(subject to change)

Room Time Presentation Title Description
  8:30-9:00 Keynote 1 Speaker/Topic to be announced shortly
  9:00-9:30 Keynote 2 Speaker/Topic to be announced shortly
1 9:45-10:15 Industrial
IEC 62443: How to Achieve the Highest Levels of Industrial Security
In recent years, a rising tide of cyber attacks on industrial systems have threatened safety and reliability. The world has learned that there is no industrial safety without cyber security. But during these same years, an international group of experts has developed a comprehensive standard for industrial security. The IEC 62443 standards have been widely praised for their use of practical but effective countermeasures. Come learn more about how these standards can be used to secure your industrial systems.
Steve Hanna, Senior Principal, Infineon Technologies
1 10:20-10:50 Industrial
Reducing the Attack Surface by Abstract Interpretation
Static code analysis is a widely used technique to demonstrate compliance to coding guidelines, such as MISRA C/C++ or SEI CERT C. Another aspect is to find critical programming defects, and even demonstrate their absence: abstract interpretation-based analyzers can guarantee to detect all code defects due to runtime errors, including buffer overflows, data races, and stack overflows. Static taint analysis can track the impact of data corruption and detect SPECTRE v1, v1.1, and SplitSpectre vulnerabilities. The talk gives an overview of abstract interpretation, reports on practical experience, and discusses its contribution to security by design for IoT devices.
Daniel Kaestner, CTO, AbsInt GmbH
1 10:55-11:25 Industrial
Six Security Policies Manufacturers Must Understand to Protect Their IoT and Other Connected Devices
Effective IoT and connected device security begins with the device's initial design process including the device's various components. Each component and sub-assembly that is integrated into the final product must be secure and immune from cyberattack. To secure embedded devices, IoT and connected device manufacturers must understand and implement proven security processes, such as device identity, secure boot, embedded firewall, secure key storage, secure element integration, and secure remote updates and alerts. Suppliers providing complex devices to the broader ecosystem must also apply security standards to the components.
Alan Grau, VP of IoT, Embedded Solutions IoT, Iocn Labs, a Sectigo Company
1 11:30-12:00 Industrial
IoT Location Security
Location data living on sensors and devices is vulnerable. What is the best way to ensure location data is secure? All location data should be transferred to the cloud to conduct calculations instead of on the device. When location calculations are not processed on the devices, APIs can be used to separate identity and location for enhanced data privacy and security. For asset tracking, the location of costly assets needs to be known and the location data needs to be accessed by the owner only.
Ed Chao, CEO, Polte
1 2:00-2:30 Industrial
Re-Imagining Semiconductor Security for the IIoT
The semiconductor industry must evolve to implement security functionality for the IIoT domain. Semiconductor solutions are increasingly implementing hardware security to protect the starting point of operation from the risks ranging from cyber attacks and denial of service outages to counterfeit parts. In this session, we will explore the hardware security certifications, Root of Trust for secure IP, and tamper resistant technology required for IIoT environments. We will also discuss what's trending in security functionality for smart factories.
Garrett Yamasaki, Product Manager, Industrial Automation, Renesas Electronics America Inc.
1 2:30-3:00 Industrial
Building Trusted IoT Devices with PSA Certified MCUs
The IoT revolution has brought increased edge intelligence and has made device security a must-have for building a trusted embedded system. Join this walk-through of how to embed security and trust in the heart of your device that spans to software development and beyond. You'll walk away with understanding of laying a good foundation with PSA principles, establishing a secure root of trust with TrustZone for Armv8-M, implementing Trusted Firmware-M, using Mbed OS, accessing CMSIS and developing with Keil MDK.
Reed Hinkel, Sr. Manager, Embedded Security Market Development, Arm Limited
1 3:00-3:30 Industrial
The Emerging Battleground: Security at the Edge
Embedded systems are notoriously hard to develop, and are becoming an ever-larger attack surface. Developers are struggling to respond to this complexity, while deploying new technologies like machine learning, and staying abreast of security-related regulation and standards. This presentation will outline an approach to managing this complexity through architecture, technology, processes, and adherence to standards/best practice. We will focus on the differences and unique approaches that need to be applied to build trusted and secure embedded systems, including the design, development and deployment of applications at the edge that will need to be managed over the device lifecycle.
Arlen Baker, Chief Security Architect, Wind River
1 3:30-4:00 Industrial
Protecting Critical Systems with Embedded Security & Lifecycle Security Management
Protecting industrial equipment and technology from attacks and enabling new secure features and business models are critical to the success of IoT. But to do so requires careful, deliberate approaches to designing, running and sustaining robust security over time. What lessons can be learned from other industries who use effective embedded hardware security technology and security lifecycle management strategies, and what are the current best practices that must be adopted to ensure a sustainable return on investment from IoT investments? This presentation will answer those questions using specific case studies from various environments.
Christopher Schouten, Senior Director, Kudelski Group
1 4:00-4:30 Industrial
Panel: Title TBD
Moderator: Rich Nass, EVP, Embedded Computing Design
2 9:45-10:15 Automotive
Securing the Connected Car with Hardware Based Security
The connected and autonomous vehicles are driving new architectural designs to ECUs that connect various subsystems together and expose them to the outside world over various networks. These advancements increase the risk of threat actors gaining access to the subsystems. This session examines foundational security requirements for a hardware-based approach to secure the connected car and methods to inject cryptographic elements into the ECUs early in production for an end-to-end integrated and flexible security solutions.
Rajeev Gulati, CTO, Data I/O Corporation
2 10:20-10:50 Automotive
How Does Electronic Security Impact Vehicle Safety and Reliability?
Electronic content is proliferating in cars at astounding rates, especially as ADAS and Electric Vehicles become more widely available. With the increase of automotive electronics comes heightened vulnerability to various security compromises. This session will discuss several categories of security, some of the vulnerabilities, and how unexpected lapses can cause outcomes ranging from a bad experience to grave danger.
Michael Haight, Dir. of Business Management for the MCUs, Security, Software BU, Maxim Integrated
2 10:55-11:25 Automotive
Safety & Security: An Unbreakable Bond
Given the complexity of autonomous driving and with so much at risk, the issues of safety and security are more critical than ever. The connected nature of automobiles opens the door to new threat vectors. Without security there is no safety. To stay vigilant against threats, OEMs will need to consider themselves as software companies. Session will investigate:
• Complex cybersecurity landscape
• Link between functional safety and security
• Use cases around security, including remote diagnostics and maintenance
• Architectures and technologies to address increasing compute complexity in cars and ensure systems stay secure
• Safety/security lessons from other mission critical industries
Marques McCammon, Vice President, Automotive, Wind River
2 11:30-12:00 Automotive
Building Automotive Security from the Inside Out
Many cybersecurity techniques focus on securing the perimeter of critical computer systems and recovering in the event of failure. In this talk we'll take a new perspective on building safe and secure systems. This talk will: Take a holistic view of cybersecurity for automotive systems from the bottom up; put a new spin on "defense in depth" for consolidated systems; and establish safety and security as the top priorities driving the design of critical systems
Chuck Brokish, Director of Automotive Business Development, Green Hills Software
2 2:00-2:30 Consumer/Mass Market
Designing Secure Systems With Pre-Configured Hardware
Developers of IoT solutions have faced major hurdles that protect against physical attacks and remote extraction. Today’s software-only security is wholly inadequate, but the superior approach of adding a secure element to each IoT device and configuring it for storing keys and handling cryptographic assets has, until now, been prohibitively complicated for all but the largest-volume solution deployments due to customization requirements. A better model has arrived as semiconductor manufacturers leverage their economies of scale to go beyond simply manufacturing secure elements to also take on the task of pre-configuring and pre-provisioning the devices for customers. They can do this at a lower total cost per device and with significantly less complexity than individual third-party providers of similar services.
Xavier Bignalet, Security Product Manager, Microchip
2 2:30-3:00 Consumer/Mass Market
Building Security Within IoT Devices
Devices are typically built for a specific application. The user manages the binding of the device to its cloud application through error prone manual processes. This cumbersome and risky approach prevents large-scale adoption. Single purpose devices adds cost and complexity. It's an industry wide issue driven by the fragmentation of the IoT marketplace and the desire of actors for differentiation. This presentation will cover:
• The industry's need to find remedies to security and supply chain problems
• Industry wide collaboration to design protocols for provisioning and on-boarding
• The importance of removing manual and password driven operations
Marc Canel, Vice President of Strategy - Security, Imagination Technologies
2 3:00-3:30 Consumer/Mass Market
A Systematic Approach to Align with Global IoT Security Regulations
Historically, IoT devices were built without sufficient security which, paired with a lack of regulations for connected devices, led to numerous vulnerabilities. To ensure success, companies need to build in security from the ground up and align to emerging global regulations. A systematic threat model-based approach focused on key security goals helps companies to identify and design-in specific security requirements. This talk will discuss a handy framework for IoT security, some key fundamental security goals, plus how device makers and equipment manufacturers can gain assurance for the robustness of their products using certification that maps to global security regulations.
Suresh Marisetty, Principal Security Solutions Architect, Arm
2 3:30-4:00 Consumer/Mass Market
Simplifying Hardware-Based IoT Security in the Electronics Supply Chain
IoT security can be complex. Consumer electronic OEMs deploying IoT devices need easier to use systems to protect intellectual property, simplify their supply chains, and protect the data and privacy of their users. Robustness, flexibility and simplicity are the three pillars of deriving value from IoT device security. Hardware based security utilizing hardware roots of trust is a necessity to achieve strong robustness. However, it also provides opportunities to enhance business model and supply chain flexibility. Managing the complexity of IoT device security, manufacturing production, and supply chain can be daunting and will limit adoption. This session examines a simplified process to design security, manufacture and onboard IoT devices to the cloud. An integrated production system comprising security provisioning, simplified tools and manufacturing operational system integration reduces the complexity of deploying hardware-based IoT device security. Such a system also meets the throughput and security requirements of stringent electronics manufacturing operations where time is money and high quality is mandatory.
Rajeev Gulati, CTO, Data I/O Corporation
2 4:00-4:30 Automotive
Panel: Title TBD
Moderator: Brandon Lews, Editor-in-Chief, Embedded Computing Design; Panelists TBD