Join David Maidment, PSA Certified founder, as he speaks to industry leaders from across the tech sector to discuss their views on the past, present and future of IoT security. Each episode we dial in on the challenges businesses and consumers face to secure the future of the IoT to create a safer more connected society.
IoT Security Post-COVID: “Collaboration is our greatest armory”
In this podcast, David is joined by Dr. Sally Eaves, Senior Policy Advisor for the Global Foundation of Cyber Studies & Research and CEO of Aspirational Futures. Sally and David examine the impact Covid-19 has had on both our professional and personal lives and the crucial role security has played in this adaption. They also discuss how the narrative around security must change and the key role collaboration plays in the future of IoT security.
· Introduction to Sally Eaves. [1:05]
· Technology as a cause for good. [2:32]
· The emergence of hybrid models over the last 12 months in all aspects of everyday life and the impact this has had on IoT security. [3:18]
· Has COVID-19 raised the awareness of the cyber threat? [7:16][SS1]
· Companies are changing how they approach digital transformation and IoT security: CFOs, CEOs and CTOs are leading security discussions and acting as positive agents of change. [9:30]
· The role the tech industry has in improving cyber-security education. [12:09]
· “Security has to be embedded in every aspect of organizational strategy”. [13:28]
· The PSA Certified 2021 Security Report: is it a surprise that smaller companies are struggling to implement best practice security? [14:22][SS2]
· The growing security skills shortage and addressing misconceptions surrounding IoT security access and cost. [17:08]
· 5G and other emerging technologies offer a wealth of possibilities, but this needs to be underpinned by robust security infrastructure. [21:12]
· What are the biggest challenges for CTOs and CIOs on the digital transformation journey? [22:46]
· The importance of changing the narrative around security- it's a differentiator that can enable the future of your organization and should be embedded into the DNA of every business. [25:18]
· What is the future going to look like in 5 years’ time? The power of collaboration as a positive contagion of change for security and climate change. [27:18]
· Bridging the gap between the perceptions of IoT security and the realities: “collaboration is our greatest armory”. [29:12]
Sally’s main piece of advice for companies when approaching IoT security: your security strategy needs to be “holistic, flexible and scalable”. [31:07]
Prof. Sally Eaves is Senior Policy Advisor for the Global Foundation of Cyber Studies & Research and CEO of Aspirational Futures which enhances inclusion in education and technology. A highly experienced Chief Technology Officer, Professor in Advanced Technology and Global Strategic Advisor, Sally is an Author and Speaker on Digital Transformation (Cloud Computing, Cyber Security, 5G, IoT, IIoT, AI, ML, Blockchain), Culture, Skills, Sustainability and Social Impact.
Predicting the Future of IoT security: “When our customers have the requirements, we need the silicon to be ready.”
In this podcast, David is joined by Mike Dow, Senior Product Manager, IoT Security at Silicon Labs. Mike and David talk about changes in the semiconductor industry over recent years, including emerging regulations and more sophisticated attacks that target end nodes. Mike provides the silicon vendor perspective, discussing the critical role they play in setting the foundation for IoT security and the importance of looking to the future when designing products to meet customer requirements.
· Introductions to Mike Dow [00:45]
· Introductions to Silicon Labs [02:00]
· Where are we with security? Are customers asking for security? [03:30]
· Where is the pull for security coming from? The IoT regulations mean you can’t ignore security [04:20]
· We’re moving from ignoring security, to being actively concerned about the role it plays for a business’ success [05:45]
· The change in IoT security over the last two years [06:25]
· What this change means for semiconductors: more things to worry about [07:30]
· The role of the Root of Trust for semiconductor vendors: the “brain of the device”, the secure boot process and why this is important [08:15]
· Do OEMs have an appreciation for the Root of Trust and what it offers them? [10:15]
· Silicon Labs are the world first to achieve PSA Certified Level 3. The role of remote attacks vs. physical attacks and why it is important to protect against both [11:35]
· The sophistication of the attacks will grow over time and we must be ahead of the game [14:18 ]
· The time delta between creating a silicon product and that product being in the market is quite large: so we essentially have to predict the future [15:22]
· Looking five years ahead, staying ahead of where the world is moving. How much can you patch later? The role of updatable security subsystems [16:22]
· You must start with good quality silicon, or everything unravels [18:24]
· IoT deployment models and the long lifecycle of IoT, especially for embedded sensors [19:03]
· If the premise is that that the crooks will always find a way, and always find a hole, then a good engineer will always build in a mechanism to update [19:57]
· Why update policies are suddenly very important [20:40]
· PSA Certified Security Report 2021 and the feedback from the industry on cost, the view on cost from a silicon vendor point of view? [22:37]
· The state of the nation of certification on IoT and what we need to overcome: inheriting certification and “crowdsourcing” certifications to avoid choking the ecosystem [27:00]
· Mike’s advice for the future of IoT: consolidating requirements and protection profiles [34:22]
ODM and OEM IoT Security Must be Prioritized: “Security is just as necessary as your device power supply”
In this podcast David is joined by Dr. Juan Nogueira, Senior Director of Connectivity Center of Excellence, from worldwide ODM, Flex. They have a fascinating discussion about how Flex approach security and why there is always space in the bill of materials for security. They also talk about how ODMs are not only creating IoT, but also embracing IoT – it’s one not to miss!
Dr. Nogueira is Sr. Director for Connectivity in the Global Technology Team at Flex. In this role he is defining technology roadmaps, evaluating new innovative solutions, establishing strategic collaborations with partner companies and leading internal research programs in the field of wireless communication. Prior to working at Flex, he was Lead System Architect of Advanced Development and System Architectures first at Robert Bosch GmbH and then at Bosch Connected Devices and Solutions GmbH (BCDS) in Reutlingen (Germany). In this position he defined the connectivity technology roadmap that later concluded with the foundation of BCDS as the Bosch subsidiary focused in connectivity and IoT. Before that, he worked in corporate R&D for wireless communication and sensing systems at Sony Corporation in Stuttgart (Germany) where he held the positions of Senior System Engineer and Principal Engineer. Dr. Juan Nogueira holds a PhD in Telecommunications Engineering from the University of Vigo (Spain). He subsequently became an associated professor at the University of Vigo in the Electronic Technology Department, collaborating with industry on projects in the area of industrial field buses. He has written numerous articles and holds 20+ patents in the area of communication protocols, wireless sensor networks and IoT.
1.03: Introduction to Flex and their role in the IoT industry.
5.15: Is security a growing concern with Flex’s customers?
5:40: Why it’s easy to overlook IoT security in the construction industry.
6:28: Security isn't just for high value assets, time is money.
7:56: The business cost of failure when things go wrong?
8:50: Educating customers on IoT security. You cannot just assume thing are secure in IoT.
9:19: Flex’s proactive approach to IoT security. Demonstrating security credentials, adding credibility.
10:20: Introducing the PSA Certified 2021 Security Report: cost is still an issue for OEMs and the main concern for customers.
13:15: There is always room in the Bill of Materials (BOM) to compensate for the additional cost of security, it’s just as necessary as your power supply.
16:28: All markets must consider security, the high-impact industries are leading the way.
18:11: Relationship between IoT, security and machine learning in the edge.
20:10: Flex are not just creating IoT, but also embracing IoT to benefit from AI and digital transformation.
21:50: Opportunities for production lines, and the challenge of technical debt/retrofitting existing machinery, so machines can benefit from digital transformation too.
24:10: The IoT landscape in five years time – IoT will feel like “everyday normal.” 5G will be deployed in both public and private networks.
26:58: Juan’s advice for device security implementations now to secure tomorrow.
IoT Security Relies on the Cloud to “Prevent Scalable Attacks”
Richard Barry joins David to talk about the role of the RTOS in IoT, the increasing complexities that need to be considered when connecting devices to the internet and how security must be a mindset from the beginning of product development. The discussion also covers the coordination of device-side and cloud-side security to look at patterns from a fleet of devices and prevent scalable attacks.
Introducing Richard Barry and the FreeRTOS project [00:57]
Breaking down what an RTOS is [2:04]
Real-time use cases – the variety of real-time requirements [4:10]
The increase in remote accessibility and the security challenges it brings [5:40]
RTOS as the undifferentiating factor in devices [6:48]
Internet connectivity and the increasing security complexities it brings [8:10]
The role of Amazon in FreeRTOS - making development as quick and secure as possible [9:18]
Knowledge gaps in a multi-disciplinary IoT [10:50]
The relationship between the RTOS and Root of Trust [13:22]
Reference integrations and standardized interfaces to ease the porting to hardware security [14:28]
Developer security expertise – the challenge of new concepts, terminology and requirements [15:55]
Practical challenges that come with scale [17:35]
Developer considerations for lifecycle security [18:40]
The importance of demonstrating and educating best practice [19:26]
Awareness of the consequences of getting it wrong, the increased legislation and, inevitably, the increased use of the Root of Trust [21:36]
The importance of security being the mindset from the beginning [22:37]
Evolution of Open Source projects – being driven by market requirements, enabling scalability [23:30]
Building confidence in FreeRTOS, with backing and credibility from Amazon [24:30]
Simplifying the FreeRTOS software – making it smaller and decoupled to suit the diversified use cases [25:11]
Futureproofed strategy for developers – reuse undifferentiating factors [26:42]
Coordinating cloud and device security to prevent scalable attacks [27:33]
Learn more about PSA Certified www.psacertified.org
"Building-in surety and confidence" to speed IoT deployments and adoption
This podcast takes a slightly different format as we host a panel session as David joins Peter Armstrong, Cyber-insurance expert at Munich RE and Duncan Jones, Senior Product Manager at Pelion.
Peter provides a fresh perspective into the industry and how insurance companies model the risk of the IoT. We discuss where the liability lies and Peter describes how companies can build trust into their products and drive adoption of the IoT at scale with surety, confidence and the backing of insurers.
[1:05] introductions to the panellists
[2:39] An insurers view on digital transformation, and how new hyperconnected devices are impacting the insurance world
[4:25] The evolving portfolio of risk and supply chain responsibility
[5:25] Understanding liability across the value chains involved in delivering IoT services
[6:05] The importance of the Root of Trust in enabling the trusted deployment of technologies
[6:30] The opportunity for insurers from digital transformation
[7:35] Broadening the thinking about IoT products to data and services
[8:40] Digital transformation across industries - a mass deployment of devices beyond the traditional IoT model
[9:30] New technologies driving digital transformation - An individual product has to be trusted.
[11:25] Customer challenges, building business applications high up the stack
[12:01] With scale of the IOT, we can't scale the expertise to secure these solutions
[12:26] Realizing the true potential of the IoT
[13:30] An overview of the insurance market, the role of capital availability and trust
[14:55] Confidence in the 'worst case scenario' and the challenges this brings for cyber-risk
[16:42] The importance of surety and confidence in the embedded processes and devices
[17:24] The role of the Root of Trust in modeling quantified risk, minimizing the front-end variables with sufficient transparency
[18:30] Challenges that come with scaling the IoT
[19:37] Building trust in data to base business decisions upon
[20:03] Regulation and standardization: a help or a hinderance?
[22:00] The responsibility from chip to OEMs to show compliance locally but ship globally
[24:15] The need for a framework and infrastructure for a black and white view of responsibility
[24:35] The geographic challenges for insuring the IoT
[26:00] Responding to nuance and guidance over mandated views
[26:29] The technology industry needs to lead and embrace the requirement for compliance in this evolving environment.
[27:00] Final pieces of advice from the panellists to embrace digital transformation with surety and confidence.
Explore this topic further in our blog
Learn more about Munich RE: https://www.munichre.com/en.html
Learn more about Pelion https://pelion.com
Learn more about PSA Certified www.psacertified.org
The Journey to Secure IoT: Secure Today Isn't Secure Forever
In this podcast, David is joined by Brad Ree (CTO of the ioXt Alliance) to talk more about their journey to make IoT more secure for consumers. They also talk about the partnership between PSA Certified and ioXt Alliance and how it’s easing fragmentation in the IoT ecosystem.
Brad Ree is chief technology officer of ioXt. In this role, he leads ioXt’s security products supporting the ioXt Alliance. Brad holds over 25 patents and is the former security advisor chair for Zigbee. He has developed communication systems for AT&T, General Electric, and Arris. Before joining ioXt, Brad was vice president of IoT security at Verimatrix, where he led the development of blockchain solutions for ecosystem operators. He is highly versed in many IoT protocols and their associated security models.
Introduction to IoXT Alliance. [01:00]
A bit more about Brad’s career history. [02:20]
The IoXT alliance and why it was founded. [04:09]
We do have a shared vision to scale the market, unlocking issues. We obsess a lot about connectivity, cost, functionality > but what about security?! [04:40]
We need security that is strong, easy to deploy, scale globally, scale worldwide and across the device spectrum. [05:41]
Security certification for fire trucks (!) [06:40]
Defining "good enough security" and setting bars that the industry can understand. [07:10]
Who are customers of the IoXT Alliance? Plus the struggle of navigating upcoming IoT legislation. [08:15]
Enabling devices that scale regulation. [10:30]
About IoXT Alliance and how the scheme works. Explaining the profiles and the certification scheme. [11:00]
QR codes replacing certification stamps. [12:56]
Dynamic lifecycles of devices - you can’t ship and forget! Are manufacturers embracing this concept? [13:52]
Security isn’t a product it’s a process. Secure today doesn't mean secure forever. [15:00]
Collaboration in the ecosystem. IoXT Alliance and PSA Certified announcement: overcoming fragmentation. [17:10]
Enabling security both for software and for hardware. [19:00]
The vision of PSA Certified and the Root of Trust (RoT) [19:50]
PSA Certified helps to drive the understanding that hardware Root of Trust actually means something and that we shouldn’t do it all in software. [21:20]
IoXT expanding into commercial lighting, smart buildings and cellular IoT. [23:30]
What does it mean if a cell phone has IoXT certification (at a high level!) [24:05]
The growing awareness of security not being an afterthought, enabled by frameworks, APIs etc [26:46]
Brad’s one piece of advice: don’t go alone! When things go wrong (which they will) you don’t want to be on your own. Be part of the herd and don’t be left behind. [27:40]
Learn more about IoXT Alliance: https://www.ioxtalliance.org/
Read the IoXT + PSA Certified press release: https://www.ioxtalliance.org/news-events-blog/ioxt-alliance-psa-certified-align-to-improve-iot-device-security
Learn more about PSA Certified: https://hubs.li/H0zJKSF0