Scotland is to get a new Internet of Things network. The network, called IoT Scotland, will allow the collection of data from smart devices through a wireless sensor network based on LoRa wireless technology.
The £6m, three-year project has been funded with investment from both the public and private sectors.
Initially, the network will cover Scotland’s seven cities, Glasgow, Inverness, Edinburgh, Aberdeen, Dundee, Perth, and Stirling, with the aim of expanding it throughout Scotland.
BSI, the business improvement company, has today launched a new BSI KitemarkTMfor IoT Devices, the first of its kind in the internet of things (IoT) space. The BSI Kitemark has been developed in response to the growth of internet connected products, and is designed to help consumers confidently and easily identify the IoT devices they can trust to be safe, secure and functional.
In March 2018 the Government’s Secure by Design review announced a series of measures to make connected devices safer to use. The Kitemark builds on these guidelines by providing ongoing rigorous and independent assessments to make sure the device both functions and communicates as it should, and that it has the appropriate security controls in place. Manufacturers of internet connected devices will be able to reassure consumers by displaying the Kitemark on their product and in their marketing materials.
There are three different types of BSI Kitemark for IoT Devices, which will be awarded following assessment according to the device’s intended use: residential, for use in residential applications; commercial, for use in commercial applications; and enhanced, for use in residential or commercial high value and high risk applications.
The assessment process involves a series of tests that help ensure the device is fully compliant to the requirements. Before being awarded the Kitemark the manufacturer is assessed against ISO 9001, and the product is required to pass both an assessment of functionality and interoperability, as well as penetration testing scanning for vulnerabilities and security flaws. Once the BSI Kitemark is achieved the product will undergo regular monitoring and assessment including functional and interoperability testing, further penetration testing and an audit to review any necessary remedial action. Importantly, if security levels and product quality are not maintained the BSI Kitemark will be revoked until any flaws are rectified.
See full BSI press release here:
BSI launches Kitemark for Internet of Things devices
Wi-Fi CERTIFIED EasyMesh™ brings a standards-based approach to Wi-Fi networks that utilize multiple access points (APs), combining the benefits of easy to use, self-adapting Wi-Fi with greater flexibility in device choice that comes with interoperable Wi-Fi CERTIFIED™ devices. Wi-Fi EasyMesh™ networks employ multiple access points that work together to form a unified network that provides smart, efficient Wi-Fi throughout the home and outdoor spaces.
For more information see:
The Eclipse Internet of Things Working Group IoT Developer Survey 2018 collected feedback from 502 individuals between January and March 2018.
The key findings in this year’s edition of the survey include the following:
- Amazon AWS and Microsoft Azure are the top 2 cloud services for IoT. Google Cloud Platform is failing to get traction.
- MQTT remains the standard of choice for IoT messaging, while AMQP is becoming more and more popular as companies scale their IoT deployments and backend systems.
- 93% of the databases and data stores used for IoT are open source software. Data collected and used in IoT applications is incredibly diverse, from time series sensor data to device information to logs.
For More Information see:
Key Trends from the IoT Developer Survey 2018
Building on concepts identified in the IIC Industrial Internet Security Framework, the Security Maturity Model (SMM) defines levels of security maturity for a company to achieve based on its security goals and objectives as well as its appetite for risk. This enables decision makers to invest in only those security mechanisms that meet their specific requirements.
“The Internet of Things has brought a lot of innovation to industries, but it also introduces new security threats. The security landscape is complex and always changing,” said Ron Zahavi, IIC Security Applicability group co-chair, the white paper Co-Author and Chief Strategist for Azure IoT Standards at Microsoft. “It can be challenging for organizations to understand where to focus their security budgets, especially with limited resources. The Security Maturity Model provides organizations with an informed understanding of security practices and mechanisms applicable to their industry and scope of their IoT solution.”
Organizations apply the SMM by following a process. First, business stakeholders define security goals and objectives, which are tied to risks. Technical teams within the organization, or third-party assessment vendors, then map these objectives into tangible security techniques and capabilities and identify an appropriate security maturity level. Following this, organizations develop a security maturity target, which includes industry and system-specific considerations, and capture the current security maturity state of the system.
“By periodically comparing target and current states, organizations can identify where they should make improvements,” said Sandy Carielli, white paper Co-Author and Director of Security Technologies at Entrust Datacard. “Organizations achieve a mature system security state by making continued security assessments and improvements over time. They can repeat the cycle to maintain the appropriate security target as their threat landscape changes.”
National Institute of Standards and Technology (NIST) have published a report on Lightweight Cryptography.
NIST approved cryptographic standards were designed to perform well on general purpose computers. In recent years,there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When current
NIST approved algorithms can be engineered to fit into the limited resources of constrained environments, their performance may not be acceptable. For these reasons, NIST started a lightweight cryptography project that was tasked with learning more about the issues and developing a strategy for the standardization of lightweight cryptographic algorithms. This report provides an overview of the lightweight cryptography project at NIST, and describes plans for the standardization of
lightweight cryptographic algorithms.
To view this report, see:
NIST Report on Lightweight Cryptography
In the Internet of Things, every smart device has to understand and speak the same language at the application layer. How else is a smart hub expected to know how to communicate and control an off-the-shelf door lock or thermostat? Without a common application layer, it really doesn’t matter how well the networking layers perform.
Dotdot is a universal, standard application language for smart devices to communicate over any network.
See ElectronicDesign Article:
Dotdot—The Language of the IoT
The Open Mobile Alliance (OMA) and the IPSO Alliance (IPSO) announced today that IPSO has transferred its assets, work and memberships to the OMA, forming a joint organization called OMA SpecWorks. All technical working groups from IPSO and OMA remain active and are tasked with creating and driving a set of global technical deliverables in the mobile and internet of things (IoT) services layer. OMA SpecWorks leverages OMA’s vast experience to allow developers to quickly transform an idea into an industry specification and then manage the specification’s publication and maintenance.
See Press Release:
IPSO Alliance Merges with Open Mobile Alliance to Form OMA SpecWorks
@TheRegister provides an overview here:
Good luck saying ‘Sorry I’m late, I had to update my car’s firmware’
“The IETF has noticed how badly Internet of Things firmware is managed, and wants it fixed. The Software Updates for Internet of Things (SUIT) working group was chartered in December 2017 and given the job of fixing this.”
The IETF drafts can be found here:
A Firmware Update Architecture for Internet of Things Devices
A Secure and Automatic Firmware Update Architecture for IoT Devices
The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments.