Organisers of the tenth annual IoT Security Foundation conference, running in London on Wednesday, hail it as the longest-running event dedicated to IoT cybersecurity. Mark Rowe has been invited back (after attending last autumn’s conference, pictured) and previews the event.
One of the dozens of speakers is Stephan Janouch – Technical Marketing Director, EMEA, Green Hills Software. He like others in the field sets out the difference between ‘plain’ cyber (if we can call it that) and the term IoT (short for Internet of Things), which ‘refers to a group of physical objects, including computers, devices, vehicles and sensors, that exchange data and/or services via the internet. Applications resulting out of or benefitting from this technology are incredibly diverse, ranging from automatically controlled industrial production to smart systems within a house or a community, or value-added services while operating a vehicle.”
For those security people who aren’t cyber specialists, the difference between cyber and IoT security is practical, then, besides technical. A cyber breach whereby hackers steal names and addresses, credit card details, sensitive data about their health or finances? That may lead to reputational damage (of the breached company, and dented careers of the IT and security people), and financial loss (a fall in the share price, or punishment by the data privacy regulator), and perhaps personal harm (burnt out responders, upset or distrust among those whose personal info was taken). But as Janouch points out; a security breach of a self-driving vehicle, medical equipment (a component attached to your heart) or critical infrastructure (levers, pulleys and so forth in a factory or power station) can make the difference between life and death. In a word, convergence: some security vulnerability in an IoT product (your fridge at home, digital signage at a railway station) exploited in the cyber world, has real-world effects, from embarrassment as hackers’ messages get displayed, to factories unable to shut down processes.
Among end users speaking are Nick Morgan (Information Security Manager, Derwent London plc) and Prof Alex Mouzakitis (Programme Director, Cyber Security, Jaguar Land Rover). The agenda reflects how broad the work is of securing the IoT; not only technical, but in terms of agreed, global standards; and not only of products new to market, but for ‘lifecyle management’ given that products of various ages are forever added to systems. That implies, to name only two things, audit; and a common language to describe it all.
Visit https://iotsecurityfoundation.org/conference/.
Photo by Mark Rowe: IoT Security Foundation MD John Moor on stage to open the 2023 event.
