One Birdcage Walk – home of the Institution of Mechanical Engineers – was the stylish scene of last week’s IoTSF Plenary event which featured a packed thought leadership agenda to brief members on the latest deep subject matter expertise.
The IoTSF’s very own Chris Bennison got the day started by announcing the imminent launch of the Foundation’s latest Chapter – IoTSF Amsterdam.
A 40-minute segment from the IoTSF’s newest expert working group was first up: Regulatory Watch.
Regulatory Watch
The purpose of this industry working group is to keep IoTSF members updated on regulatory matters and compliance with international regulations, shape/influence regulations by engaging with global regulatory bodies and to raise public awareness of the group’s work.
IoTSF Chairman and Regulatory Watch leader, Stephen Pattison, gave an overview of the group’s recent activity – including the publication of a UK PSTI paper and a forthcoming EU CRA document – before a panel session featuring Ian Pearson (Microchip), Prof. Paul Kearney (Cybersecurity Consultant) and Paul Phillips (Resideo) entitled ‘The regulators are coming to get you!’
UK PSTI was discussed. It was agreed that there is no issue with the objective or security requirements of the legislation, but the confusing nature of its implementation and lack of clarity are a serious concern.
The EU CRA was also a major topic of discussion with the enactment firmly in the group’s sights.
The participation of Regulatory Watch was a declarative milestone cementing them as a major IoTSF working group and one which aims to play a significant, influential role as a leading legislative voice the world over.
Assurance Framework
The next segment focussed on the work of the Assurance Framework. Outgoing group leader, Trevor Hall (Synaptics), began the session to mark the formal handover to his successor Ian Pearson (Microchip).
Ian paid tribute to Trevor before talking about his aim of making the Assurance Framework more accessible, globally relevant, universally applicable and extensible.
He went on to present exciting plans for the creation of a ground-breaking new software tool which will be designed to take users towards the destination of regulatory compliance.
With collaboration at the heart of every IoTSF working group, members are invited to the next Assurance Framework meeting to help shape, influence and roadmap this industry-grade tool for manufacturers, test labs, consultants et al.
Look out for further details of this major new product, IoTSF members will be able to view a video recording of the presentation.
Smart Built Environment
Next up was the cross-functional, cyber physical security leadership team from the IoTSF Smart Built Environment group.
Mo Ahddoud (Chameleon) chaired a lively discussion on the problem of buying secure products in a range of built environments. Sarb Sembhi (Virtually Informed) outlined the risks from a CISO perspective and Jason Shaw (AECOM) spoke of the challenges of the building technologies, as so many are not secure.
James Willison (IoTSF) highlighted the work of the SBE group indicating that the new IoTSF procurement guide (to be published later this year) was being written by senior security professionals from several leading organisations, during a lively interactive debate with the audience, on ‘Who is responsible for the risk?’
Digital Security by Design UKRI initiative
After lunch, the focus was on the Digital Security by Design UKRI initiative – a collaborative project grown from the ManySecured group. IoTSF’s thought leaders have played a central role in this significant project which is ensuring a stronger and more secure computing environment for the future.
There has been great progress but there are also challenges. Professor Andrew Martin (University of Oxford) began by describing the capabilities of the Secure Networking by Design project which is partnered by TechWorks, NQuiringMinds and Oxford University.
A CHERI router is, no doubt, stronger – but their research has found that the end user might not use one.
Dr. Nick Allott (NQuiringMinds) followed with a summary of recent work at NIST which the ManySecured group has contributed to, showing how using CHERI will enable secure onboarding and continuous assurance of devices. Andrew then continued with the latest research from Oxford, which indicates that CHERI is, in fact, better at protection with almost all critical vulnerabilities eliminated.
Global Marketing Strategy Report for CHERI based Router + Connected Device Infrastructure
The last session was led by Haydn Povey, CEO, SCI. Since March, Haydn has been working on a report to determine the economic benefits of CHERI for routers and connected devices.
Nick Allott first outlined the issue in a DSbD workshop in Manchester last November. Nick joined Haydn on stage to lead the Q&A session. Haydn clearly demonstrated the capabilities of CHERI and the challenges of adoption.
He said, “The report is intended to take a snapshot of the status of CHERI technology, implementations and benefits right now, and identify the next set of objectives for pushing the technology to the mainstream.
“The most critical recommendation is the need to continue to drive adoption through the development of beach head markets, demonstrating the viability of the technology and the limited cost impacts involved in code transition.
“To achieve these beach heads commercial technology must be available, replacing test chips and non-viable solutions. This is a major undertaking and one that requires governmental support.”
The ‘Global Marketing Strategy Report for CHERI based Router and Connected Device Infrastructure’, is due for publication very soon.
The demonstrable depth of knowledge, strength, influence and productivity of the IoTSF’s working groups was showcased emphatically at this compelling event. Our energised working groups now look ahead to London’s 2024 IoTSF Conference in October with renewed vigour.
Thank you to all who attended this wonderful day in Westminster, we’ll be holding similar events in the near future.
Go to our members-only platform and be a part of our significant, progressive and prolific working groups. Here are the upcoming online meetings.
Regulatory Watch: Wednesday 17th July 2024
Assurance Framework: Wednesday 24th July 2024
Smart Built Environment: Friday 2nd August 2024
ManySecured: Tuesday 6th August 2024
