-optimized.jpg){kind=avatar}
The Internet of Things (IoT) is transforming our world, linking devices like thermostats, industrial sensors, and connected vehicles into a vast, inter-dependent network. Yet, this connectivity comes with a catch: the system is only as secure as its weakest link. Many IoT devices are low-cost, always-on, and often overlooked; yet they are prime targets for cyberattacks. Hence the need for global regulations, says the IoT Security Foundation (IoTSF), which has unveiled a Device Identity Forum, and a report on the subject, during the UK official cyber security event CyberUK, this year in Manchester.
As the IoTSF report sets out, every device must reliably declare, โI am who I say I am,โ and โIโm safe to connect.โ Device identities (unique, hardware- rooted identifiers) provide this foundation, enabling a “chain of trust” that spans from from silicon chip to cloud storage. The IoTSF suggest that we think of device identity as a digital passport. The report adds: “Without it, a network canโt distinguish friend from foe. Ideally embedded in hardware at the point of manufacture, these identities allow devices to securely join systems, safeguard data, and block impostors.”
The Device Identities Working Group is chaired by Michael Richardson of Sandelman Software Works, and Richard Seward, VP Product Management, Device Authority is Vice-Chair. They, and John Moor, Managing Director of IoTSF, were among the authors of the report, that you can download from the IoTSF website.
John Moor said: โIoTSF has a strong track record of driving impactful initiatives in IoT security, and the Device Identities Working Group is our latest step forward. Device identities are the foundation of trust in IoT, and this working group will unite the industry to tackle challenges like awareness and use cases.”
The report offers a three-stage model of silicon chip made at the factory; things made out of those chips, such as routers and smart meters; and then networks, such as a smart grid. A ‘chain of trust’ hinges on each stage verifying the one before it. Among the ‘hurdles’ are the fact that devices have been created and deployed without strong identities, and new identities need to be applied; and cost – that ‘many see unique identity per device as an avoidable expense’.
Online meet
An online meeting at 2pm on Zoom on May 15 is open to IoTSF members and interested parties, that will outline the need for device identity solutions and set out the goals of the working group.
Visit https://iotsecurityfoundation.org.
