It seems a little strange writing this blog right now. That is, taking a look back at the IoTSF 2016 conference, as we’re already off the blocks with the 2017 conference planning. Indeed, we’re also well into the development planning for the IoTSF program (more on that throughout the year).
However, right now I get to let you know that were starting to publish selected talks on the IoTSF website, with more following over the coming months. It’s also an opportunity to add a little narrative to accompany them, and provide a bit more of the back story as to the relevance of the talks.
Onto our first batch then, which features Ross Anderson’s talk on security standards and certification, Ken Munro’s talk on weaponising IoT and Aapo Markkanen’s perspective on IoT security.
For me, Ross and Ken’s talks are neatly balanced. On the one hand Ken Munro – as entertaining as ever – gives us an update on the evolution of IoT attacks as they have been happening over recent months and the frailties (madness?) of new product features. Mirai botnet? Of course, it would be rude not to, as this was the enduring flavour of the 2016 IoT attacks.
Psst! As a side note, I personally prefer the term ‘thingbot’ (as opposed to botnet) as it neatly identifies the weapon of choice – IoT in this case.
…and with IoT attacks being used as a weapon to take out central parts of the Internet, Ross Anderson’s talk is both timely and insightful. Just in case you didn’t know, Ross is a globally recognised security evangelist, authority, expert, practitioner – you name it. His impressive knowledge-base on security engineering provides insight with gravity. We were keen to hear Ross’s thoughts as to how those that govern, might go about addressing the issues that accompany connectivity and the digital world. Warning, spoiler alert, it’s not going to be easy or ‘more of the same’. The game has changed and we’re not quite ready, or indeed, set up to address the new challenges. As the political pressure rises in the wake of increasing attacks, it seems inevitable that regulation should follow. But what is needed? And how should we go about it? Are we using enough of what already exists?
All in all, regulation and certification are very important subjects from IoTSF’s perspective and something we’ve been discussing since, since… well, even before IoTSF was officially launched. We’ll have more to say on those subjects later this year now that we’ve published the first release of the IoT Security Compliance Framework. In the process we’ve accumulated a much better view as to the complexities and nuances that come with such a wicked challenge. Alas, if this is an area you’re interested in then we commend Ross’s talk to you.
For the astute amongst you, you’ll be aware that Machina Research has now been acquired by Gartner. The ink hadn’t dried on the deal at the time of the conference so Aapo’s talk comes from Machina’s efforts. It is perhaps not quite what you’d typically expect from a market analyst. There’s fewer numbers but much more personal insight and opinion as to how things are shaping up. What does he see as important and what’s coming up that is of interest? I’ll not steal Aapo’s thunder – instead I’ll recommend you grab a coffee and hear what he has to say in his own words.
You can view all the talks from here – if you haven’t already you’ll need to register with the site, but you’ll also get a lot more access to content, including past and future talks.
Finally, as I mentioned at the top, we’re beginning to plan the 2017 conference and we’ll announce the date and venue soon. If you’d like to be part of creating it; speaker, sponsor, exhibitor or even partner, please contact us, your support will be truly welcome.
John Moor
MD, IoTSF