32 min
The Cybersecurity Certification Journey with ioXt Alliance: "Secure today isn't secure forever" Beyond The Now IoT Security Podcast | PSA Certified
-
- Technology
In this podcast, David is joined by Brad Ree (CTO of the ioXt Alliance) to talk more about their journey to make IoT more secure for consumers. They also talk about the partnership between PSA Certified and ioXt Alliance and how it’s easing fragmentation in the IoT ecosystem.
Brad Ree is chief technology officer of ioXt. In this role, he leads ioXt’s security products supporting the ioXt Alliance. Brad holds over 25 patents and is the former security advisor chair for Zigbee. He has developed communication systems for AT&T, General Electric, and Arris. Before joining ioXt, Brad was vice president of IoT security at Verimatrix, where he led the development of blockchain solutions for ecosystem operators. He is highly versed in many IoT protocols and their associated security models.
Introduction to IoXT Alliance. [01:00]
A bit more about Brad’s career history. [02:20]
The IoXT alliance and why it was founded. [04:09]
We do have a shared vision to scale the market, unlocking issues. We obsess a lot about connectivity, cost, functionality > but what about security?! [04:40]
We need security that is strong, easy to deploy, scale globally, scale worldwide and across the device spectrum. [05:41]
Security certification for fire trucks (!) [06:40]
Defining "good enough security" and setting bars that the industry can understand. [07:10]
Who are customers of the IoXT Alliance? Plus the struggle of navigating upcoming IoT legislation. [08:15]
Enabling devices that scale regulation. [10:30]
About IoXT Alliance and how the scheme works. Explaining the profiles and the certification scheme. [11:00]
QR codes replacing certification stamps. [12:56]
Dynamic lifecycles of devices - you can’t ship and forget! Are manufacturers embracing this concept? [13:52]
Security isn’t a product it’s a process. Secure today doesn't mean secure forever. [15:00]
Collaboration in the ecosystem. IoXT Alliance and PSA Certified announcement: overcoming fragmentation. [17:10]
Enabling security both for software and for hardware. [19:00]
The vision of PSA Certified and the Root of Trust (RoT) [19:50]
PSA Certified helps to drive the understanding that hardware Root of Trust actually means something and that we shouldn’t do it all in software. [21:20]
IoXT expanding into commercial lighting, smart buildings and cellular IoT. [23:30]
What does it mean if a cell phone has IoXT certification (at a high level!) [24:05]
The growing awareness of security not being an afterthought, enabled by frameworks, APIs etc [26:46]
Brad’s one piece of advice: don’t go alone! When things go wrong (which they will) you don’t want to be on your own. Be part of the herd and don’t be left behind. [27:40]
Useful Links
Learn more about IoXT Alliance: https://www.ioxtalliance.org/
Read the IoXT + PSA Certified press release: https://www.ioxtalliance.org/news-events-blog/ioxt-alliance-psa-certified-align-to-improve-iot-device-security
Learn more about PSA Certified: https://hubs.li/H0zJKSF0
In this podcast, David is joined by Brad Ree (CTO of the ioXt Alliance) to talk more about their journey to make IoT more secure for consumers. They also talk about the partnership between PSA Certified and ioXt Alliance and how it’s easing fragmentation in the IoT ecosystem.
Brad Ree is chief technology officer of ioXt. In this role, he leads ioXt’s security products supporting the ioXt Alliance. Brad holds over 25 patents and is the former security advisor chair for Zigbee. He has developed communication systems for AT&T, General Electric, and Arris. Before joining ioXt, Brad was vice president of IoT security at Verimatrix, where he led the development of blockchain solutions for ecosystem operators. He is highly versed in many IoT protocols and their associated security models.
Introduction to IoXT Alliance. [01:00]
A bit more about Brad’s career history. [02:20]
The IoXT alliance and why it was founded. [04:09]
We do have a shared vision to scale the market, unlocking issues. We obsess a lot about connectivity, cost, functionality > but what about security?! [04:40]
We need security that is strong, easy to deploy, scale globally, scale worldwide and across the device spectrum. [05:41]
Security certification for fire trucks (!) [06:40]
Defining "good enough security" and setting bars that the industry can understand. [07:10]
Who are customers of the IoXT Alliance? Plus the struggle of navigating upcoming IoT legislation. [08:15]
Enabling devices that scale regulation. [10:30]
About IoXT Alliance and how the scheme works. Explaining the profiles and the certification scheme. [11:00]
QR codes replacing certification stamps. [12:56]
Dynamic lifecycles of devices - you can’t ship and forget! Are manufacturers embracing this concept? [13:52]
Security isn’t a product it’s a process. Secure today doesn't mean secure forever. [15:00]
Collaboration in the ecosystem. IoXT Alliance and PSA Certified announcement: overcoming fragmentation. [17:10]
Enabling security both for software and for hardware. [19:00]
The vision of PSA Certified and the Root of Trust (RoT) [19:50]
PSA Certified helps to drive the understanding that hardware Root of Trust actually means something and that we shouldn’t do it all in software. [21:20]
IoXT expanding into commercial lighting, smart buildings and cellular IoT. [23:30]
What does it mean if a cell phone has IoXT certification (at a high level!) [24:05]
The growing awareness of security not being an afterthought, enabled by frameworks, APIs etc [26:46]
Brad’s one piece of advice: don’t go alone! When things go wrong (which they will) you don’t want to be on your own. Be part of the herd and don’t be left behind. [27:40]
Useful Links
Learn more about IoXT Alliance: https://www.ioxtalliance.org/
Read the IoXT + PSA Certified press release: https://www.ioxtalliance.org/news-events-blog/ioxt-alliance-psa-certified-align-to-improve-iot-device-security
Learn more about PSA Certified: https://hubs.li/H0zJKSF0
32 min