A little more than a month from now, the world’s attention will shift to San Francisco for the annual RSA Security Conference – perhaps the biggest single IT security industry event of the year. But this week, at a much smaller venue, the focus will be about what’s amounting to the ‘next big thing’ in the security world: the Internet of Things.
The Amphion Forum focuses on a growing part of the computer security landscape that still struggles for attention in a security market still focused on the needs of large companies. Namely: the security challenges posed by mobile devices – phones and tablets and a menagerie of newly-connected endpoints, from wearable computers to implantable medical devices to household appliances.
The privacy and security challenges facing organizations that wish to embrace the IoT are legion. Intelligent devices have been shown to lack basic protections against unauthorized access, such as strong encryption to protect device-to-device communications or strong authentication that protects administrative access to the device.
Beyond that, many Internet enabled devices have been found to contain remotely exploitable security holes – the product of hasty authoring and poor software testing prior to release. Finally, owners and operators of critical infrastructure are finding that equipment that was not designed to be Internet accessible often is – the result of upgrades and feature enhancements intended to make remote machinery easier to manage.
After floating under the radar, the security of The Internet of Things has burst into the spotlight in recent months. The revelations of classified NSA surveillance programs by former government contractor Edward Snowden have raised awareness of the ways in which portable electronic devices like smart phones and cloud-based data repositories can be mined for small pieces of “metadata” that, in combination with other data, can paint a clear picture of individuals movements, activities and intentions.
In the world of consumer devices, security researchers and reporters have exposed gaping security holes in products as diverse as home surveillance cameras and late-model “connected” vehicles. At an FTC workshop in November, the Commission warned consumer device makers that they need to make the security of their products seriously and be transparent with customers about how data collected by the devices may be used.
The brainchild of Mocana, a mobile application security firm (disclosure: Mocana is a Security Ledger sponsor), Amphion straddles all three trends, with presentations on topics like managing and securing mobile devices in the enterprise, as well as demonstrations of potential threats to critical infrastructure, to techniques for breaking home automation networks and technologies.
The company will use the Forum to announce the formation of the Mobile App Security Working Group (MAS), a non-profit association of mobility, security and enterprise stakeholders who are “seeking to simplify and accelerate the deployment of secure mobile apps in all kinds of environments, on all kinds of devices – from the enterprise to the emergency room, from the power plant to the automobile.” The group includes a mix of enterprise platform, security and embedded device makers including SAP, the security firms FireEye and McAfee and Wind River, a subsidiary of Intel that makes operating system software for embedded devices.
Security Ledger will be providing coverage of The Amphion Forum Thursday and Friday. So stay tuned right here for more news on security and the Internet of Things!