The fourth-annual IoT Device Security Virtual Conference will focus on securing all aspects of Industrial Environments, Automotive Platforms, and Mass-Market/Consumer Products, from the Edge to the Cloud, using techniques like AI, machine learning, and blockchain.
Date: November 9, 2021
(subject to change)
|What CISOs Get Wrong About Connected Device Security (And Why You Should Care)
The unique challenges and opportunities created for manufacturers through their billions of devices are a potential panacea for attackers, which are moving away from application layer attacks. Today, connected devices represent the ultimate low-hanging fruit for unauthorized access to critical IT and OT networks.
In this session, we’ll look closely at how product security breaches occur, and how the financial impact of these breaches can have tangible permanent effects. Learn proactive approaches to product security that are being adopted by the world’s largest device makers, as well as how to ensure that your product security strategies generate value for your customers and shareholders.
Jeanette Sherman, Sr. Director Product Development, Finite State
|Three Key Focus Areas for IoT Security
Comprehensive IoT security can be broken down into three key focus areas:
Bob Blumenscheid, Senior Product Manager, Digi and Donald Schleede, Security Engineering Director, Digi
|Secure Update and Cyber Resiliency
Ensuring that the firmware and software on an IoT device are updated to the latest version is critical to maintain a secure state with all the known vulnerabilities addressed. This talk will set the context with pertinent threat landscape data from NVD database on IoT devices and relate Cyber Resiliency. The TCG guidance will be introduced and concludes with the evaluation of technologies including TPM and DICE to achieve the objectives.
Sunil Cheruvu, Co-Chair of IoT Group at the Trusted Computing Group and Senior Principal Engineer, IoT Security, Intel
|Use Open Source to Secure Your IoT OS
Over 80% of IoT devices ship without authentication or encryption. When hackers find one of these devices, the consequences can be catastrophic. To address these risks, this talk will explain authentication and encryption features needed to secure operating systems for IoT devices. Approaches to securely manage secret keys needed for authentication and encryption, keeping in mind high volume manufacturing, will be outlined. An example, available as open source, will be shown based on Linux using security features in an NXP processor.
Colin Duggan, CEO, BG Networks; Roman Lysecky, CTO, BG Networks; and Michael Duren, Senior Cybersecurity Engineer, BG Networks
Smart City is one of fast-growing market in the IOT Era. While many IOT devices has been deployed in the cities, and significantly help out on the operation efficiency through the major city in the world, people have start noticed the importance of the embedded security on those IOT devices on the street. The security of the Smart City Application not only depend on the Cloud platform, but also depend on the secure mechanism we designed on the IOT devices. How we approach the secure design for Smart City IOT devices will ultimately affect the speed of the deployment.
Jeffrey Chuang, IoT Division Director, AAEON Technology
With every vehicle becoming a connected IoT device, the automotive industry is facing new security challenges. Standardization efforts, technology scaling and quantum computing are key trends that will have major impact on security – today and in the future. In a highly standardized market, which new standards are required to guarantee security? How will hardware-based security scale to the large volume of low-cost chips when every chip in a vehicle needs protection? And looking to future challenges: is there a threat posed to automotive security by quantum computing? This session will cover these trends and how to prepare for them.
Pim Tuyls, President and CEO, Intrinsic ID
The smart home has historically been a Wild West environment where devices have widely varying levels of security and speak a variety of incompatible protocols. The new Matter standard being developed by the Connectivity Standards Alliance (CSA) aims to change all that by establishing a comprehensive set of standards for the smart home. Security and privacy are fundamental design tenets for Matter so they are woven into every aspect of Matter and every stage of the product lifecycle. Instead of being an obstacle, Matter security makes life easier and safer for consumers and developers alike. Come learn about the innovative design of Matter security and how you can use it in your products.
Steve Hanna, Distinguished Engineer, Connected Secure Systems Div., Infineon Technologies Americas
ECUs are at the heart of the automotive security. While there are multiple regulations, norms and standards towards automotive cybersecurity, ensuring the overall ECU security with compliance is a challenge!
This presentation will cover a holistic approach and viewpoint on achieving ECU security. The key points to be covered are:
• ECU Spectrum and categories in the vehicle
• Security threats to ECUs
• Applicable security standards and regulations (UNECEC WP.29, ISO/SAE 21434)
• Approach & Process to follow
• Design and implementation aspects
• Compliance – what & how to achieve
Mayank Babu Rastogi, Technology Director, HCL Technologies
Many cybersecurity techniques focus on securing the perimeter of critical computer systems and recovering in the event of failure. In this talk we'll take a new perspective on building safe and secure systems. This talk will: Take a holistic view of cybersecurity for automotive systems from the bottom up; put a new spin on "defense in depth" for consolidated systems; and establish safety and security as the top priorities driving the design of critical systems.As industry 4.0 and smart factories continue to connect their assets and equipment to the cloud, attack surfaces grow exponentially. Critical and sensitive connected industrial equipment is paramount to client’s success and something that cannot be left vulnerable. For example, if you think about a milling machine for airplane parts, or a nuclear plant, or a huge pump that distributes water inside of a dam, if any of those are hacked, the damage would be immense and there is a potential for people to get hurt or worse. This is where the IEC62443 standard comes into play, to help re-enforce security foundations. The ISA/IEC 62443 specification has been developed to help companies that provide equipment and infrastructure to the industrial segment to architect their systems with security in mind. Join us as we discuss how secure elements can facilitate your journey to a successful IEC 62443 certification.
Xavier Bignalet, Product Manager for Secure Products Group, Microchip Technology
This presentation is a practical guide to implementing seamless, scalable security for connected devices.
IoT devices are inevitably exposed to risk when connected to the internet. From the chips inside them to the cloud servers, Internet or on-premise applications they connect with, there are now proven components, tools and methodologies to mitigate risks across the supply chain and eliminate the need for expert cryptographic knowledge while doing so.
The presentation will cover secure provisioning, onboarding, and lifetime management of IoT devices, including how to securely implement firmware updates over-the-air. It will show how the processes can be set up in minutes, rather than days or weeks, even where tens of thousands of devices are involved. It will also demonstrate how it’s possible to cut the cost and complexity of IoT edge-to-cloud connectivity, and how to introduce best practices for secure management of your IoT networks.
Chris Jones, IoT Security Solutions Specialist, Crypto Quantique
From the start, the Zephyr project has focused on providing an RTOS that could be depended on for products that need security. Over the last 5 years, the Zephyr project has incorporated security best practices into the development of the code and interaction with external systems. Zephyr has been a CVE Numbering Authority (CNA) for several years and the PSIRT team is focused on improving automation of vulnerability remediation. In 2021, after the release of the Cybersecurity Executive order, Zephyr also became the first RTOS to be able to generate an SBOM for product builds, down to the source file level, improving software transparency and confidence when doing the analysis for exploitability for products based on Zephyr. In this session, the details of the best practices that Zephyr is following will be articulated and support infrastructure for the releases discussed.
Kate Stewart, VP, Dependable Embedded Systems, The Linux Foundation
Secure elements, smart cards, and embedded security chips form the invisible digital security foundation for our daily lives. Billions of embedded security chips are sold every year, and most of us carry a few everywhere we go. However, the industry behind these small, ubiquitous devices will soon undergo a quiet revolution as the cryptographic standards that underpin their security are being updated in response to the threat posed by quantum computers. From telecoms, banking, to the public sector, the impact will be widespread - so how do we ensure a smooth transition to upcoming post-quantum cryptographic standards?
Alan Grau, VP Business Development, PQShield
In this presentation, Dr. Xinxin Fan will first explain how to use blockchain to enhance security of IoT devices across their entire lifecycle, followed by an introduction of the ongoing standardization effort undertaken by the IEEE P2958 Identity of Things Working Group (https://sagroups.ieee.org/2958/). Finally, Dr. Fan will describe the application of blockchain-based security techniques for protecting real-world home IP camera systems. This presentation aims to bring new perspectives to many security challenges facing by IoT systems today.
Xinxin Fan, Head of Cryptography, IoTeX