IoT is vast and has many security related issues – how do we go about addressing them?
The answer is collaboratively and in priority order. That’s where the Executive Steering Board and the IoTSF membership work in harmony.
IoTSF has a number of priority working groups to encourage the building of an Internet of Trust – the Working Groups is where the practical work takes place.
Here is a list of the current priority work items:
IoT Security Compliance Framework
The objective of this working group is to determine, and create guidance for product management, developers and vendors to improve the quality and pervasiveness of security in their IoT products.
The deliverables are publicly accessible documents and checklists covering a comprehensive set of requirements with readily actionable methods, checks and processes. This is increasingly important as international security legislation evolves to control the market. The primary output of the working group is publishing and maintaining the IoT Security Compliance Framework.
Board champion: David Rogers, Copper Horse
Chair: Trevor Hall, DisplayLink
IoT Security Best Practices
The objective of this working group is to assess the security challenges with IoT products and beyond to produce easy to consume best practice guides and sector specific security architectures. This group’s output can be found on the Best Practice Guidelines page.
Board champion: Ken Munro, Pen Test Partners
Chair: Jeff Day, BT
Consumer IoT Security
IoTSF has championed the role of cybersecurity in consumer markets since it was first established. As such, we have numerous guides and outputs relating to this sector and the work is on-going – especially w.r.t regulation.
This working group has been set up to establish a set of guidelines to help each of the supply chain participants specify, procure, install/integrate and operate/maintain IoT securely in buildings. Find out more
Board Champion: Prof. Paul Dorey, CSO Confidential
Chairs: Sarb Sembhi, Virtually Informed & James Willison, Unified Security
This working group’s objective is to assess and produce guidance on the viable routes for IoT security assurance to effectively communicate security capabilities and provide confidence.
Board Champion: Stephen Pattison, Arm
Chair: Richard Marshall, Xitex Ltd
Supply Chain Integrity
The Supply Chain Integrity Project’s mission is to help actors throughout the IoT supply chain protect themselves and their customers from cyber-attacks on IoT deployments launched via design, production and distribution processes. The project will gather information on IoT supply chains in order to build a representative model, security analysis of which will lead to a set of prioritised recommendations accessible to a wide audience beyond the security community.
Contributions are sought from hardware and software vendors, system integrators, owners and operators of connected devices and service providers, from all parts of the ecosystem, as well as from security and risk management experts.
Board Champion: Haydn Povey, Secure Thingz
Chair: Amyas Phillips, Ambotec
The ManySecured project’s aims are to protect consumers, organisations and industry from the security risks posed by the Internet of Things (IoT) through ‘smart’ control at the router/gateway.
The ManySecured Gateway project partners are developing publicly available specifications and resources aimed at router/IoT gateway vendors, service and solution providers, in a bid to deliver IoT-secured deployments which are resilient to attack throughout their lifecycle.
Each Working Group is populated by IoTSF members who contribute to producing best practice guidelines. Each working group also has project teams within it to achieve specific deliverables.
Members collaborate via physical meetings and via online meeting facilities: i.e. our messaging/document file platform. This allows flexibility for members to discuss and exchange ideas regardless of location. The schedule is organised by each working group chair, and updates are provided regularly between the working groups in face to face / virtual meetings. In this way we ensure members are kept updated and the groups work in harmony.
IoTSF members can join any of the working groups and contribute to creating best practice guidelines.
If you are a member of IoTSF and would like to join any of the working groups, contact us by clicking here and let us know which groups you are interested to join – we’ll take care of the details.
Want to be part of the IoTSF and help raise the quality of IoT security?