In our last blog we highlighted the morning sessions on offer. This time we look into the afternoon tracks. After the chance to meet some friends over lunch and make contact with colleagues we sit down to enjoy and learn from established experts from across the IoT Security industry.
After lunch, from 13:30 to 15:00, we have a range of tracks for you to choose between. IoT Security Policy/Compliance and Assurance, Securing the IoT Supply Chain, and an IoT Security – Expert Workshop. Each will be chaired by a leading member of the IoTSF with several speakers and takes us up to afternoon tea! All will certainly consider highly significant topics and we capture some of those here!
IoT Security Policy, Compliance and Assurance
This session looks at current and upcoming regulation and considers the role of certification in compliance and assurance. As legislation across the globe gains momentum and impacts the field of IoT we explore the role of certification and compliance and whether continuous assurance is a realistic ambition.
What confidence can the end user have in the certification of products? What is the current state of play and are there more effective approaches? An overview of Global IoT Security Certifications and insight into how a global certification is developed. How can IoT Security stakeholders from Governments, Standards Organisations, Certification Bodies, Test Facilities, Manufacturers, Developers, Vendors and IoT Consumers collaborate more effectively?
The current product certification ‘solution’ involves a static assessment of a specific product under specific conditions and the associated processes are lengthy, ‘paper heavy’, and resource and capital intensive. Would a new approach – call it continuous assurance, or perhaps active certification reduce costs, and automate the risk management process?
Sound good? It certainly is of significance but so is the complex issue of the IoT supply chain.
How do we know the new product we are about to purchase or are already using is secure and our customers can trust it?
Securing the IoT Supply Chain
With globalisation, IoT products and services have an expansive attack surface. Supply chain attacks have been increasing in recent years as they are high value targets that attract the interests of adversaries with varying intent. Do you know if you are vulnerable or how important these risks are to your business?
It is essential that manufacturers and purchasers of connected products have an understanding of the risk associated with supply. How can the technology industry and businesses ensure the security of their supply networks? Is the supply chain transparent or opaque? Is it well managed or not at all? What impact will new legislation on SBoMs have in ensuring businesses identify and remediate vulnerabilities in product software to deliver better IoT security?
In this session we break the IoT security supply chain down and bring greater clarity to each of the elements; we look at the big picture, and we also look at the anatomy of a connected device (IoT) – including the hardware(s), the software(s), roots of trust, cryptographic functions, production data, software keys, certificates and more. Are you creating products or managing risk within your organisation? We will also discuss a new report on Software Bill of Materials. How will the US legislation affect the global supply chain?
No question at all that the supply chain is hugely important and that session is worthy of your attendance. But wait, the last choice is still to be considered. Surely the worlds of cryptography, systems and network security and their role in securing products and networks is vital. We have a group of world leading experts to help ensure your company is protecting its IT infrastructure and products so it is more resilient and can assure confidence to its customers.
IoT Security Expert Workshop
Are you fascinated by the world of cryptography, operating systems and network security? What are the implications for IoT Security? We have several leading experts in these fields who will guide you through complex disciplines to equip you for future challenges and secure your business!
In this session we delve into the world of cryptography with a leading expert on Public Key Infrastructure. Can we improve key management and how do we measure this? Or are we making it too easy for anyone to break into our networks? The next speaker considers the Linux operating system, how can we secure the kernel from attack? Lastly, we explore IoT Security risk methodologies. How can you effectively identify an IoT device, its current status, characteristics and behaviour? How can you choose accurate evaluation metrics to measure them? The session will provide a high level of education but will not assume deep technical knowledge and so be of value to all who want to learn more.
We hope this gives you an idea of what to expect and helps you choose an afternoon session. Following the afternoon break we all gather together at 15:30 until 17:00 to explore the world of IoT security and the CISO. We consider the role of standards and frameworks. What do we need to do to rise to the challenge of the IoT invasion and ensure our businesses are successful? More details to come soon! At the end of the day, we have a drinks reception and a networking dinner where we know you will enjoy great food and networking with friends, old and new!
So, sign up soon and don’t miss this fabulous event – with education and friendship combined.
Please get in contact with us for more details including some great sponsorship opportunities.
James Willison and Jenny Devoy – IoTSF Conference Planning Committee