Seeks reviewers for security best practice guidelines
Release Date: July 28th 2016
Two board directors and security expert members from the IoT Security Foundation (IoTSF) will be seeking input from hackers and security researchers at Blackhat and DEF CON 24 for best practice guidance documentation during the first week of August:
Analysts agree that the opportunity for IoT is significant, yet along with the opportunity also comes a significant security risk. The IoT Security Foundation is a growing stakeholder community and was established to respond to a wide range of security concerns in emerging and developing markets. In order to drive the pervasiveness and increase the quality of security in IoT domains, IoTSF has prioritised its early work in the unregulated markets of consumer and the smart home by forming a number of working groups to address the acute and common issues.
Two of those working groups will be represented at Blackhat and DEF CON with leaders of those groups seeking expert reviewers to ensure the published best practice guidance meets the quality and fitness objectives set.
Mobile and IoT security expert David Rogers, champion for the Self Certification Working Group at IoTSF said “We’re still seeing fundamental security flaws in connected products, despite many warnings in the press about insecurity. We’ve been working on a framework for technology suppliers in IoT. Our aim is that, no matter where you sit in the eco-system, you can do your bit to build an Internet of trust. I’m at Blackhat and DEF CON and will be looking for expert volunteers to help the process. Security researchers attending the hacking conferences care deeply about the future integrity and safety of IoT products and services and are concerned that companies are simply paying lip service to security. We know that security researchers are not the enemy of product security – they’re more likely to be allies.”
Ken Munro of Pen Test Partners, champion of Connected Consumer Products Working Group also commented “I will be in Las Vegas too. During DEF CON 24 I will be in the IoT Village - specifically looking for security experts to help ensure our recommendations are best in class and respond to the issues that the security research community are seeing in their work. Our aim is to provide useful, accessible and actionable security guidance to a range of companies involved in IoT, generally raising the bar of security for all.”
The IoT Security Foundation is actively working to have guidelines available for expert and early adopter technology suppliers to review by the end of Q3 2016 and ready for public release at the Foundation's Annual Conference in London on December 6th.
John Moor, Managing Director of IoTSF said “IoT is a vast opportunity. Without security and trust the markets will be slow to develop and the resulting benefits will take longer to realise. It is therefore crucial that technology suppliers, technology adopters and the security community work together to assure trust. IoTSF is represented at two of the most respected hacking and security conferences in the world today and we are taking the opportunity to call upon industry producers to come together with experts from the security research community to help make IoT products secure by default.”
IoTSF Board Directors David Rogers and Ken Munro will be available to meet at Blackhat and DEF CON:
- David Rogers can be contacted on twitter @drogersuk
- Ken Munro can be found in DEFCON’s IoT Village where he will also be talking about Thermostat Ransomware. He can be contacted on twitter: @TheKenMunroShow
About the Internet of Things Security Foundation (IoTSF)
The mission of IoTSF is to help secure the Internet of Things, in order to aid its adoption and maximise its benefits. To do this IoTSF will promote knowledge and clear best practice in appropriate security to those who specify, make and use IoT products and systems.
IoTSF promotes the security values of a security first approach, fitness for purpose and resilience through operating life.
IoTSF was formed as a response to existing and emerging threats in Internet of Things applications.
IoTSF is an international, collaborative and vendor-neutral initiative led by industry and inclusive of all technology providers and service beneficiaries.
IoTSF is facilitated by NMI, the non-profit trade association for technology, electronic systems, microelectronics and semiconductors.
For more information, news and further announcements, visit the official website at www.iotsecurityfoundation.org
For information on the working groups see https://iotsecurityfoundation.org/working-groups/
+44 (0)7739 982327
Press release distributed by Pressat on behalf of NMI, on Thursday 28 July, 2016. For more information subscribe and follow http://www.pressat.co.uk/