In partnership with:
New Date: November 10, 2020
Location: Your computer/tablet/handset
(subject to change)
|11:00 – 12:00 EDT||Session 1 Best Practices to Protect IP and Deliver Secure Encrypted Code||
Embedded applications require security. No debate there. As companies try to meet the ongoing changes in IoT device legislation, they are discovering that legislation is actually the starting point. At the same time, there’s a growing need to both protect the IP and ensure that product integrity is not compromised by counterfeiting and cloning during production. In this talk, we will discuss some best practices to ensure that your application is safe and that illegal copies of your product are as difficult as possible.
Shawn Prestridge, US FAE Team Leader
|2:00 – 3:00 EDT||Session 2 IEC 62443: How to Achieve the Highest Levels of Industrial Security||
In recent years, a rising tide of cyber-attacks on industrial systems have threatened safety and reliability. The world has learned that there is no industrial safety without cyber security. But during these same years, an international group of experts has developed a comprehensive standard for industrial security. The IEC 62443 standards have been widely praised for their use of practical but effective countermeasures. Come learn more about how these standards can be used to secure your industrial systems.
Steve Hanna, Senior Principal, Infineon Technologies, Co-Chair of the Embedded Systems Work Group in the Trusted Computing Group (TCG)
|4:00 – 5:00 EDT||Session 3 Smart Home Device Security: A System View||
IoT device security requires a solid understanding of embedded hardware and software capabilities, cloud-based security, and knowledge of the changing security standards implemented by local governments and global industry bodies. Today’s IoT devices must also address a growing set of requirements that include low power, cost effectiveness, and high performance.
Erik Wood, Director, Secure MCU Product Line, Cypress, An Infineon Technologies Company
The connected and autonomous vehicles are driving new architectural designs to ECUs that connect various subsystems together and expose them to the outside world over various networks. These advancements increase the risk of threat actors gaining access to the subsystems. This session examines foundational security requirements for a hardware-based approach to secure the connected car and methods to inject cryptographic elements into the ECUs early in production for an end-to-end integrated and flexible security solutions.
Rajeev Gulati, CTO, Data I/O Corporation
Static code analysis is a widely used technique to demonstrate compliance to coding guidelines, such as MISRA C/C++ or SEI CERT C. Another aspect is to find critical programming defects, and even demonstrate their absence: abstract interpretation-based analyzers can guarantee to detect all code defects due to runtime errors, including buffer overflows, data races, and stack overflows. Static taint analysis can track the impact of data corruption and detect SPECTRE v1, v1.1, and SplitSpectre vulnerabilities. The talk gives an overview of abstract interpretation, reports on practical experience, and discusses its contribution to security by design for IoT devices.
Daniel Kaestner, CTO, AbsInt GmbH
Electronic content is proliferating in cars at astounding rates, especially as ADAS and Electric Vehicles become more widely available. With the increase of automotive electronics comes heightened vulnerability to various security compromises. This session will discuss several categories of security, some of the vulnerabilities, and how unexpected lapses can cause outcomes ranging from a bad experience to grave danger.
Michael Haight, Dir. of Business Management for the MCUs, Security, Software BU, Maxim Integrated
Effective IoT and connected device security begins with the device's initial design process including the device's various components. Each component and sub-assembly that is integrated into the final product must be secure and immune from cyberattack. To secure embedded devices, IoT and connected device manufacturers must understand and implement proven security processes, such as device identity, secure boot, embedded firewall, secure key storage, secure element integration, and secure remote updates and alerts. Suppliers providing complex devices to the broader ecosystem must also apply security standards to the components.
Alan Grau, VP of IoT/Embedded Solutions, Sectigo
Many cybersecurity techniques focus on securing the perimeter of critical computer systems and recovering in the event of failure. In this talk we'll take a new perspective on building safe and secure systems. This talk will: Take a holistic view of cybersecurity for automotive systems from the bottom up; put a new spin on "defense in depth" for consolidated systems; and establish safety and security as the top priorities driving the design of critical systems.
Chuck Brokish, Director of Automotive Business Development, Green Hills Software
Developers of IoT solutions have faced major hurdles that protect against physical attacks and remote extraction. Today’s software-only security is wholly inadequate, but the superior approach of adding a secure element to each IoT device and configuring it for storing keys and handling cryptographic assets has, until now, been prohibitively complicated for all but the largest-volume solution deployments due to customization requirements. A better model has arrived as semiconductor manufacturers leverage their economies of scale to go beyond simply manufacturing secure elements to also take on the task of pre-configuring and pre-provisioning the devices for customers. They can do this at a lower total cost per device and with significantly less complexity than individual third-party providers of similar services.
Xavier Bignalet, Security Product Manager, Microchip
Devices are typically built for a specific application. The user manages the binding of the device to its cloud application through error prone manual processes.
This cumbersome and risky approach prevents large-scale adoption. Single purpose devices adds cost and complexity.
It's an industry wide issue driven by the fragmentation of the IoT marketplace and the desire of actors for differentiation.
This presentation will cover:
• The industry's need to find remedies to security and supply chain problems
• Industry wide collaboration to design protocols for provisioning and on-boarding
• The importance of removing manual and password driven operations
Marc Canel, Vice President of Strategy - Security, Imagination Technologies
Intelligent systems are notoriously hard to develop, and are becoming an ever-larger attack surface with their growing deployments in multi-layered architectures. Developers are struggling to respond to this increasing complexity, while being asked to deploy new technologies, such as AI, and staying abreast of a growing sea of security-related regulation and standards. This presentation will outline an approach to managing this complexity through secure by design architecture, technology, processes, community collaboration, and adherence to standards and best practice. The focus will be on the differences and unique approaches that must be applied to build trusted and secure intelligent systems.
Matt Jones, Vice President & Chief Systems Architect, Wind River
With IoT services relying on trusted data, it’s important that devices are designed with this in mind. But how do you design a secure product? In this session we’ll explore how to build-in security using threat modeling and careful component selection. We’ll outline different levels of security to gain assurance that your product has the required robustness and discuss how we can build confidence across the supply chain. You’ll walk away with an understanding of laying a good foundation of security with an established hardware Root of Trust, security firmware, and APIs for seamless security integration.
Jim Carver, Arm, Strategic Business Development Manager, and Bernie Rietkerken, Business Development Manager, Riscure
Protecting industrial equipment and technology from attacks and enabling new secure features and business models are critical to the success of IoT. But to do so requires careful, deliberate approaches to designing, running and sustaining robust security over time. What lessons can be learned from other industries who use effective embedded hardware security technology and security lifecycle management strategies, and what are the current best practices that must be adopted to ensure a sustainable return on investment from IoT investments? This presentation will answer those questions using specific case studies from various environments.
Christopher Schouten, Senior Director, Kudelski Group
Voice-enabled devices are everywhere. However, many of these devices today can be accessed and controlled by just about any user. There are obvious security risks associated with not limiting device access, especially when these devices are linked to various aspects of your business.
Todd Mozer, CEO, Sensory Inc.
This presentation will detail how security threats have changed and escalated, focusing more than ever on IoT. In addition, recent regulation like GDPR in Europe and SB-327 in California protect vulnerable data and privacy by placing more pressure on manufacturers to step up security best practices, such as security certifications for IoT devices. Learn how the latest IoT device security tools are helping to protect devices and data, and ensure regulatory compliance.
Sharon Hagi, Chief Security Officer, Silicon Labs
The convergence of IT with vulnerable OT has exposed the inherent weaknesses that can result in attacks on the industrial IoT. Such vulnerabilities include poorly-secured industrial systems. AI/ML provides hyperintelligent cybersecurity and threat mitigation for platforms based on Industry 4.0. To date, the compute systems optimized to deploy responsive, powerful AI/ML are unsuited for the physical factors of heavy industrial settings. Rugged edge computers are purpose-built to reliably deliver intelligence in these challenging environments. In this talk, we’ll address these issues, as well as the advanced compute, storage, connectivity, and ruggedized features that support reflexive, real-time AI close to the data sources.
Robert Lu, Director of Technical Operations, Premio
Protecting industrial operations against cyber threats is a very specific challenge. As more devices get connected with more remote access and new applications, the airgap between IT and OT networks erodes and the IDMZ is not sufficient.
Vikram Sharma, Senior Manager Engineering, IoT Product Solutions, Cisco
The soft security underbelly and resulting lack of trust in Things poses a significant headwind for realizing the IoT’s awesome potential. An efficient, public security measurement scheme is the most important foundation for addressing this trust crisis, and this talk will provide a review of exciting progress made recently, including an example of how the Android ecosystem and its 4+ billion Things are adapting and improving.
David Kleidermacher, VP Engineering @Google - Android Security & Privacy
Securing small devices in the IoT is hard. The need to protect and manage today’s Smart Buildings using diverse systems running on industry-specific networks creates even more security challenges. This talk will look at what makes securing low-resource IoT devices in commercial buildings a challenge, with a specific focus on addressing security at the device level, including onboarding and ownership management through the supply chain.
Louis Parks, CEO, Veridify Security
Open-source software is becoming a de-facto mechanism for ecosystems that are building Edge-based solutions, especially in the areas of life cycle management, APIs, etc. At the same time, a focus on end-to-end processes like code scanning, vulnerabilities, auto patching, and process handoffs are important. The Linux Foundation (LF) provides tools for open-source projects to that ensure critical vulnerabilities are resolved as code is deployed early in the project. In this presentation, Arpit will present how several LF Edge projects are focused on AI (such as Fledge, EdgeX Foundry, and Akraino) to not only provide predictive maintenance for industrial devices, but also use AI at the Edge to identify anomalies and other security issues.
Arpit Joshipura, GM of Networking, IoT and Edge, Linux Foundation