Internet of Things Security Foundation Conference | 40+ Speakers

Internet of Things Security Foundation Conference

Internet of Things Security Foundation unveil over 30 speakers for the 6th Annual IoT Security Foundation Conference, PLUS more to be announced soon. The IoTSF Cybersecurity Conference is a four-day virtual event, from 1st to 4th December, 2020, that will illuminate and educate delegates with best practice, next-practice and the latest developments in IoT cyber security.

Book Tickets here

The Internet of Things Security Foundation Conference features talks by leading cyber security experts, training workshops and track sessions for executives, developers, engineers, managers and security professionals including:

Keynote Speech:“AI-Driven Cyber Defense for Endpoint Energy Assets”
Leo Simonovich, VP & Global Head, Industrial Cyber, Siemens Energy
Keynote Speech:“IoT Security Challenges and Opportunities in the 5G Era”
Mihoko Matsubara, Chief Cybersecurity Strategist, NTT CorporationKeynote Speech:“When One Size Solution Doesn’t Fit All”
Kat Megas, Program Manager for the NIST Cybersecurity for Internet of Things (IoT) program, NIST

“Software Provenance – Where Do We Draw the Line?”
Matt Wyckhouse, CEO, Finite State

“Securing the Industrial IoT”
Simon Butcher, Principal Embedded Security Engineer, Arm

“Secure Management of Things in AWS IoT”
Dave Walker, Principal Specialist Solution Architect for Security and Compliance, Amazon Web Services

“Practical Physical Attacks Against Embedded Systems and Their Secure Design to Mitigate Them”
Rohini Narasipur, Product security engineer and incident handler, Bosch PSIRT

“Challenges of Vulnerability Management and Disclosure Processes in a Big Organisation – The Bosch PSIRT”
Carolina Adaros, Product Security Incident Handler, Bosch PSIRT

“Shining the Light of Truth: a Journey into Vulnerability Disclosure Practices at Consumer IoT Product Companies”
David Rogers MBE, Founder, Copper Horse

“IoT on the Frontline – when a 3rd Party 0day Becomes your Problem…”
Adam Laurie, Global Lead Hardware Hacker, IBM

“Sensory Overload – Cybersecurity Threats for Next Generation Vehicles”
Steve Povolny, Head of Advanced Threat Research, McAfee

“Secure by Design, Still a USP in a Competitive Environment”
Ivan Reedman, Head Tinkerer and Ponderer, NCC Group

“The Consumer IoT Attack Surface – an Architectural Deep Dive on the Threats and Mitigations for Real World IOT Deployments”
Nick Allott, CEO, NquiringMinds

“One Way or Another, they’re Going to Get you: Threats to Press Freedom from the Internet of Things”
Anjuli Shere, Analyst/Writer/Researcher, University of Oxford

“Securing the Internet of Medical Things”
Andy Bridden, IoT Security Consultant, PA Consulting

“The IoT is Littered with Security Disasters. As the Distinction from OT Blurs how do we Avoid Repeating them?”
Ken Munro, Partner, Pen Test Partners

“Meeting the Industry 4.0 Security Challenges of IEC 62443”
Haydn Povey, CEO, Secure Thingz

“IoT Security Reference Architecture”
Professor Kwok-Yan LAM, Professor of Computer Science, Nanyang Technological University

“ETSI EN 303 645 – the Ultimate IoT Testing Baseline. Lessons Learned and way Forward”
Razvan Venter, Team Lead Security Compliance and Certifications, Secura B.V.

“How eSIM Technology Can be Used Within the IoT”
Zofia Domanska, Product Manager, G+D

“IoT security, and it’s Disturbing Status”
Pieter Meulenhoff, Quality control, internships & security training, Eurofins Cyber Security

“Supply Chain Integrity”
Amyas Phillips, Chair of the IoTSF Supply Chain Integrity Working Group, IoT Consultant & Security Scientist, Ambotec

“New Guidance and Best Practices on the Security of Smart Built Environments, IoTSF”
James Willison, Founder, Unified Security

“What is a Smart Built Environment, and Why it Matters?”
Sarb Sembhi, Co-Chair of Smart Built Environment Group, CTO & CISO, Virtually Informed

Join the IoTSF Conference and:

  • Learn About the Potential Risks & Vulnerabilities Associated with IoT Systems & Connected Devices
  • Gain an Understanding of IoT Security Best Practice for the Design of Products & Services
  • Understand what to Specify & Look for When Procuring IoT Products & Services
  • Learn About the Current and Future State of Standards, Regulation & Assurance
  • Discover the Lessons Learned in Real Life War Stories
  • Hear From Leading Experts & Companies Offering Security Products, Solutions & Services

Internet of Things Security Foundation Conference

Internet of Things Security Foundation Conference

The 6th Annual Internet of Things Security Foundation Conference is a four-day virtual event that takes place between Tuesday 1st and Friday 4th December 2020.  Join the IoTSF for 4 days of expert talks & training sessions to expand your knowledge on the best practice and the latest developments in IoT cyber security. The IoTSF Conference features talks by leading cyber security experts, training workshops and track sessions for executives, developers, engineers, managers and security professionals.

  • Learn about the potential risks and vulnerabilities associated with IoT systems and connected devices
  • Gain an understanding of IoT security best practice for the design of products and services
  • Understand what to specify and look for when procuring IoT products and services
  • Learn about the current and future state of standards, regulation and assurance
  • Gain from the lessons learned in real life experiences/war stories
  • Hear from leading experts and companies offering security products, solutions and services

For more details of the Internet of Things Security Foundation Conference see:  Conference website.

Book Tickets here

The IoT Security Foundation has announced first set of speakers for the 6th Annual IoT Security Foundation Conference:

Keynote Speech
“AI-driven Cyber Defense for Endpoint Energy Assets”
Leo Simonovich
VP & Global Head, Industrial Cyber at Siemens Energy

Protecting endpoint operating technologies (OT) is an increasingly important challenge for the energy sector. As energy companies continue to digitize existing assets and build new assets with intrinsic network connectivity, they present an ever-expanding attack surface to escalating attacks. Overall, the energy industry has made tremendous progress in maturing cybersecurity capabilities. Yet current practices leave significant gaps due to lag between updates.

This keynote will describe in detail the current challenges faced by energy companies, the implications of observable industry trends, the characteristics that potential cyber-security solutions must meet, and why they believe AI and ML technologies can meet these requirements now and in the future.

Keynote Speech
“IoT security challenges and opportunities in the 5G era”
Mihoko Matsubara
Chief Cybersecurity Strategist at NTT Corporation

This presentation aims to analyse IoT security issues and opportunities at both the policy and technical level in the 5G era. The world is now more concerned over IoT and 5G security due to growing security threats during the pandemic and mounting geopolitical tensions. Yet, this talk will also shed light on collaborative efforts by government and industry for a smart world and 5G security as well as financial incentives to embed security in new projects in their early stages.

Software Provenance – Where Do We Draw the Line?
Matt Wyckhouse
CEO at Finite State

There has been a lot of uproar about supply chain security – from 5G deployments around the world to threats to our power grids – and it seems that a day doesn’t go by without some new threat or government action. Many governments around the world, and in particular the US, are trying to “solve” supply chain risk management by introducing regulations focused on banning vendors from the supply chain. Notably, the US has taken several actions to try to limit vendors from potential adversary countries (such as China) from being involved in supply chains for certain types of critical infrastructure.

This talk will discuss how simple analysis of a vendor’s country of origin is a failing and incomplete model of supply chain risk. While geopolitical analysis is an important risk factor, the truth is that every device, every software application, and every vendor has some level of geopolitical risk. We live in a world that is fueled by global supply chains and open source software that is built by global, distributed teams of engineers. So where do we draw the line?

Lesley Kipling
Chief Cybersecurity Advisor at Microsoft EMEA

Previously lead investigator for Microsoft’s detection and response team (DART), Lesley Kipling has spent more than 16 years responding to our customers’ largest and most impactful cybersecurity incidents. As Chief Cybersecurity Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning.

Internet of Things Thames Valley Meetup | 11th September

Internet of Things Thames Valley Meetup

There is just 1 week to the next Internet of Things Thames Valley Meetup @tv_iot on 11th September at the Green Park Conference Centre, 100 Longwater Avenue, Green Park, Reading, Berkshire, RG2 6GP.

Internet of Things Thames Valley

Reading, GB
1,772 Members

This group is open (free) for business, academic, public sector and technical professionals interested in the ‘Internet of Things’ who wish network, share knowledge, experienc…

Next Meetup

IoT Thames Valley Meetup #27

Wednesday, Sep 11, 2019, 6:00 PM
68 Attending

Check out this Meetup Group →

This is a free to attend Meetup. Networking from 6pm.

The Talks & Speakers include:

“5G and Connected Communities, where we are, how we got there and the challenges to come” – Guy Matthews, Director of Emerging Technology, CGI Business Consulting
5G has reached the cusp of moving from a decade of R&D into a decade of deployment across the globe. It will bring immense change across major industries and herald the growth of technologies like immersive and AI. But what is 5G and how will it be implemented across urban and rural communities? This short presentation will cover the basics of 5G, the state of development in the UK and globally, and the remaining commercial and technical challenges to 5G development at scale and load.

“Saving lives on British railways with IQRF” – Šimon Chudoba, CEO IQRF Alliance
IoT can not only reduce operation and maintenance costs or enable completely new business models but literally save lives and avoid derailments on railways. Simon will present one of the solutions of IQRF Alliance members which monitors railway embankments in the UK.

“Can you Trust your Smart Building?” – Duncan Purves, 2 Insight Ltd
Understand the security issues associated with ‘smart’ building systems and why they are important to you

IoT Scotland Network based on LoRa

Scotland is to get a new  Internet of Things network. The network, called IoT Scotland, will allow the collection of data from smart devices through a wireless sensor network  based on LoRa wireless technology.

The £6m, three-year project has been funded with investment from both the public and private sectors.

Initially, the network will cover Scotland’s seven cities, Glasgow, Inverness, Edinburgh, Aberdeen, Dundee, Perth, and Stirling, with the aim of expanding it throughout Scotland.

https://www.holyrood.com/articles/news/scotland-get-%E2%80%98most-advanced%E2%80%99-internet-things-network-uk

BSI launches Kitemark for Internet of Things devices

BSI, the business improvement company, has today launched a new BSI KitemarkTMfor IoT Devices, the first of its kind in the internet of things (IoT) space. The BSI Kitemark has been developed in response to the growth of internet connected products, and is designed to help consumers confidently and easily identify the IoT devices they can trust to be safe, secure and functional.

In March 2018 the Government’s Secure by Design review announced a series of measures to make connected devices safer to use. The Kitemark builds on these guidelines by providing ongoing rigorous and independent assessments to make sure the device both functions and communicates as it should, and that it has the appropriate security controls in place. Manufacturers of internet connected devices will be able to reassure consumers by displaying the Kitemark on their product and in their marketing materials.

There are three different types of BSI Kitemark for IoT Devices, which will be awarded following assessment according to the device’s intended use: residential, for use in residential applications; commercial, for use in commercial applications; and enhanced, for use in residential or commercial high value and high risk applications.

The assessment process involves a series of tests that help ensure the device is fully compliant to the requirements. Before being awarded the Kitemark the manufacturer is assessed against ISO 9001, and the product is required to pass both an assessment of functionality and interoperability, as well as penetration testing scanning for vulnerabilities and security flaws. Once the BSI Kitemark is achieved the product will undergo regular monitoring and assessment including functional and interoperability testing, further penetration testing and an audit to review any necessary remedial action. Importantly, if security levels and product quality are not maintained the BSI Kitemark will be revoked until any flaws are rectified.

See full BSI press release here:

BSI launches Kitemark for Internet of Things devices

Wi-Fi Alliance introduces EasyMesh

Wi-Fi CERTIFIED EasyMesh™ brings a standards-based approach to Wi-Fi networks that utilize multiple access points (APs), combining the benefits of easy to use, self-adapting Wi-Fi with greater flexibility in device choice that comes with interoperable Wi-Fi CERTIFIED™ devices. Wi-Fi EasyMesh™ networks employ multiple access points that work together to form a unified network that provides smart, efficient Wi-Fi throughout the home and outdoor spaces.

For more information see:

WiFi EasyMesh

 

Key Trends from the #IoT Developer Survey 2018

The Eclipse Internet of Things Working Group IoT Developer Survey 2018 collected feedback from 502 individuals between January and March 2018.

The key findings in this year’s edition of the survey include the following:

  • Amazon AWS and Microsoft Azure are the top 2 cloud services for IoT. Google Cloud Platform is failing to get traction.
  • MQTT remains the standard of choice for IoT messaging, while AMQP is becoming more and more popular as companies scale their IoT deployments and backend systems.
  • 93% of the databases and data stores used for IoT are open source software. Data collected and used in IoT applications is incredibly diverse, from time series sensor data to device information to logs.

For More Information see:

Key Trends from the IoT Developer Survey 2018

Industrial Internet Consortium (IIC) Publishes #IoT Security Maturity Model White Paper

Building on concepts identified in the IIC Industrial Internet Security Framework, the Security Maturity Model (SMM) defines levels of security maturity for a company to achieve based on its security goals and objectives as well as its appetite for risk. This enables decision makers to invest in only those security mechanisms that meet their specific requirements.

“The Internet of Things has brought a lot of innovation to industries, but it also introduces new security threats. The security landscape is complex and always changing,” said Ron Zahavi, IIC Security Applicability group co-chair, the white paper Co-Author and Chief Strategist for Azure IoT Standards at Microsoft. “It can be challenging for organizations to understand where to focus their security budgets, especially with limited resources. The Security Maturity Model provides organizations with an informed understanding of security practices and mechanisms applicable to their industry and scope of their IoT solution.”

Organizations apply the SMM by following a process. First, business stakeholders define security goals and objectives, which are tied to risks. Technical teams within the organization, or third-party assessment vendors, then map these objectives into tangible security techniques and capabilities and identify an appropriate security maturity level. Following this, organizations develop a security maturity target, which includes industry and system-specific considerations, and capture the current security maturity state of the system.

“By periodically comparing target and current states, organizations can identify where they should make improvements,” said Sandy Carielli, white paper Co-Author and Director of Security Technologies at Entrust Datacard. “Organizations achieve a mature system security state by making continued security assessments and improvements over time. They can repeat the cycle to maintain the appropriate security target as their threat landscape changes.”

NIST Report on Lightweight Cryptography

National Institute of Standards and Technology (NIST) have published a report on Lightweight Cryptography.

Abstract

NIST approved cryptographic standards were designed to perform well on general purpose computers. In recent years,there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When current
NIST approved algorithms can be engineered to fit into the limited resources of constrained environments, their performance may not be acceptable. For these reasons, NIST started a lightweight cryptography project that was tasked with learning more about the issues and developing a strategy for the standardization of lightweight cryptographic algorithms. This report provides an overview of the lightweight cryptography project at NIST, and describes plans for the standardization of
lightweight cryptographic algorithms.

To view this report, see:

NIST Report on Lightweight Cryptography

Dotdot—The Language of the IoT

In the Internet of Things, every smart device has to understand and speak the same language at the application layer. How else is a smart hub expected to know how to communicate and control an off-the-shelf door lock or thermostat? Without a common application layer, it really doesn’t matter how well the networking layers perform.

Dotdot is a universal, standard application language for smart devices to communicate over any network.

See ElectronicDesign Article:

Dotdot—The Language of the IoT