The tenth edition of the IoT Security Foundation (IoTSF) Conference in London on the 23rd October greeted a gathering of cybersecurity and security experts, as discussions revolved around the increasing risks posed by more devices becoming connected; the importance of security never being an afterthought; and the role regulation has to play, to name a few.
John Moor, Managing Director of IoT Security Foundation officially opened the conference and spoke about the Foundation’s evolution and its mission in “staying firm” to addressing “the wicked challenge of IoT cybersecurity”.
“Our founding values, which we review every year, haven’t changed. They stay firm,” he said. “That is a security first mindset.”
As the conference reflected, the “wicked challenge of cybersecurity” to borrow Moor’s words, hasn’t gone away. Cyber criminals and hackers will continue to look for ways of exploiting increasingly connected devices, as the growth of the IoT has also led to the growth of an attack surface.
One figure cited during the event was that cyber crime now values the world’s third largest economy – $1 trillion – and with it being so profitable, cyber attacks aren’t likely to diminish any time soon.
Knowledge sharing
The event was an opportunity for security professionals to catch up, but also to discuss the big challenges of today, new technologies and how to make sure security remains at the forefront of businesses’ agenda.
One point raised was on the importance of collaboration between academics and industry experts to talk about shared challenges, bringing in different perspectives and viewpoints to address collective challenges.
“Cybersecurity affects our lives on a daily basis and is a really huge business,” said Professor Alex Mouzakitis, Programme Director, Cyber Security at Jaguar Land Rover in his keynote speech. “That’s why we need the academics and industrialists such as myself to come together and to create the future rather than react to it.”
The conference provided an opportunity for knowledge sharing, which was emphasised as an effective approach to tackling the challenges the IoT industry faces today.
“There is a lot of knowledge, but it’s locked up in a few people and in a few industries,” said Peter Davies, Technical Director at Thales in a panel session on the past, present and future of IoT security. “The challenge with the IoT is to enable new entrants, new types of products, and it is about socialising some of these very technical issues and nuanced points into a much wider audience. I think that’s why the [IoT Security] Assurance Framework has been downloaded so many times.”
“I started following the IoTSF when I started my Internet of Things test bed at University College London and we saw that the IoT landscape and threats were changing dynamically,” noted Dr. Anna Maria Mandalari, Assistant Professor, Dept. Electrical and Electronic Engineering, University College London. “Academia, industries and policy makers have challenges. The IoT Security Foundation is a great place for these kinds of exchanges.”
Navigating cybersecurity regulation
Knowledge sharing also provides a useful tool for understanding and navigating regulatory compliance – a big emphasis of the event – as the PSTI Act, passed on the 29th April in the UK this year, the US’ upcoming Cyber Trust Mark and the EU’s Cyber Resilience Act and NIS2 Directive, respectively, show a myriad of approaches to securing devices and networks that companies operating in different markets need to understand in order to ensure hey are compliant.
A panel session on navigating regulatory compliance shared tips and advice (in relation to the CRA): “Keep an eye out for updates that are going to happen over the coming months and potentially years as well,” said Simon Dunkley, Global Spectrum Lead at Itron. “Another thing is to fundamentally make sure your products are secure … Using something like the IoTSF is a good way forward but also seek advice from your peers and advice from consultants.”
“One thing we advise is to look internally at what frameworks do exist, like the IoTSF framework, and put your products through that,” added Matt Tett, Subject Matter Expert, IoT Security Mark P/L. “Most organisations that we work with in manufacturing and vendors, have compliance teams … they understand how regulations and standards work, and then see which markets they’ll be exporting their products to or importing their products from.
“That’s the number one thing we say before you even look at whether you can self-declare or whether you need to go through an assessment.”
The tenth edition of the IoTSF Conference highlighted well the challenges the IoT industry faces in the context of security, but also the tenacity and ingenuity of the experts working on these challenges, and the importance of providing a forum to swap ideas and spark conversation.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.