the following details:
- Presentation Theme
- Presentation Title
- Presentation Abstract
- Speaker Biography & Photo
- Key audience takeaways
Presentations are to be made in English.
Regular speaking slots are nominally 20 minutes in duration (inclusive of Q&A) however if you prefer a ‘lightening talk’ slot, these are nominally allocated as 10 minutes. Slot duration will be confirmed as part of the acceptance process.
- Once received, we will acknowledge receipt.
- Submissions will be reviewed by representatives of IoTSF at regular intervals and assessed on the content’s merit and relevance to the conference.
- Once reviewed and concluded, applicants will be notified.
- Successful applicants should confirm their availability for the day.
Guidance for Speakers
It’s great that you have something to say, however be clear about your message to the audience – your talk may be good but if the audience is left with a feeling of “so what?” then we’ve collectively failed. When submitting make sure you spell out the key takeaways that you intend to leave with the audience and what will make it worth their while listening to you. This also helps our talk assessors when selecting talks for the conference hence we encourage you to consider this carefully.
- Abstracts must clearly detail the nature, scope, content, key points and significance of the proposed presentation to aid the assessment process.
- The audience has come to hear a talk about a subject that is of interest to them. Direct or overt sales presentations are unwelcome at this event and will not be accepted. It is acceptable to position where the talk is coming from – i.e. the company / individual and the area of interest you have, generally one slide at the beginning usually suffices.
- It is standard practice to record talks at the IoTSF conference and, at our discretion, publish after the event. Should you prefer not to have your talk published you must inform us with written instruction (email) before or on the conference day. We will confirm your preference.
If you have any queries regarding the submission process, please contact us – [email protected]
As a not-for-profit organisation, we welcome your interest and support for the conference. We have a number of sponsorship opportunities on offer which help us to cover our costs.
Sponsoring IoTSF’s 2024 Conference will deliver a number of promotional benefits for your organisation whilst contributing to our shared mission to build secure, buy secure and be secure.
Why Sponsor?
The IoTSF Annual Conference attracts a wide range of stakeholder groups and decision-makers throughout the event lifecycle – in the build-up, during the event itself, and once the event has taken place and provides the perfect environment to not only promote your brand, but to build lasting relationships with customers and get to know other businesses:
- Build reputation & increase brand visibility
- Unique access to our IoT Security community and stakeholders
- Lead generation & sales
- New business partnerships
- Strengthen relationships with existing customers – most of our packages include guest passes and can be added to other sponsorship options on request
- Post-conference networking – a drinks reception accompanies the conference.
Conference Agenda
08:30-09:30
Registration / Exhibition
09:30-11:00
Opening ‘Plenary’ Session:
IoT Security: Past, Present, Future
11:00-11:30
Break
Kelvin Lecture Theatre
11:30 |
Track 1 |
---|
Turing Lecture Theatre
11:30 |
Track 1 |
---|
13:00-14:00
Lunch / Exhibition / Networking
Kelvin Lecture Theatre
14:00 |
Track 2 |
---|
Turing Lecture Theatre
14:00 |
Track 2 |
---|
15:30-16:00
Break
Kelvin Lecture Theatre
16:00 |
Track 3 |
---|
Turing Lecture Theatre
16:00 |
Track 3 |
---|
17:15-17:30
Closing Remarks
17:30-19:00
Drinks Reception
Agenda
We are currently building our agenda but, for the moment, click on an image to find out more about our speakers. Note that details are subject to change.
08:30 | Registration / Exhibition | ||||
09:30 | Opening Plenary Session: IoT Security: Past, Present, Future | ||||
The opening plenary session sets the stage for the rest of the day, exploring the cutting edge of IoT cybersecurity, AI and emerging themes. Following the welcome address, we will have two keynote talks that look at the emerging innovation and technology future. We will also take a look at what is in store for the IoTSF and its members with insights from the Executive Steering Board via a panel session taking the theme of the conference: IoT security – past, present and future. This plenary session promises to equip attendees with a comprehensive understanding of the cybersecurity landscape, setting the context for the specialized tracks that follow. Attendees will not want to miss this opportunity to gain valuable insights from industry leaders and connect with fellow professionals at the forefront of IoT security. |
|||||
11:00 | Break | ||||
Kelvin Lecture Theatre | Turing Lecture Theatre | Watson-Watt Room | |||
11:30 | Track 1 | 11:30 | Track 2 | 11:30 | Track 3 |
The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks | IoT Foundations of Trust: Secure by Design | The CISO Journey: From Coax to Resilience | |||
This session explores the evolving landscape of IoT security through keynote talks from leading business and technical experts. On the business side, we discuss the shift from isolated security solutions to collaborative, ecosystem-based approaches in securing IoT devices. Attendees will also learn about supply chain integrity for IoT and AI systems, including innovations for creating operational and trusted bills of materials.
New developments in the evolution of the IoT Security Foundation’s popular security assurance framework will be announced and we will explain its transformation from a developer checklist to a corporate reference for automating audits and certification. We also highlight the recent and important work from NIST on IoT Device Onboarding and Lifecycle Management which addresses real-world trust challenges across enterprise, industrial and consumer networks. Join us to understand the collaborative future of IoT security and its practical implications. |
This session explores contemporary cutting-edge approaches to building security into IoT devices and systems from the ground up. Experts will outline the essential elements for secure IoT products and also look at solutions for decentralized and autonomous IoT applications, examining how to leverage hardware security modules to protect vehicle-to-everything (V2X) communications. We will also delve into the critical role of true randomness in cryptography with a focus on preparing for emerging AI and quantum computing threats. Attendees will gain practical insights into implementing robust security measures at the hardware and system level to create resilient IoT systems. |
In this session, we look at how cyber security has changed over the last 20+ years from the CISO perspective. Where once upon a time all they worried about were operating systems, printers, memory sticks and shadow IT. But soon every new technology became shadow IT, with mobile phones, ipads, social media, cloud services, etc. This session will explore how CISOs started from overseeing information security, which included computers, users, the network, etc. to today, where they have to view things from an enterprise cyber resilience perspective. Does this really mean that there is nothing that they can rule out from having to provide guidance on or be responsible for? These and many other questions will be explored with our expert panel who will provide perspectives of what cyber resilience means to them in their daily world view for an enterprise. |
|||
13:00 | Lunch / Exhibition / Networking | ||||
14:00 | Track 4 | 14:00 | Track 5 | 14:00 | Track 6 |
The Practice of IoT Security: From Breach Response to Threat Anticipation | The Business of IoT Security: Mastering the Economics | Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future | |||
This illuminating session equips IoT security practitioners with actionable strategies to tackle current and emerging challenges. Attendees will learn effective breach response protocols for when things go wrong, techniques for anticipating threats in newly connected OT domains like critical infrastructure and healthcare, and methods for applying cross-domain architectural principles to enhance security in the industrial Internet of Things (IIoT). The session also includes best practices for comprehensive testing of products with diverse supply chain components. Through expert-led talks and interactive discussions, participants will gain valuable insights to strengthen their organization’s IoT security posture. |
In this session we look at security through the economics lens – how can security help us win in business? What do we need to know beyond the technical requirements, how do we weigh up risk and reward – how can the approach be used to underpin, even boost business objectives? IoT technology has many commercial applications, and the resilience to attack of the connected systems is essential for business success. Context is king when determining security features, yet the business case dominates the feasibility of any successful, sustainable, security posture. |
This engaging IoT security session will equip attendees with valuable insights and practical strategies to enhance their IoT defences. We’ll examine historical patterns, extracting crucial lessons to fortify future IoT implementations. Prepare yourself for a humorous yet eye-opening journey through the “10 Rules to Build Unsecure Embedded Systems” highlighting common pitfalls and misguided practices that compromise security. We’ll also explore the cutting-edge world of eSIMs, uncovering their unique security properties and how they can future-proof IoT device protection. This session blends historical analysis, satirical reflection, and emerging technology insights to provide a comprehensive view of IoT security challenges and solutions. |
|||
15:30 | Break | ||||
16:00 | Track 7 | 16:00 | Track 8 | 16:00 | Track 9 |
IoT Security Compliance: Navigating the Regulatory Landscape | Memory Safety: The Pernicious Challenge | The Human Side of IoT Security: Protecting People, Spaces, and Systems | |||
As connected devices become ubiquitous in our homes, businesses, and cities, the need for security oversight has never been more critical. Yet, the path to regulation is fraught with challenges. This session illuminates the complex reality of IoT security regulation and compliance, where innovation and protection must coexist. We’ll explore the global regulatory landscape, focusing on Europe’s CRA and RED, the UK’s PSTI, NIST CSF 2 and NIS2. Our expert speakers will dissect the delicate balance between fostering innovation and ensuring user safety, addressing the concerns of compliance professionals grappling with legal uncertainties and potential penalties. Whether you’re an IoT manufacturer, policymaker, developer, consultant, or security professional, this session will equip you with the knowledge and insights needed to navigate the evolving regulatory landscape. Don’t miss this opportunity to stay ahead of the curve and contribute to a more secure and innovative IoT future. |
What is the memory safety challenge? How big an issue is it and what can be done? Join this session to learn about the complexities of memory safety, explore current solutions, and glimpse into the future of secure IoT systems. Whilst memory safety in computing has been identified as a challenge since the 1970’s, it became a significantly bigger problem with the growth of connected and distributed systems – such as the IoT. Solutions to the memory safety challenge are beginning to emerge from the research labs toward real-world applications underpinned by a range of hardware and software technologies. This session dives into the critical world of memory safety and its implications for secure IoT systems. Beginning with an academic exploration of memory safety fundamentals, we progress to cutting-edge industry solutions. We’ll examine the UK government-backed CHERI project, discuss the role of memory-safe languages like Rust, and explore industry efforts to popularize these technological advances This session is intended for designers, developers, manufacturers, and users of IoT technology, providing them with the knowledge and tools needed to improve the security and reliability of connected systems. |
This session explores critical aspects of IoT security, focusing on protecting vulnerable communities and public spaces while addressing technical challenges in embedded systems. Experts will discuss how IoT technologies can be misused to target at-risk groups and strategies to mitigate these threats. We’ll examine the importance of language and framing when discussing IoT deployments in public areas, emphasizing transparency and community engagement. The session will also delve into common vulnerabilities in embedded systems, sharing insights from hands-on security education. A guest speaker will highlight the crucial role of cross-sector collaboration in building a more secure IoT landscape. Attendees will gain a wider view of IoT security challenges and practical approaches to address them. |
|||
17:30 | Closing Remarks followed by Drinks Reception |
Agenda
We are currently building our agenda but, for the moment, click on a title to find out more. Note that details are subject to change.
09:30
Kelvin Lecture Theatre
11:00-11:30 Break
Kelvin Lecture Theatre
Turing Lecture Theatre
Watson-Watt Room
13:00-14:00 Lunch / Exhibition / Networking
Kelvin Lecture Theatre
Turing Lecture Theatre
Watson-Watt Room
15:30-16:00 Break
Kelvin Lecture Theatre
Turing Lecture Theatre
Watson-Watt Room
17:30-19:00 Closing remarks followed by drinks reception
Agenda
We are currently building our agenda but, for the moment, click on an image to find out more about our speakers.
08:30 | Registration / Exhibition | ||||
Kelvin Lecture Theatre | |||||
09:30 | Opening Plenary Session: IoT Security: Past, Present, Future | ||||
Alex Mouzakitis – JLR | Title TBC | ||||
Apostol Vassilev – Research Manager, NIST | AI Risks and Rewards: Calculus for the Future | ||||
11:00 – 11:30 | Break | ||||
Sessions 1-3 / 11:30 – 13:00 | |||||
Kelvin Lecture Theatre | Turing Lecture Theatre | Another Theatre | |||
Advancing Security Practice Session Host TBC |
Security by Design Session Host TBC |
The CISO Journey Session Host TBC |
|||
Darron Antill, CEO, Device Authority | Securing the Future: Harnessing the Power of Ecosystems in IoT Security | Andrew Bott, Principal Security Architect, IAR Systems AB | How secure is your IoT device? – Indispensable ingredients for a secure IoT product! | David Ihrie, CTO, Virginia Innovation Partnership Corporation (VIPC) | What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats |
Ian Pearson, IoTSF AFWG | Assuring IoT Security | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
Nick Allott, CEO, Nquiring Minds | SBoM, TAIBoM etc. | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
Paul Watrobski, NIST CCCoE | On-boarding High Level Architecture | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
13:00-14:00 | Lunch / Exhibition / Networking | ||||
Sessions 4-6 / 14:00 – 15:30 | |||||
Kelvin Lecture Theatre | Turing Lecture Theatre | Another Theatre | |||
Advancing Security Practice Session Host TBC |
Security by Design Session Host TBC |
The CISO Journey Session Host TBC |
|||
Ian Pearson, IoTSF AFWG | Assuring IoT Security | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
Nick Allott, CEO, Nquiring Minds | SBoM, TAIBoM etc. | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
put name here | Securing the Future: Harnessing the Power of Ecosystems in IoT Security | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
Paul Watrobski, NIST CCCoE | On-boarding High Level Architecture | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
15:00 – 15:30 | Break | ||||
Sessions 7-9 / 16:00 – 17:15 | |||||
Kelvin Lecture Theatre | Turing Lecture Theatre | Another Theatre | |||
Advancing Security Practice Session Host TBC |
Security by Design Session Host TBC |
The CISO Journey Session Host TBC |
|||
Ian Pearson, IoTSF AFWG | Assuring IoT Security | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
Nick Allott, CEO, Nquiring Minds | SBoM, TAIBoM etc. | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
Darron Antill, CEO, Device Authority | Securing the Future: Harnessing the Power of Ecosystems in IoT Security | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
Paul Watrobski, NIST CCCoE | On-boarding High Level Architecture | Turing Lecture Theatre | Turing Lecture Theatre | TBCTheatre | TBCTheatre |
17:15 – 17:30 | Closing Remarks | ||||
17:30 – 19:00 | Drinks Reception | ||||
19:00 | Close |
Speakers
The IoT Security Foundation 2024 Conference will feature an impressive line-up of accomplished speakers who bring their knowledge and experience to the event. Our carefully curated talks from practitioners, industry leaders, academic researchers, and technical visionaries are featured, helping to make the IoTSF Annual Conference both high-quality and insightful.
Apostol Vassilev
Research Manager, Computer Security Division, NIST
Apostol Vassilev is a research manager in the Computer Security Division at NIST. His group’s research agenda covers topics in Trustworthy and Responsible AI, with a focus on Adversarial Machine Learning and Robust AI for Autonomous Vehicles. Vassilev works closely with academia, industry and government agencies on the development and adoption of standards in AI. He holds a Ph.D. in mathematics. Vassilev has been awarded a bronze medal by the U.S. Commerce Department and his work has been profiled in the Wall Street Journal, Politico, VentureBeat, Fortune, Forbes, the Register, podcasts, and webinars. Apostol frequently speaks at conferences.
Dr Leonie Maria Tanczer
Associate Professor, University College London (UCL)
Dr Leonie Maria Tanczer is an Associate Professor in International Security and Emerging Technologies at University College London’s (UCL) Department of Computer Science (CS) and grant holder of the prestigious UKRI Future Leaders Fellowship (FLF).
She is part of UCL’s Information Security Research Group (ISec) and initiated and heads the “Gender and Tech” research efforts at UCL. Tanczer is also member of the Advisory Council of the Open Rights Group (ORG), a Steering Committee member for the Offensive Cyber Working Group, and a voting member of the IEEE Working Group P2987 “Recommended Practice for Principles for Design and Operation Addressing Technology-Facilitated Inter-personal Control”.
She was formerly an Association of British Science Writers (ABSW) Media Fellow at The Economist and a Fellow at the Alexander von Humboldt Institute for Internet and Society (HIIG) in Berlin. Her research focuses on questions related to Internet security and she is specifically interested in the intersection points of technology, security and gender.
Matt Tett
Subject Matter Expert (SME), IoT Security Mark P/L
Matt Tett is an Advisor and Subject Matter Expert (SME) for IoT Security Mark P/L who operate the global IoT Security Trust Mark™ (STM) Certification and voluntary Cybersecurity Labelling Scheme (CLS). (www.iotsecuritytrustmark.org).
Matt is the Managing Director of Enex TestLab (Enex Pty Ltd). He is well known globally across industry and government as a very well connected, highly technical straight shooter. Effectively applying science to translating complex technology for the lay person, ensuring customers receive what they are paying for.
Matt has a deep technical background in network and security systems and he holds the following security certifications in good standing for 17+ years: CISSP, CISM, CSEPS and CISA. He is a certified Government security advisor and retains State and Federal Government security clearances.
He is also a judge for a number of industries, including the Commsday “Edison” Awards, IT Journo “Lizzies” Awards, InnovationAus Awards for Excellence, IoT Impact Awards and the Australian Women in Security Awards.
Toby Wilmington
CEO, qomodo
Toby Wilmington has spent the last decade building and managing some of the world’s most sophisticated cyber security defences. With a career that spans institutes like BAE Systems, Recorded Future, and NATO, Toby has been a go-to advisor for government departments,
critical infrastructure, and military forces, crafting robust strategies and resilient security controls for the world’s most targeted networks.
Now leading qomodo, Toby is tackling one of the pressing cyber challenges of our time: safeguarding the rapidly expanding Internet of Things. As IoT devices infiltrate sensitive networks and bring previously isolated areas online, they become prime targets for cyber attackers. The inadequate security and control measures in these newly connected spaces present a golden opportunity for nation-states and cybercriminals alike.
SPEAKER
AI Risks and Rewards: Calculus for the Future
Apostol Vassilev
Research Manager, Computer Security Division, NIST
SPEAKER
IoT Tech Abuse – Protecting At-Risk Communities
Dr Leonie Maria Tanczer
Associate Professor, University College London (UCL)
SPEAKER
Evolving Threats and Evolving Defenses for XIoT in Critical Infrastructure
Toby Wilmington
CEO, qomodo
SPEAKER
Securing the Future: Harnessing the Power of Ecosystems in IoT Security
Darron Antill
CEO, Device Authority
SPEAKER
International: Key lessons and takeaways from Internet of Things Cybersecurity Standards, Legislation, Product Certifications and Cybersecurity Labelling Schemes (CLS)
Matt Tett
Subject Matter Expert (SME), IoT Security Mark P/L
SPEAKER
Hardware based security for advanced threat detection and mitigation
Rasadhi Attale
Senior Hardware Engineer, Siemens
SPEAKER
Securing the Decentralized Future: Open and Auditable Hardware
Security for IoT Ecosystems and Web3
John Sirianni
CEO, Tropic Square
SPEAKER
Implementing Cross Domain Security Patterns for IoT
Phil Day
Director of Engineering, Configured Things
SPEAKER
Reading the R-IoT act – responding to an IoT incident
Jennifer Williams
Director of IT and Operations, Secarma
SPEAKER
Why does my TV still think it is a fridge?
Jonathan Marshall
Founder, SafeShark
SPEAKER
How secure is your IoT device? – Indispensable ingredients for a secure IoT product!
Andrew Bott
Principal Security Architect, IAR Systems AB
SPEAKER
From Risk to Return: A Two-Part Framework for Prioritising and Measuring Security Investment Returns
Kay Ng
Managing Director, CyberAnalytics
SPEAKER
What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats
David Ihrie
Chief Technology Officer, Virginia Innovation Partnership Corporation (VIPC)
SPEAKER
What Things Are Really on Your Network?
Trusted IoT Onboarding and Lifecyle Management
Paul Watrobski
IT Security Specialist, NIST
SPEAKER
10 Rules to Build Unsecure Embedded Systems
Stephan Janouch
Technical Marketing Director, EMEA, Green Hills Software GmbH
SPEAKER
Where is your weakest link? Observations from teaching Embedded System Security
Dr Des Howlett
Senior Member Technical Staff , Doulos Ltd
SPEAKER
Building Secure IoT Products from the Ground Up
Zahra Khani
Principal Product Manager for IoT Security Assessment, Keysight Technologies
PANELIST
Antoinette Hodes
Global Solution Architect & Evangelist, Check Point Software Technologies
The IET
The Institution of Engineering and Technology (IET) is a prestigious and globally recognized professional organization dedicated to advancing the field of engineering and technology. Established in the United Kingdom in 1871, the IET has a rich history of promoting excellence in engineering and supporting innovation in various technological domains. With a diverse membership of engineers, technologists, and professionals from around the world, the IET provides a platform for knowledge sharing, networking, and collaboration. The organization actively fosters the development of engineering and technology skills through educational programs, publications, and events.
Travel
There are a number of different options for travelling to The IET. There are a number of underground lines providing easy access, the best stations being Covent Gardens, Embankment, London Charing Cross and Temple. If arriving by train, Liverpool Street, Euston, Kings Cross, Victoria and Waterloo either have direct links to one of the underground stations or provide access to the tube system.
Location
Accommodation
There are a number of hotels near the venue and the IET has setup some special room rates.
Apostol Vassilev
Research Manager, Computer Security Division, NIST
Apostol Vassilev is a research manager in the Computer Security Division at NIST. His group’s research agenda covers topics in Trustworthy and Responsible AI, with a focus on Adversarial Machine Learning and Robust AI for Autonomous Vehicles. Vassilev works closely with academia, industry and government agencies on the development and adoption of standards in AI. He holds a Ph.D. in mathematics. Vassilev has been awarded a bronze medal by the U.S. Commerce Department and his work has been profiled in the Wall Street Journal, Politico, VentureBeat, Fortune, Forbes, the Register, podcasts, and webinars. Apostol frequently speaks at conferences.
Presentation: AI Risks and Rewards: Calculus for the Future
Artificial intelligence (AI) systems have been on a global expansion trajectory for several years. The pace of development and adoption of AI systems has been accelerating worldwide.
These systems are being widely deployed into the economies of numerous countries, leading to the emergence of AI-based services for people to use in many spheres of their lives, both real and virtual. There are two broad classes of AI systems, based on their capabilities: Predictive AI (PredAI) and Generative AI (GenAI). Although the majority of industrial applications of AI systems are still dominated by PredAI systems, we are starting to see adoption of GenAI systems in business. When adopted responsibly, GenAI systems can also improve the productivity of workers and quality of service.
As these systems permeate the digital economy and become inextricably essential parts of daily life, the need for their secure, robust, and resilient operation grows.
However, despite the significant progress that AI has made, these technologies are also vulnerable to attacks that can cause spectacular failures with dire consequence. In this talk we will provide an overview of the main sources of risk and categories of attacks on AI systems and propose directions for increasing their robustness.
Dr Leonie Maria Tanczer
Associate Professor, University College London (UCL)
Dr Leonie Maria Tanczer is an Associate Professor in International Security and Emerging Technologies at University College London’s (UCL) Department of Computer Science (CS) and grant holder of the prestigious UKRI Future Leaders Fellowship (FLF).
She is part of UCL’s Information Security Research Group (ISec) and initiated and heads the “Gender and Tech” research efforts at UCL. Tanczer is also member of the Advisory Council of the Open Rights Group (ORG), a Steering Committee member for the Offensive Cyber Working Group, and a voting member of the IEEE Working Group P2987 “Recommended Practice for Principles for Design and Operation Addressing Technology-Facilitated Inter-personal Control”.
She was formerly an Association of British Science Writers (ABSW) Media Fellow at The Economist and a Fellow at the Alexander von Humboldt Institute for Internet and Society (HIIG) in Berlin. Her research focuses on questions related to Internet security and she is specifically interested in the intersection points of technology, security and gender.
Presentation: IoT Tech Abuse – Protecting At-Risk Communities
The proliferation of smart, Internet-connected devices in homes has introduced new avenues for intimate partner violence.
Drawing on research conducted at UCL’s Gender and Tech Lab, this presentation will explore the growing problem of technology-facilitated domestic violence and stalking, focusing on the ways perpetrators exploit Internet of Things (IoT) technologies to monitor, control, and terrorise victims and survivors. The talk will examine the unique challenges affected parties face when trying to document abuse, seek help, and regain control of their digitally-enabled environment. The session will also highlight emerging approaches to combat this form of abuse, including technological safeguards, legislative reforms, and victim/survivor support. The goal is to raise awareness of this critical issue and equip the tech sector with the knowledge to address the intimate partner violence threat model proactively and to effectively respond to instances where their systems are being misused in domestic abuse and stalking cases.
Toby Willmington
CEO, Quomodo
Toby Wilmington has spent the last decade building and managing some of the world’s most sophisticated cyber security defences. With a career that spans institutes like BAE Systems, Recorded Future, and NATO, Toby has been a go-to advisor for government departments, critical infrastructure, and military forces, crafting robust strategies and resilient security controls for the world’s most targeted networks.
Now leading qomodo, Toby is tackling one of the pressing cyber challenges of our time: safeguarding the rapidly expanding Internet of Things. As IoT devices infiltrate sensitive networks and bring previously isolated areas online, they become prime targets for cyber attackers. The inadequate security and control measures in these newly connected spaces present a golden opportunity for nation-states and cybercriminals alike.
Presentation: Evolving Threats and Evolving Defences for XIoT in Critical Infrastructure
The convergence of information technology (IT) and operational technology (OT) within the Extended Internet of Things (XIoT) is transforming the landscape of connectivity.
Devices and systems that were once isolated, such as industrial control systems, vehicles, energy grids and medical equipment, are now internet-connected, vastly expanding the attack surface and presenting new cybersecurity challenges.
In this presentation, Toby Wilmington, CEO of qomodo, will explore the evolving threat landscape facing XIoT environments. We will examine how cybercriminals and nation-state actors exploit vulnerabilities in connected devices to target critical infrastructure. From weak authentication mechanisms to legacy system vulnerabilities, this session will provide a comprehensive overview of the current risks that organisations face.
Looking forward, we will discuss emerging threat trends, such as the increasing use of artificial intelligence by attackers to conduct more sophisticated and automated attacks. As threat actors continue to innovate, organisations must evolve their security strategies to stay ahead of these challenges.
To help executives and managers navigate this complex landscape, the presentation hopes to offer actionable insights and defensive measures for enhancing XIoT security.
By understanding the current threat landscape and anticipating future challenges, organisations can develop robust security frameworks that protect their critical XIoT assets, challenge the expectations of security for IoT and ensure operational resilience in an increasingly connected world.
Darron Antill
CEO, Device Authority
Darron has extensive experience in leading and growing companies that specialise in IoT, Cybersecurity, Enterprise Software and SaaS. Prior to his role as CEO at Device Authority, Darron was CEO of AppSense, a global software company where is guided the company to a 270% revenue increase, expansion into new markets, strategic acquisitions, successful investment and through significant product innovation. Darron is also a member of IoTSF’s Executive Steering Board.
Presentation: Securing the Future: Harnessing the Power of Ecosystems in IoT Security
In the rapidly expanding world of IoT, securing connected devices has never been more critical—or more complex. Gone are the days when a single solution could adequately protect the intricate networks of connected devices that define today’s IoT landscape. In this talk, “Stronger Together: The Power of Collaboration in Securing the IoT Ecosystem,” we delve into the transformative shift towards a collaborative approach to IoT security.
As the industry evolves, so too must our strategies for protection. This presentation will explore how the integration of best-in-class vendors, each bringing unique strengths to the table, forms a more resilient and adaptable defence system. We will discuss the significant benefits of this ecosystem approach, including enhanced security for both new and legacy devices, and how it enables more effective responses to the ever-evolving threat landscape. We will also hear about some examples of a successful ecosystem in action as well as the role that open-source communities can play in advancing security solutions.
Attendees will gain practical insights into building and maintaining a secure IoT ecosystem, with real-world examples of successful implementations. Whether you’re securing new deployments or retrofitting brownfield devices, this talk will provide the knowledge and tools to make informed decisions and strengthen your IoT security posture through collaboration. Join us to learn why the future of IoT security is not about going it alone, but about building stronger defences together.
Matt Tett
Subject Matter Expert (SME), IoT Security Mark P/L
Matt Tett is an Advisor and Subject Matter Expert (SME) for IoT Security Mark P/L who operate the global IoT Security Trust Mark™ (STM) Certification and voluntary Cybersecurity Labelling Scheme (CLS). (www.iotsecuritytrustmark.org).
Matt is the Managing Director of Enex TestLab (Enex Pty Ltd). He is well known globally across industry and government as a very well connected, highly technical straight shooter. Effectively applying science to translating complex technology for the lay person, ensuring customers receive what they are paying for.
Enex TestLab’ objective is to use science to keep tech vendors honest and the leaders leading by rigorously testing their product claims and ensuring consumer requirements are met factually.
(www.testlab.com.au), Enex TestLab is an independent ISO17025 accredited testing laboratory with a 35+ year history, university heritage (RMIT), and ISO 9001 QMS Quality, ISO 27001 ISMS Security and ISO 45001 OH&S certifications.
Matt is a current board director and Co-Chair of the Australian Women in Security Network (AWSN) (www.awsn.org.au)
He also serves on the Communications Alliance Cyber Security Reference Panel (CSRP), the CSRP Fraud subgroup and the Communications Resilience Administration Industry Group (CRAIG) and is a member of the research advisory committee for the Internet Commerce Security Laboratory (ICSL) at Federation University.
Matt has a deep technical background in network and security systems and he holds the following security certifications in good standing for 17+ years: CISSP, CISM, CSEPS and CISA. He is a certified Government security advisor and retains State and Federal Government security clearances.
He is also a judge for a number of industries, including the Commsday “Edison” Awards, IT Journo “Lizzies” Awards, InnovationAus Awards for Excellence, IoT Impact Awards and the Australian Women in Security Awards.
He has served on the Online Safety Consultative Working Group (OSCWG) for the Office of the eSafety Commissioner, as a committee member participating in the development of Standards related to IT-042-00-01 – IoT and Related Technologies and participated in the Internet Australia Cyber Security SIG. He is former chair of IoT Alliance Australia (IoTAA) enabler Work Stream 3 (eWS-3) – Cyber Security and Network Resilience and sits on the IoTAA Executive Council.
https://www.linkedin.com/in/mtett/
Presentation: International: Key lessons and takeaways from Internet of Things Cybersecurity Standards, Legislation, Product Certifications and Cybersecurity Labelling Schemes (CLS)
The presentation theme is around connected product security conformance assessment, certification and labelling around the world.
Including:
• The current landscape of IoT product cybersecurity standards internationally
• The current landscape of IoT/Smart/Connected product legislation in each country
• The current landscape of the global vs domestic IoT security certifications and CLS including pros and cons from various stakeholders perspectives
• Lessons learned over the past seven years; developing, applying for, and obtaining international Certification Trade Marks for a Global connected device certification and labelling scheme
• Effects for device consumers/users – including private sector and critical infrastructure
• Effects for device manufacturers – including distributers and retailers
• Effects for government departments and agencies
• What’s next, what does the future hold?
Rasadhi Attale
Senior Hardware Engineer, Siemens
A Senior hardware engineer working for the Embedded Analytics team at Siemens for 6 years. Previously worked at arm prior to joining Siemens. Is currently studying for a masters in cybersecurity at University of Oxford.
Presentation: Hardware based security for advanced threat detection and mitigation
Today’s modern Software Defined Vehicles are essentially an IoT device or several Iot Devices on wheels and are vulnerable to various different types of security threat. V2X communication attacks are the more common and the most impactful of them. We will be presenting a suit of hardware IP that can help mitigate various V2X communication attacks and help monitor the health of a fleet.
Mike Eftimakis
Founding Director, CHERI Alliance
Mike Eftimakis has an extensive background in the semiconductor and electronics industry with 30 years in senior technical and business roles. He has a rich history of innovation with companies like VLSI Technology, NewLogic, and Arm, and he started-up and led his own company. where he played pivotal roles in advancing technology and business strategies. His expertise ranges from chip design engineering and system architecture to product management, marketing and strategy, making him a key contributor to the growth and success of microelectronics organizations.
Currently, Mike is the VP Strategy and Ecosystem at Codasip, where he drives the long-term vision and its day-to-day implementation. His leadership at Codasip focuses on positioning the company to differentiate in a highly competitive market, while fostering strategic partnerships and enhancing the company’s market position. Mike’s blend of technical acumen and strategic insight are key in this engineering-led environment.
In parallel, he is a Founding Director of the CHERI Alliance, an industry association dedicated to promoting CHERI technology. This technology addresses the root causes of most current cyberattacks, contributing to a safer and more trustworthy World.
John Sirianni
CEO, Tropic Square
John Sirianni has led and grown companies that specialize in semiconductor security, communications security, Post-Quantum Cryptography and Critical Infrastructure Cybersecurity.
In his previous role, John provided strategic advisory services to Blockchain, AI, and Quantum security companies. His involvement in IoT security led him to collaborate with the IoTSF in Silicon Valley from its founding in 2015.
John now leads Tropic Square, a company that develops auditable and open hardware secure semiconductor chips for the next generation of crypto-secure infrastructure systems.
Presentation: Securing the Decentralized Future: Open and Auditable Hardware Security for IoT Ecosystems and Web3
As IoT devices become more decentralized and self-sufficient, they are gaining the ability to operate with increasing levels of autonomy and independence. This shift is enabling new capabilities like instant transactions, negotiations and settlements directly between intelligent devices.
These advancements offer high value targets for attackers – challenging the traditional approaches to physical hardware protection. A new hardware
security paradigm is urgently needed to address the requirements of autonomous IoT devices and Web3.
This session provides insights into protecting increasingly autonomous and decentralized device ecosystems. Attend to learn about:
Emerging Security Challenges
● The new attack vectors arising in autonomous IoT and Web3 devices
The impact on endpoint device security and sovereignty
New Security Approaches
● Transparency over obscurity: Why open, transparent, and auditable
security elements are more effective against advanced attacks than
closed approaches
● “Zero-trust” implemented in silicon to enable a new level of
cryptographic key protection and management
● How Kerckhoffs’ principle, when applied to secure element IC
development, enables novel design approaches for hardware root of
trust
Future Outlook
● How community-driven innovation is shaping hardware security
Phil Day
Director of Engineering, Configured Things
Phil is the Director of Engineering at Configured Things, a startup founded by Alumni from Hewlett Packard Labs to build solutions that can operate across security domains. He has more years that he cares to admit to developing and delivering complex distributed systems.
He spoke at the IOTSF 2022 conference on the subject of Secure by Design Configuration interfaces, and is a member of the CyberASAP review panel for IoT.
Presentation: Implementing Cross Domain Security Patterns for IoT
IoT networks typically consist of low cost sensors over which the operator has little control of the security implementation, deployed in locations that are often difficult to secure. The data from these sensors needs to be passed data into protected high trust networks, which requires that only essential and
verified data is admitted.
One of the key challenges for IIoT is that data is not constrained by the traditional Purdue hierarchies. Data from SCADA systems and PLCs needs to be shared with a wider range of IT systems, which in turn need to send data and configuration information to the control layer.
In both cases the data paths between these two trust domains introduce attack routes that can only be partially mitigated by traditional IT protections such as firewalls and intrusion detection, which do not meet the higher levels of assurance required for safety critical systems such as IIoT.
The NCSC publishes a set of thirteen design principles for implementing high assurance Cross Domain Solutions, along with architectural patterns for the safe import and export of data. These include the use of protocol breaks, and for high levels of assurance flow control elements such as data diodes, to mitigate the threats from classes of attack that are embedded in the payloads.
These architectural patterns are typically perceived as only applying to classification boundaries such as those found in government and military organisations; preventing malicious data from being imported and maintaining a strict control on what data can be exported. However they can also be applied to many other contexts to provide a much reduced attack surface.
In this talk I will describe a solution which applies those patterns to the IoT space, allowing telemetry to be safely imported and equally importantly remote systems securely configured and managed. I will describe the key challenges in designing such a system, illustrated with an example based on a LoRaWAN deployment.
I will also cover our work within the Digital Security by Design (DSbD) program to create cost effective alternatives to the high end “hardsec” devices used at the classification boundary.
Jennifer Williams
Director of IT and Operations, Secarma
Jen has nearly a decade of experience in helping businesses to defend themselves against cyber attack. With the vast majority of her career spent in the legal sector, she understands the unique challenges faced by this industry.
Presentation: Reading the R-IoT act – responding to an IoT incident
Users of connected devices rely on manufacturers to keep their data secure. But what happens when it all goes wrong? How should a business respond to ensure that damage to their reputation is minimised. During this session we’ll examine
– Real world experience of being in an incident response crisis
– The importance of being prepared
– Why communications can make or break your response to a disaster
– How to recover well.
Jonathan Marshall
Founder, SafeShark
Jonathan is an experienced cybersecurity professional with a proven track record of leading information security initiatives for over 8 years, currently serving as Chief Information Security Officer at ScreenHits. As a partner at The Hawk Media Partnership, Jonathan provides expert cybersecurity consulting and tailored solutions to broadcasters, safeguarding their critical infrastructure and operations.
A serial entrepreneur with a passion for innovation, he has co-founded multiple successful ventures, including SafeShark, a cutting-edge cybersecurity company, and TVA Group, a revolutionary audience measurement platform. Jonathan’s unique blend of technical expertise and business acumen is complemented by his strong academic foundation, holding an M.Eng. in European Management in Engineering from the University of Glasgow. He is deeply committed to protecting businesses from evolving cyber threats and leveraging data intelligence to drive growth and success.
Presentation: Why does my TV still think it is a fridge?
SafeShark has been working with manufacturers (including LG, Panasonic, Arcelik) of consumer electronic equipment since 2020 and as a result we have gained a unique perspective of the trends in cyber security compliance and issues. We use a unique automated testing platform allowing us to test compliance against the standards.
As a result of testing dozens of products we would like to share some of our unique findings across a range of devices from Smart Showers to Televisions that think they are a fridge.
Key insights will be shared allowing our audience to understand how to help manufacturers comply with the best practice for building ‘secure by design’ products and ensure that consumers are given clear information at the point of sale.
Andrew Bott
Principal Security Architect, IAR Systems AB
Andrew Bott is a Chartered Engineer who has been working in security of embedded systems for more than twenty years and previously worked in software development and project management in embedded software and backhaul systems for telecommunications from DECT, GSM, 3G, LTE at Symbionics, Anritsu, and ip.access. He has architected security on multiple hardware platforms and is knowledgeable in PKI, setting up and operating several certificate authorities using HSMs. He currently has 19 patents on secure supply chain though Secure Thingz Ltd where he worked as the Senior Security Architect.
In 2021 he contributed to the peer review of the IoTSF Assurance Framework v3.0 and the Vulnerability Disclosure Best Practice Guidelines v2.0. He is now Principal Security Architect for IAR Systems.
Presentation: How secure is your IoT device? – Indispensable ingredients for a secure IoT product!
What is needed in an IoT device and its supply chain to assure its security? This presentation addresses key aspects of security and how they can be addressed at every stage in the product development process.
It explores how to establish and authenticate a device’s identity, wherever it is, protecting it from cloning or counterfeiting, from its inception during the manufacturing process throughout the lifetime of the product, thereby establishing a secure Root of Trust in the device.
It goes on to explain core features such as secure booting so that sensitive data is securely locked down and cannot be modified when the software is running. Also, the importance of using a device that is capable of lock down.
From device conception, each device needs to be provisioned with a unique identity that cannot be cloned and a device certificate from within the company’s own public key infrastructure. Information will be given on how to achieve this, enabling authentication, confidentiality and non-repudiation.
The speaker will address how to overcome common challenges around debugging and vulnerability patches with anti-rollback, permitting software updates without compromising security.
No device is guaranteed to be 100% secure, but implementing best practice to minimize risks is both desirable and achievable.
Kay Ng
Managing Director, CyberAnalytics
Global Cybersecurity Strategist | Bridging East & West | Securing the Connected Future
Kay Ng is a force to be reckoned with in the world of cybersecurity. Her expertise? Transforming complex threats into strategic opportunities. Her advantage? A truly global perspective.
As a dual national of Britain and China, Kay bridges Eastern and Western approaches to security, offering unparalleled insights into today’s interconnected risk landscape. She’s advised Fortune 500 giants and government agencies, tackling everything from IoT vulnerabilities to critical infrastructure protection.
Her secret weapon? A rare ability to connect the dots between data, technology, and business impact.
Kay’s credentials speak for themselves: A Master’s degree in Software and Systems Security from the University of Oxford, a track record of leadership roles in multinational corporation and global consulting firms, and a passion for empowering the next generation of cybersecurity leaders.
Presentation: From Risk to Return: A Two-Part Framework for Prioritising and Measuring Security Investment Returns
In today’s hyper-connected world, securing the Internet of Things is no longer optional—it’s a business imperative particularly if you’re supplying to Critical National Infrastructure.
But with limited resources and evolving threats, how can executives prioritise investments and ensure a tangible return on their security spend?
This presentation introduces a two-part to solve the problem of investing with the biggest impact, and how to communicate it so that it resonates at the Boardroom. First, we’ll explore a risk-based approach to prioritising security investments. Second, we’ll delve into practical methods for measuring the effectiveness of your security program, demonstrating how to quantify ROI and communicate the value of your efforts to key stakeholders.
Through real-world case studies and actionable insights, this presentation equips executives with the knowledge and tools they need to move from risk to return, transforming IoT security from a cost center to a strategic driver of business value.
David Ihrie
CTO, Virginia Innovation Partnership Corporation (VIPC)
Mr. Ihrie has over 40 years industry experience as a direct innovator in the fields of satellite and terrestrial communication, computing, and information science, and has been a principal in seven startup companies. In addition to his entrepreneurial activities, Mr. Ihrie has helped build four national scale business accelerators for the Intelligence Community, for DHS, and in the areas of cybersecurity and smart cities.
In addition to the CTO role, Mr. Ihrie is VP, Strategic Initiatives for the Commonwealth, focused on transitioning promising leading-edge technologies into practice for state and local government. The Virginia Strategic Initiatives portfolio includes Smart Communities, the Virginia Unmanned Systems Center at VIPC, the VIPC Public Safety Innovation Center, and the SCITI Labs program with DHS Science & Technology focused on public safety capabilities. Active areas of technology focus and experimental pilot projects in the Virginia network of Living Laboratories, centered at the Virginia Smart Community Testbed, include:
– IoT devices and sensors
– Advanced Air Mobility and the supporting ground-based infrastructure for Airspace Awareness
– Cybersecurity
– Smart Buildings
– Quantum computing
– Immersive Environments (AR/VR)
Mr. Ihrie has a Master of Science degree in Business from MIT, specializing in the Management of Technological Innovation, and a B.S. from MIT in Electrical Engineering/Computer Science.
Presentation: What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats
As a CIO/CISO, the world has changed dramatically over the last decade, from worrying about script kiddies in their mothers’ basement attacking our firewall, to now a fully distributed network of devices which we may no longer physically control. Data is king in a world where everything is connected, and our entire economy is online. Both the natural world and human threats present ever-increasing challenges, and the pace of technology change continues to increase.
As a public sector CISO supporting adoption of emerging technologies for the Commonwealth of Virginia in areas such as emergency management, incorporation of drones into the national airspace, and protection of critical infrastructure, real-time situational awareness from a large network of distributed IoT sensors, users, and applications is essential. Security by design, incorporating the principles of zero trust is a critical element to ensure the secure, reliable flow of information necessary for our modern world.
Stephan Janouch
Technical Marketing Director, EMEA, Green Hills Software GmbH
Stephan Janouch is the Director of Technical Marketing EMEA for Green Hills Software, based in Munich. He holds a German diploma in Electronic/Electrical engineering from the University of Applied Sciences in Landshut, Germany and has been working in the automotive and semiconductor industries for more than 25 years. During this time, he helped solving problems in applications engineering, business development as well as marketing, and along the way also served as the editor-in-chief for professional magazine on automotive electronics.
Presentation: 10 Rules to Build Unsecure Embedded Systems
This paper/presentation will outline the basic rules for building secure embedded systems with a focus on the software architecture. However, instead speaking with a moralising undertone, which typically leads to a “we know” or “we do this already” reaction, we will provide a not-to-be-taken-too-seriously approach of educating the audience in building a complete unsecure, easy-to-hack system. The rules we will touch on will be the following:
• Make it work, then make it secure: no need to worry about security when you start the project. You can make any system secure enough by adding a firewall at the end of the development process.
• Use only open-source software (OSS): OSS is typically very well maintained and crowd-tested. Also, the community wouldn’t give everyone source code access to look for potential attack surfaces.
• Hire great engineers, then success will follow automatically. They can do magic even if all you give them are simple tools you just downloaded from the internet for free.
• All operating systems are the same, hence, just go for the cheapest. Differences in architecture, separation options, support are neglectable. After all, it’s just about a few low-level software services, right?
• Certifications are just a rip-off! They were invented to generate additional revenue for suppliers of complex products. Just go with something non-certified and do the certification on your own. Typically, this is just a bunch of documentation.
• AI is a geek’s thing (and a myth): AI probably will never fly, so you don’t have to worry about how a hacker may or may not use AI to find a hole in your firewall or have AI code malware to infiltrate your system.
• Modularization is making things more complicated. While people claim that software components should be small, simple, tested and isolated, this is also adding unnecessary complexity. Just consolidate all components and make sure they work. It is very unlikely anyway that you may have to change something later…
• Consolidation: Some parts of your system may contain critical code (or data). However, as your system is secured by a firewall you can easily consolidate all functions on one processor core (or a multicore entity), this makes best use of the hardware and allows for easy data/information transmission between various software functions/tasks.
• Social engineering: Only stupid people fall for phishing emails or social media scams using fake profiles. You know you have a great team (even the guy that started just recently…), all are digital natives with full understanding the latest trends in social engineering.
• Updates: Updates are in most cases completely unnecessary. You have tested your system before deploying it into the field, so, if something isn’t working it is not your fault. Maybe the system needs a hardware upgrade?
A short summary at the end will be shown to lift the curtain and explain the background of this talk, i.e. that it was derived by issues observed in various development projects over the years.
Paul Watrobski
IT Security Specialist, NIST
Paul Watrobski is an IT Security Specialist at the National Institute of Standards and Technology (NIST) where he helped develop the Profile of the IoT Core Baseline for Consumer IoT Products among other guidance from the NIST Cybersecurity for IoT Program. He has also taken part in several projects at NIST’s National Cybersecurity Center of Excellence (NCCoE). Paul is a principal investigator for the Trusted IoT Device Network-Layer Onboarding and Lifecycle Management project and the upcoming Software Supply Chain and DevOps Security Practices project, and previously developed an open-source tool, MUD-PD, in support of device-intent enforcement for the Mitigating IoT-Based DDoS project.
Prior to NIST, Paul studied electrical and computer engineering at Binghamton University and the University of Maryland – College Park (UMD). Today, he is pursuing a doctorate in reliability engineering at UMD, researching firmware update-vulnerability lifecycles in IoT under the advisement of Dr. Michel Cukier.
Presentation: What Things Are Really on Your Network? Trusted IoT Onboarding and Lifecyle Management
The U.S. National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) recently published practice guide NIST SP 1800–36, addressing challenges with establishing and maintaining trust of IoT devices on home, enterprise, and industrial networks at scale. The NCCoE worked hand-in-hand with industry stakeholders to develop and describe five protocol-specific reference implementations of trusted network-layer onboarding based on Wi-Fi Easy Connect (DPP), Bootstrapping Remote Key Infrastructure (BRSKI), and Thread, as well as one agnostic reference implementation of factory provisioning of credentials. The practice guide progresses deep into the details starting from a high-level Executive Summary (Volume A) of the challenges and proposed solutions; to the Approach, Architecture, and Security Characteristics (Volume B) of the project; to step-by-step How-To Guides (Volume C) for implementing each build; to Functional Demonstrations (Volume D) of each build’s cybersecurity capabilities; and lastly, to mappings to relevant standards related to Risk and Compliance Management (Volume E). No matter where you fit in the process of developing a secure IoT product, at least one of the volumes of this practice guide will benefit you.
Come by to hear from and meet one of the project’s principal investigators and learn how you may be able to implement trusted network-layer onboarding for your devices.
Dr Des Howlett
Senior Member Technical Staff, Doulos Ltd
Doulos Senior Member, Technical Staff, EUR ING Dr Des Howlett joined Doulos in 2017. He has worked in the past as a Senior Field Applications Engineer for Microchip Technology and Silicon Laboratories, all over the EMEA region.
Immediately prior to Doulos, he was Technical Marketing Manager, EMEA, for Software at Avnet Silica and was responsible for liaising between processor manufacturers and customers to ensure that supplied software was suitable for market needs.
Des has previously taught embedded C programming and Verilog logic design at the University of Reading and now is an instructor for Embedded C and C++, Python, Embedded System Security as well as FPGA courses at Doulos.
Presentation: Where is your weakest link? Observations from teaching Embedded System Security
Everybody wants their product to be secure and it is now, rightly, a legal requirement for it to be so. People often think of security as encryption or protecting data, but it extends far beyond that.
There are important questions to ask, that are frequently overlooked, such as: Did you leave a secret test mode open, or did you fail to check statuses and user data? Do your product tests go beyond a pure check for functionality and ensure that bad inputs are also rejected?
It is surprising how many vulnerabilities are left in products in the rush to get something out the door. It is also amazing how engineers focus on securing one part, while leaving glaring holes that can be easily circumvented. Even the most experienced pilots follow checklists, but are you following a logical process or security framework in your designs?
Do you spend time, before starting the design, thinking about the possible problems that could befall your product? Do you write defensive code, looking at areas where bad data could have disastrous consequences? Do you realise that something as simple as an unchecked data string could let somebody execute code and do practically anything they choose?
It is common to look at security as a separate discipline, although many secure design practices will also give you a more reliable and higher-quality end product. Most security flaws are bugs in their own right, so fixing one will often help with the other.
This talk will include examples of some of the points we teach, that have triggered engineers to think twice about how they approach security.
Zahra Khani
Principal Product Manager for IoT Security Assessment, Keysight Technologies
Zahra is a seasoned cybersecurity professional with a passion for innovation in OT/IoT security. Her tech journey began at the age of 15, ultimately leading her to earn a degree in software engineering in 2009. After gaining several years of hands-on experience as a security engineer, Zahra founded Firmalyzer in 2016, a pioneering cybersecurity company specializing in the development of the first automated OT/IoT firmware security analysis platform. During her time at Firmalyzer, she combined her technical expertise with product management and business strategy, driving significant growth in the company’s solutions. This platform was designed to address the growing need for securing connected devices in the rapidly expanding IoT ecosystem. At the end of 2023, Firmalyzer’s technology was acquired by Keysight Technologies, a global leader in electronics and testing equipment. Following the acquisition, Zahra transitioned to the role of Product Manager for the IoT Security Assessment product at Keysight, where she continues to drive innovation in IoT security. In her current role, she combines global customer feedback with her vision to refine and enhance the product. Zahra is passionate about turning complex challenges into opportunities and improving digital security to make the online world safer.
Presentation: Building Secure IoT Products from the Ground Up
Building a secure IoT product typically involves a fairly complex supply chain of hardware and software components, and a flaw in any one level can have allow compromise of the entire device and pose dire consequences for overall system integrity. In this presentation, I’ll provide an overview of security testing techniques starting at the chip level and working up through application level, describing the kinds of issues that can be found at each and how they can interact with each other. Although we’ll touch on technical topics, the goal here is not doing a deep-dive on any particular technique or technology; the point of the discussion is convincing those ultimately responsible for the security and integrity of IoT systems that security flaws are real and should be found proactively before someone else does that for you. The presentation will provide multiple examples of IoT security flaws we’ve discovered in the course of our work and how they were discovered including hardware testing, network protocol fuzzing and firmware analysis. For example, I’ll show how we were able to extract the encryption key from a post-quantum crypto implementation because the CPU itself wasn’t hardened, and our analysis of an industrial-grade PLC device with multiple vulnerabilities, ranging from the design level to the upper application layers, including vulnerable third-party components. And because this forum is interested in certification efforts around the world, I’ll talk briefly about my involvement with the US Cyber Trust Mark and how it’s incorporating multi-level security testing.
Antoinette Hodes
Global Solution Architect & Evangelist, Check Point Software Technologies
Antoinette Hodes is a global cybersecurity solutions architect and evangelist with Check Point Software Technologies Office of the CTO. A professional with 26+ years in IT, OT and cybersecurity. Antoinette writes cybersecurity articles for Cybertalk.org and speaks at events regarding cybersecurity for IT, IoT and OT environments, AI & ML in cybersecurity, the global threat landscape, shares strategic and tactical aspects such as experience, insight, knowledge, recommendations and best practices.
To
Opening Plenary Session: IoT Security: Past, Present, Future
The opening plenary session sets the stage for the rest of the day, exploring the cutting edge of IoT cybersecurity, AI and emerging themes. Following the welcome address, we will have two keynote talks that look at the emerging innovation and technology future. We will also take a look at what is in store for the IoTSF and its members with insights from the Executive Steering Board via a panel session taking the theme of the conference: IoT security – past, present and future.
This plenary session promises to equip attendees with a comprehensive understanding of the cybersecurity landscape, setting the context for the specialized tracks that follow. Attendees will not want to miss this opportunity to gain valuable insights from industry leaders and connect with fellow professionals at the forefront of IoT security.
The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks
New developments in the evolution of the IoT Security Foundation’s popular security assurance framework will be announced and we will explain its transformation from a developer checklist to a corporate reference for automating audits and certification. We also highlight the recent and important work from NIST on IoT Device Onboarding and Lifecycle Management which addresses real-world trust challenges across enterprise, industrial and consumer networks. Join us to understand the collaborative future of IoT security and its practical implications
IoT Foundations of Trust: Secure by Design
This session explores contemporary cutting-edge approaches to building security into IoT devices and systems from the ground up. Experts will outline the essential elements for secure IoT products and also look at solutions for decentralized and autonomous IoT applications, examining how to leverage hardware security modules to protect vehicle-to-everything (V2X) communications.
We will also delve into the critical role of true randomness in cryptography with a focus on preparing for emerging AI and quantum computing threats.
Attendees will gain practical insights into implementing robust security measures at the hardware and system level to create resilient IoT systems.
The CISO Journey: From Coax to Resilience
In this session, we look at how cyber security has changed over the last 20+ years from the CISO perspective. Where once upon a time all they worried about were operating systems, printers, memory sticks and shadow IT. But soon every new technology became shadow IT, with mobile phones, ipads, social media, cloud services, etc.
This session will explore how CISOs started from overseeing information security, which included computers, users, the network, etc. to today, where they have to view things from an enterprise cyber resilience perspective. Does this really mean that there is nothing that they can rule out from having to provide guidance on or be responsible for? These and many other questions will be explored with our expert panel who will provide perspectives of what cyber resilience means to them in their daily world view for an enterprise.
The Practice of IoT Security: From Breach Response to Threat Anticipation
The session also includes best practices for comprehensive testing of products with diverse supply chain components. Through expert-led talks and interactive discussions, participants will gain valuable insights to strengthen their organization’s IoT security posture.
The Business of IoT Security: Mastering the Economics
In this session we look at security through the economics lens – how can security help us win in business? What do we need to know beyond the technical requirements, how do we weigh up risk and reward – how can the approach be used to underpin, even boost business objectives?
IoT technology has many commercial applications, and the resilience to attack of the connected systems is essential for business success. Context is king when determining security features, yet the business case dominates the feasibility of any successful, sustainable, security posture.
Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future
This engaging IoT security session will equip attendees with valuable insights and practical strategies to enhance their IoT defences. We’ll examine historical patterns, extracting crucial lessons to fortify future IoT implementations.
Prepare yourself for a humorous yet eye-opening journey through the “10 Rules to Build Unsecure Embedded Systems” highlighting common pitfalls and misguided practices that compromise security. We’ll also explore the cutting-edge world of eSIMs, uncovering their unique security properties and how they can future-proof IoT device protection. This session blends historical analysis, satirical reflection, and emerging technology insights to provide a comprehensive view of IoT security challenges and solutions.
IoT Security Compliance: Navigating the Regulatory Landscape
As connected devices become ubiquitous in our homes, businesses, and cities, the need for security oversight has never been more critical. Yet, the path to regulation is fraught with challenges. This session illuminates the complex reality of IoT security regulation and compliance, where innovation and protection must coexist.
We’ll explore the global regulatory landscape, focusing on Europe’s CRA and RED, the UK’s PSTI, NIST CSF 2 and NIS2. Our expert speakers will dissect the delicate balance between fostering innovation and ensuring user safety, addressing the concerns of compliance professionals grappling with legal uncertainties and potential penalties.
Whether you’re an IoT manufacturer, policymaker, developer, consultant, or security professional, this session will equip you with the knowledge and insights needed to navigate the evolving regulatory landscape. Don’t miss this opportunity to stay ahead of the curve and contribute to a more secure and innovative IoT future.
Memory Safety: The Pernicious Challenge
What is the memory safety challenge? How big an issue is it and what can be done? Join this session to learn about the complexities of memory safety, explore current solutions, and glimpse into the future of secure IoT systems.
Whilst memory safety in computing has been identified as a challenge since the 1970’s, it became a significantly bigger problem with the growth of connected and distributed systems – such as the IoT. Solutions to the memory safety challenge are beginning to emerge from the research labs toward real-world applications underpinned by a range of hardware and software technologies. This session dives into the critical world of memory safety and its implications for secure IoT systems. Beginning with an academic exploration of memory safety fundamentals, we progress to cutting-edge industry solutions.
We’ll examine the UK government-backed CHERI project, discuss the role of memory-safe languages like Rust, and explore industry efforts to popularize these technological advances
This session is intended for designers, developers, manufacturers, and users of IoT technology, providing them with the knowledge and tools needed to improve the security and reliability of connected systems.
The Human Side of IoT Security: Protecting People, Spaces, and Systems
This session explores critical aspects of IoT security, focusing on protecting vulnerable communities and public spaces while addressing technical challenges in embedded systems. Experts will discuss how IoT technologies can be misused to target at-risk groups and strategies to mitigate these threats.
We’ll examine the importance of language and framing when discussing IoT deployments in public areas, emphasizing transparency and community engagement. The session will also delve into common vulnerabilities in embedded systems, sharing insights from hands-on security education. A guest speaker will highlight the crucial role of cross-sector collaboration in building a more secure IoT landscape. Attendees will gain a wider view of IoT security challenges and practical approaches to address them.