Launches 5 priority Working Groups

Release Date: May 12 2016

The IoT Security Foundation (IoTSF), a non-profit member organisation established to raise the quality of security across IoT, has announced the formation of a number of working groups as it promotes the concept of the Supply Chain of Trust.

Security is often considered in technical terms by the industry that supplies the technology and the systems. Yet in the future world of IoT, many parties will be required to specify, deliver and maintain a multi-verse of systems and their services. Delivering strong, fit-for-purpose, resilient security features goes far beyond the latest encryption and technical standards, it demands that each player in the supply chain recognises the importance of security and implements it in their business practices in addition to the enabling technology. Both industry and market need to adopt the concept of a “chain of trust” which will allow each player to identify trusted suppliers and in turn provide trusted products and services to their customers.

To support the supply chain of trust concept, the IoT Security Foundation has established 5 priority working groups. Each working group has an Executive Steering Board champion and is driven by the efforts of the Foundations’ members.

The initial groups are:
1. Self-Certification
2. Connected Consumer Products
3. Patching Constrained Devices
4. Responsible Disclosure Guidelines
5. The IoT Security Landscape

John Haine, Chairman of IoTSF said “we have come a long way since the Bletchley Park IoT security summit just one year ago. In a short space of time we have validated the need for a collaborative approach to IoT security, launched the Foundation, held our inaugural conference at the Royal Society, recruited 60 members ranging in size from major multi-nationals through SMEs to start-ups, and now we’ve established our first five priority working groups. During the year a need has become ever clearer, that technology suppliers, adopters, service providers and retailers must understand their own duties of care to their customers, and share the responsibility of building a supply “chain of trust”. That requires leadership and courage as the pressure to get products to market distracts attention. Ultimately, however, we believe those that demonstrate care for customers will win in the long term. Our message today is simple, help us on that journey and join our mission of making it safe to connect”.

John Moor, Managing Director IoTSF added “there is so much hype surrounding IoT right now that it is difficult to discern what is noise and what will last. Like any technology IoT can be used to deliver societal benefits, but it can also be weaponised in numerous ways – from inconvenience to national compromise. When we started looking at security issues in IoT we were somewhat appalled by how bad it is in some areas – a cursory look at the media headlines shows that. Something had to be done – we need to move beyond the horror stories and address the many security challenges that exist by promoting best practices, educating users and systematically raising the security bar throughout IoT. That’s what IoTSF has set out to do and the real work starts here.”

IoTSF is now inviting all parties involved in providing, specifying, supplying and using IoT technologies to collaborate and support its vision of the supply chain of trust.

John Haine

technology suppliers, adopters, service providers and retailers must understand their own duties of care to their customers

IoT can be used to deliver societal benefits, but it can also be weaponised