Also seek reviewers and adopters for security best practice guidelines
Release Date: August 4th 2016
The Internet of Things Security Foundation (IoTSF) has published a free whitepaper which is intended as a primer for technology providers serving IoT markets. The guide, titled “Establishing Principles for the Internet of Things Security” has been edited by IoT security expert, and executive steering board member, Professor David Rogers.
The whitepaper comes in advance of a more detailed set of guidelines which will be published later this year at IoTSF’s annual conference on December 6th in London. IoTSF is currently working on best practices for consumer devices / smart home products, vulnerability disclosure, patching constrained devices and a self-certification framework. IoTSF also recently issued a request for external security expert reviewers and early adopters seeking guidance to help pilot the scheme.
Professor Rogers, also the champion for the Self Certification Working Group, said “We’re still seeing fundamental security flaws in connected products, despite many warnings in the press about insecurity. We’ve been working on a framework for technology suppliers in IoT. Our aim is that, no matter where you sit in the eco-system, you can do your bit to build an ‘Internet of Trust’. Security researchers care deeply about the future integrity and safety of IoT products and services and are concerned that companies are simply paying lip service to security. We’re appealing to them to help us review the guidelines we’re creating along with leading producers to help us ensure they are fit for purpose”.
The IoT Security Foundation is actively working to produce guidelines available for expert and early adopter technology suppliers to review by the end of Q3 2016 and ready for public release at the Foundation’s Annual Conference in London on December 6th.
John Moor, Managing Director of IoTSF said “IoT is a vast opportunity. Without security, and without trust, the markets will be slow to develop and the resulting benefits will take longer to realise. It is therefore crucial that technology suppliers, technology adopters and the security community work together to assure that trust. IoTSF was established to drive both the pervasiveness and quality of security solutions in IoT and we are now inviting industry producers to come together with experts from the security research community to help make IoT products secure by default.”
The whitepaper can be downloaded free from the IoT Security Foundation website at https://www.iotsecurityfoundation.org/
Early adopters and security experts can volunteer to participate in the guideline pre-publication process by sending an email to firstname.lastname@example.org
All contributing reviewers will be acknowledged in the final publications.
Details for the IoT Security Conference can be seen here: https://www.iotsecurityfoundation.org/event/iot-security-foundation-conference-2016/