It is an interesting question to ponder – outside the closed industrial systems yet within an eco-system of products and services, who owns the security? And who is liable? What responsibilities should suppliers, integrators… users have?
We gave Prof. Paul Dorey the challenge of speaking about the security challenge in IoT at the December 2015 conference at the Royal Society. Through repeated questioning he asked “so who owns the security of IoT?”
Coming from an IT background, Paul gave us a number of use case examples for IoT including the industrial, automotive and home environments. He skilfully illustrates how the operational technology world differs from the IT world, what drives their behaviours and why we may need to think quite differently about an IoT future. Is turning it off and on again really an option? Should we extend agile methodologies into IoT? What value does the discipline of engineering bring?
Before giving us his opinion on a framework for defining IoT security, Paul takes us on an educational journey stopping at various vantage points and tells us
- Why assigning the security responsibility to end users is not a good idea.
- Why consumer product companies do not have a security ethic
- Why he feels IoT is not securely designed or deployed
We’re very grateful to have Prof. Paul Dorey for his insights and delighted to let the world know IoTSF has started to actively address many of the points raised in his talk.
We’ll be announcing the date and venue of the 2016 conference shortly – all enquiries John Moor
Prof. Paul Dorey CISM F.Inst.ISP
Visiting Professor, Royal Holloway
Director, CSO Confidential