By John Moor

As we see the application of IoT technologies evolve, it is gratifying to witness the fact that security has become an intrinsic part of the implementation debate. Whilst there are plenty of hacks and vulnerabilities that are still capturing media attention, we have made significant ground in recent times with industry and government fighting back. Across the globe there have been healthy discussions around certification and regulatory controls in cyber security where IoT features prominently.

Within Europe, our associates at ENISA, ECSO and ETSI (to name a few), are scoping out how to build trust into digital technologies and drive standards. And earlier this year in the UK, the Government published its Secure by Design report which had the full support of the IoT Security Foundation. Indeed, the prime author of the ‘code of practice’ published therein, is a colleague and sits on our Executive Steering Board. And there’s plenty more, but hopefully you’ll already get a sense that ignorance and naivety are losing as we are turning the battle, not just for awareness of insecurity, but also for active defence. We cannot be complacent of course as we’ve still a long way to go, and it is clear ‘the battle’ will never be truly over as security is a constant arms-race.

In one sense at least, security is not a choice – there will be no IoT without basic security – that debate has already been decided. Yet there are many routes to achieve the security goals of nations, organisations and the many applications IoT can be applied to. I have said it many times before (and will no doubt continue to do so), that ‘IoT security is a wicked challenge’. Our efforts need to cover more than the technical aspects. We also need to consider the business environment, the people dimension, a complex legal and regulatory landscape that varies by region and, if that wasn’t enough, our new digital world is mired in safety and ethical issues too.

So how does someone go about deciding what constitutes fit for purpose security? How does it meet contemporary best practice, what is next practice and how does it fit within your business constraints? How do you ensure it remains fresh over the required lifetime? All key questions that need to be broken down and better understood so the array of solutions on offer can then be judged more purposefully.

That is why we have chosen the IoTSF’s conference theme this year to be… (drum roll):  ‘Secure by Choice’

This enlightenment complements the secure by design mantra that has gained in prominence and we will be going deeper into the subject matter, the issues and how they can be mitigated.

I am further delighted to tell you that we already have a compelling line up of thematic talks and expert speakers to meet our aim. I was personally delighted when Tyson Macaulay, author of the acclaimed book (acclaimed by me specifically!) ‘RIoT Control: Understanding and Managing Risks and the Internet of Things’ accepted our invitation to speak and he’ll be jetting in to give us an up to date view in his address titled “Coming off the bottom: what has been learned and what to expect from IoT security”.

We’ll tell you more about our other great speakers as we get closer to the conference date of December 4th. To find out more, including announced speakers and details on registration, goto the conference website :

We hope that you’ll join us and be part of our mission to make it safe to connect… in the era of IoT.

Tyson Macaulay

Author and Chief Product Officer, Infosec Global