Seeks reviewers for security best practice guidelines
Release Date: July 28th 2016
Two board directors and security expert members from the IoT Security Foundation (IoTSF) will be seeking input from hackers and security researchers at Blackhat and DEF CON 24 for best practice guidance documentation during the first week of August:
Analysts agree that the opportunity for IoT is significant, yet along with the opportunity also comes a significant security risk. The IoT Security Foundation is a growing stakeholder community and was established to respond to a wide range of security concerns in emerging and developing markets. In order to drive the pervasiveness and increase the quality of security in IoT domains, IoTSF has prioritised its early work in the unregulated markets of consumer and the smart home by forming a number of working groups to address the acute and common issues.
Two of those working groups will be represented at Blackhat and DEF CON with leaders of those groups seeking expert reviewers to ensure the published best practice guidance meets the quality and fitness objectives set.
IoTSF Board Directors David Rogers and Ken Munro will be available to meet at Blackhat and DEF CON – contact via twitter
Mobile and IoT security expert David Rogers, champion for the Self Certification Working Group at IoTSF:
“We’re still seeing fundamental security flaws in connected products, despite many warnings in the press about insecurity. We’ve been working on a framework for technology suppliers in IoT. Our aim is that, no matter where you sit in the eco-system, you can do your bit to build an Internet of trust. I’m at Blackhat and DEF CON and will be looking for expert volunteers to help the process. Security researchers attending the hacking conferences care deeply about the future integrity and safety of IoT products and services and are concerned that companies are simply paying lip service to security. We know that security researchers are not the enemy of product security – they’re more likely to be allies.”
David Rogers can be contacted on twitter @drogersuk
Ken Munro of Pen Test Partners, champion of Connected Consumer Products Working Group
“I will be in Las Vegas too. During DEF CON 24 I will be in the IoT Village – specifically looking for security experts to help ensure our recommendations are best in class and respond to the issues that the security research community are seeing in their work. Our aim is to provide useful, accessible and actionable security guidance to a range of companies involved in IoT, generally raising the bar of security for all.”
Ken Munro can be found in DEFCON’s IoT Village where he will also be talking about Thermostat Ransomware. He can be contacted on twitter @TheKenMunroShow
John Moor, Managing Director of IoTSF said
“IoT is a vast opportunity. Without security and trust the markets will be slow to develop and the resulting benefits will take longer to realise. It is therefore crucial that technology suppliers, technology adopters and the security community work together to assure trust. IoTSF is represented at two of the most respected hacking and security conferences in the world today and we are taking the opportunity to call upon industry producers to come together with experts from the security research community to help make IoT products secure by default.”
The IoT Security Foundation is actively working to have guidelines available for expert and early adopter technology suppliers to review by the end of Q3 2016 and ready for public release at the Foundation’s Annual Conference in London on December 6th.
