New Date: October 13, 2020
Same Location: Hyatt Regency Hotel, Santa Clara, CA


(subject to change)

Room Time Presentation Title Description
1 8:30-9:00 Keynote Address: Security Begins at Product Inception and Doesn't End at Deployment The goal of the IoT Security Foundation (IoTSF) is to help secure the Internet of Things by various means. These include composing and maintaining a comprehensive Compliance Framework of recommended steps for creating secure IoT products and services; and composing and promoting security best practice guidance. In this Keynote Address, John Moor, Managing Director of the IoTSF, will describe the enormity of that task, as well as the steps that should be taken by the engineering community throughout every design, from production inception through regular field updates to ensure the security if their systems.
John Moor, Managing Director, IoT Security Foundation
1 9:00-9:30 Keynote Address: IoT Device Security: Cooperative Security Between Device and Cloud The IoT has resulted in the rapid proliferation of high-tech devices in far-flung environments. These environments often face additional threats than more traditional, controlled IT settings like offices and data centers. Therefore, traditional security practices cannot provide the complete protection these IoT devices require.

IoT practitioners must focus on implementing well-integrated security controls at multiple layers of their architecture. This will allow individual devices and their remote management systems to work in unison to ensure the safety and security of the entire IoT system.

Brad Behm will discuss how hardware and firmware developers can make devices that contribute, rather than detract, from the security of these end-to-end systems.
Brad Behm, Senior Principal Engineer at AWS IoT
Morning Break
1 9:45-10:15 Industrial
IEC 62443: How to Achieve the Highest Levels of Industrial Security
In recent years, a rising tide of cyber attacks on industrial systems have threatened safety and reliability. The world has learned that there is no industrial safety without cyber security. But during these same years, an international group of experts has developed a comprehensive standard for industrial security. The IEC 62443 standards have been widely praised for their use of practical but effective countermeasures. Come learn more about how these standards can be used to secure your industrial systems.
Steve Hanna, Senior Principal, Infineon Technologies, Co-Chair of the Embedded Systems Work Group in the Trusted Computing Group (TCG)
2 9:45-10:15 Automotive
Securing the Connected Car with Hardware Based Security
The connected and autonomous vehicles are driving new architectural designs to ECUs that connect various subsystems together and expose them to the outside world over various networks. These advancements increase the risk of threat actors gaining access to the subsystems. This session examines foundational security requirements for a hardware-based approach to secure the connected car and methods to inject cryptographic elements into the ECUs early in production for an end-to-end integrated and flexible security solutions.
Rajeev Gulati, CTO, Data I/O Corporation
1 10:20-10:50 Industrial
Reducing the Attack Surface by Abstract Interpretation
Static code analysis is a widely used technique to demonstrate compliance to coding guidelines, such as MISRA C/C++ or SEI CERT C. Another aspect is to find critical programming defects, and even demonstrate their absence: abstract interpretation-based analyzers can guarantee to detect all code defects due to runtime errors, including buffer overflows, data races, and stack overflows. Static taint analysis can track the impact of data corruption and detect SPECTRE v1, v1.1, and SplitSpectre vulnerabilities. The talk gives an overview of abstract interpretation, reports on practical experience, and discusses its contribution to security by design for IoT devices.
Daniel Kaestner, CTO, AbsInt GmbH
2 10:20-10:50 Automotive
How Does Electronic Security Impact Vehicle Safety and Reliability?
Electronic content is proliferating in cars at astounding rates, especially as ADAS and Electric Vehicles become more widely available. With the increase of automotive electronics comes heightened vulnerability to various security compromises. This session will discuss several categories of security, some of the vulnerabilities, and how unexpected lapses can cause outcomes ranging from a bad experience to grave danger.
Michael Haight, Dir. of Business Management for the MCUs, Security, Software BU, Maxim Integrated
1 10:55-11:25 Industrial
Six Security Policies Manufacturers Must Understand to Protect Their IoT and Other Connected Devices
Effective IoT and connected device security begins with the device's initial design process including the device's various components. Each component and sub-assembly that is integrated into the final product must be secure and immune from cyberattack. To secure embedded devices, IoT and connected device manufacturers must understand and implement proven security processes, such as device identity, secure boot, embedded firewall, secure key storage, secure element integration, and secure remote updates and alerts. Suppliers providing complex devices to the broader ecosystem must also apply security standards to the components.
Damon Kachur, VP of IoT, Embedded Solutions IoT, Icon Labs, a Sectigo Company
2 10:55-11:25 Automotive
Safety & Security: An Unbreakable Bond
Given the complexity of autonomous driving and with so much at risk, the issues of safety and security are more critical than ever. The connected nature of automobiles opens the door to new threat vectors. Without security there is no safety. To stay vigilant against threats, OEMs will need to consider themselves as software companies. Session will investigate:
• Complex cybersecurity landscape
• Link between functional safety and security
• Use cases around security, including remote diagnostics and maintenance
• Architectures and technologies to address increasing compute complexity in cars and ensure systems stay secure
• Safety/security lessons from other mission critical industries
Matt Jones, Chief Systems Architect, Wind River
1 11:30-12:00 Industrial
Simplifying Hardware-Based IoT Security in the Electronics Supply Chain
IoT security can be complex. Consumer electronic OEMs deploying IoT devices need easier to use systems to protect intellectual property, simplify their supply chains, and protect the data and privacy of their users. Robustness, flexibility and simplicity are the three pillars of deriving value from IoT device security. Hardware based security utilizing hardware roots of trust is a necessity to achieve strong robustness. However, it also provides opportunities to enhance business model and supply chain flexibility. Managing the complexity of IoT device security, manufacturing production, and supply chain can be daunting and will limit adoption. This session examines a simplified process to design security, manufacture and onboard IoT devices to the cloud. An integrated production system comprising security provisioning, simplified tools and manufacturing operational system integration reduces the complexity of deploying hardware-based IoT device security. Such a system also meets the throughput and security requirements of stringent electronics manufacturing operations where time is money and high quality is mandatory.
Rajeev Gulati, CTO, Data I/O Corporation
2 11:30-12:00 Automotive
Building Automotive Security from the Inside Out
Many cybersecurity techniques focus on securing the perimeter of critical computer systems and recovering in the event of failure. In this talk we'll take a new perspective on building safe and secure systems. This talk will: Take a holistic view of cybersecurity for automotive systems from the bottom up; put a new spin on "defense in depth" for consolidated systems; and establish safety and security as the top priorities driving the design of critical systems
Chuck Brokish, Director of Automotive Business Development, Green Hills Software
Lunch, Exhibits and Hackathon
1 2:00-2:30 Industrial
Best Practices to Protect IP and Deliver Secure Encrypted Code
Embedded applications require security. No debate there. As companies try to meet the ongoing changes in IoT device legislation, they are discovering that legislation is actually the starting point. At the same time, there’s a growing need to both protect the IP and ensure that product integrity is not compromised by counterfeiting and cloning during production. In this talk, we will discuss some best practices to ensure that your application is safe and that illegal copies of your product are as difficult as possible.
Shawn Prestridge, US FAE Team Leader
2 2:00-2:30 Consumer/Mass Market
Designing Secure Systems With Pre-Configured Hardware
Developers of IoT solutions have faced major hurdles that protect against physical attacks and remote extraction. Today’s software-only security is wholly inadequate, but the superior approach of adding a secure element to each IoT device and configuring it for storing keys and handling cryptographic assets has, until now, been prohibitively complicated for all but the largest-volume solution deployments due to customization requirements. A better model has arrived as semiconductor manufacturers leverage their economies of scale to go beyond simply manufacturing secure elements to also take on the task of pre-configuring and pre-provisioning the devices for customers. They can do this at a lower total cost per device and with significantly less complexity than individual third-party providers of similar services.
Xavier Bignalet, Security Product Manager, Microchip
1 2:30-3:00 Industrial
Secure Device Ownership at the Edge
Securing small devices in the IoT is hard, and the goal of many manufacturers is to secure and “manage” a device from birth to retirement, creating even more security challenges. This talk will look at the challenges associated with securing low-resource IoT devices, with a specific focus on addressing security at the device level, including onboarding and ownership management through the supply chain.
Louis Parks, CEO, Veridify Security
2 2:30-3:00 Consumer/Mass Market
Building Security Within IoT Devices
Devices are typically built for a specific application. The user manages the binding of the device to its cloud application through error prone manual processes. This cumbersome and risky approach prevents large-scale adoption. Single purpose devices adds cost and complexity. It's an industry wide issue driven by the fragmentation of the IoT marketplace and the desire of actors for differentiation. This presentation will cover:
• The industry's need to find remedies to security and supply chain problems
• Industry wide collaboration to design protocols for provisioning and on-boarding
• The importance of removing manual and password driven operations
Marc Canel, Vice President of Strategy - Security, Imagination Technologies
1 3:00-3:30 Industrial
The Emerging Battleground: Security at the Edge
Embedded systems are notoriously hard to develop, and are becoming an ever-larger attack surface. Developers are struggling to respond to this complexity, while deploying new technologies like machine learning, and staying abreast of security-related regulation and standards. This presentation will outline an approach to managing this complexity through architecture, technology, processes, and adherence to standards/best practice. We will focus on the differences and unique approaches that need to be applied to build trusted and secure embedded systems, including the design, development and deployment of applications at the edge that will need to be managed over the device lifecycle.
Ricky Watts, Vice President of Industrial Solutions, Wind River
2 3:00-3:30 Consumer/Mass Market
A Systematic Approach to Align with Global IoT Security Regulations
Historically, IoT devices were built without sufficient security which, paired with a lack of regulations for connected devices, led to numerous vulnerabilities. To ensure success, companies need to build in security from the ground up and align to emerging global regulations. A systematic threat model-based approach focused on key security goals helps companies to identify and design-in specific security requirements. This talk will discuss a handy framework for IoT security, some key fundamental security goals, plus how device makers and equipment manufacturers can gain assurance for the robustness of their products using certification that maps to global security regulations.
Suresh Marisetty, Principal Security Solutions Architect, Arm
1 3:30-4:00 Industrial
Protecting Critical Systems with Embedded Security & Lifecycle Security Management
Protecting industrial equipment and technology from attacks and enabling new secure features and business models are critical to the success of IoT. But to do so requires careful, deliberate approaches to designing, running and sustaining robust security over time. What lessons can be learned from other industries who use effective embedded hardware security technology and security lifecycle management strategies, and what are the current best practices that must be adopted to ensure a sustainable return on investment from IoT investments? This presentation will answer those questions using specific case studies from various environments.
Christopher Schouten, Senior Director, Kudelski Group
2 3:30-4:00 Consumer/Mass Market
Securing Devices with Voice and/or Face Biometrics
Voice-enabled devices are everywhere. However, many of these devices today can be accessed and controlled by just about any user. There are obvious security risks associated with not limiting device access, especially when these devices are linked to various aspects of your business.
Todd Mozer, CEO, Sensory Inc.
1 4:00-4:30 Industrial
Panel: Locking Down Industrial Systems 24/7/365
We’ve heard from various experts on how to secure industrial systems. Now it’s time to see if those techniques are pie in the sky or can be implemented in the real world, bearing in mind that many of these systems can be deployed for decades. We’re going to ask our “experts” to explain what hiccups a designer might encounter, and then we’ll ask our own questions.
Moderator: Rich Nass, EVP, Embedded Computing Design
Panelists: Steve Hanna, Senior Principal, Infineon Technologies & Trusted Computing Group
Arpit Joshipura, GM of Networking, IoT and Edge, Linux Foundation
Sharon Hagi, Chief Security Officer, Silicon Labs
2 4:00-4:30 Automotive
Panel: Can We Secure the Autonomous Vehicle?
Autonomous vehicles are already in operation today. But as industry, government, and society prepare for their widespread deployment, serious safety and security vulnerabilities remain: AI-enabled vision systems have been tricked into misinterpreting objects. Wireless networks have been compromised and opened automotive control networks to attack. Infotainment systems have been hacked, revealing sensitive user data. GPS data can be spoofed, leading autonomous vehicles astray. What are the most pressing security concerns for autonomous and connected vehicles, and how is industry addressing them? Join this panel of automotive cybersecurity experts as navigate vulnerabilities that could prevent critical-mass adoption.
Moderator: Brandon Lewis, Editor-in-Chief, Embedded Computing Design
Panelists: Jorge Coronel, Product Manager, Security for Android Embedded, Google
Matt Jones, Chief Systems Architect, Wind River
Haydn Povey, CEO Secure Thingz
Damodar Sahu, Digital Strategist, Automotive Sector, Wipro
Networking Reception, Exhibits and Hackathon