The inaugural IoT Security Foundation Conference was held Tuesday at the Royal Society in London. The conference opened with an introduction to the Foundation's history and mission (and an invitation to join). The IoT Security Foundation, an international, collaborative, vendor-neutral, not-for-profit organization, "aspires to be the expert resource for sharing knowledge, best practice, and advice." The Foundation's mission is "to make the Internet of Things secure, to aid its adoption and maximize its benefits," in short, "make it safe to connect." Security of Internet-of-things (IoT) deployment was the conference's focus. The motivation for that focus was clear: raise the general standard of industry practice.
There's a lot of hype surrounding the IoT, and much of that hype surrounds its potential as opposed to its security. The effects of that focus, the introduction noted, may be seen in the sort of hasty design decisions that have hardly conduced to security: many devices re-use the same server-side HTTPS, certificates may be fixed into firmware, the same SSH login credentials are reused, and so on.
The IoT is many things, not one big thing. Recall Archilochus's epigram: "the fox knows many things; the hedgehog knows one big thing." IoT security is a family of problems that calls for foxy solutions.
No comments:
Post a Comment