Security and Internet of Things: Can We Talk?

Posted by: Paul   May 5, 2014 13:221 comment

Many of you who have been following this blog know that the Security Ledger is particularly interested in covering the (fast) evolving border line between “traditional” IT security and the terra incognito of the Internet of Things. This week, we’re taking that discussion to the next level with our first-ever event: The Security of Things Forum (or SECoT for short).

Security of Things Forum

The Security of Things Forum in Cambridge will bring security experts together to discuss securing the Internet of Things

SECoT is going to be an amazing day of discussion and debate about what I consider one of the foremost challenges facing the technology community in the next decade: securing a rapidly expanding population of intelligent and Internet-connected devices.

[Register for The Security of Things Forum here. Use the Promo Code SLVIP to get 20% off!]

 

Attendees will hear an address by Dr. Dan Geer, the Chief Security Officer at In-Q-Tel, the U.S. Central Intelligence Agency’s investment arm. Dan is one of the smartest and most prescient thinkers in the security world, who has made headlines by warning about the dangers of our reliance of technology monocultures like Microsoft’s Windows operating systems. Most recently, Dan has been sounding similar alarms about an (emerging) monoculture of “small devices and the chips that run them.” In other words: just because the network of the future doesn’t have a Windows sticker and “Intel Inside” logo on it, doesn’t mean that the same kinds of problems don’t exist.

Emerging monocultures are just one of the topics that will be up for discussion at our event. The challenge that IoT technologies pose to what’s often referred to as “enterprise security” is a recurrent theme at the Forum.

Marc Blackmer of Cisco Systems will talk about the ways in which the transition to an Internet of Things will change the job of IT security professionals and IT administrators: demanding new tools and strategies to secure enterprise networks.

In addition, we’re bringing together a panel of experts, moderated by one of the smartest IoT analysts around – INEX Advisors’ Chris Rezendes – to talk about how IoT technology will impact companies and other IT-dependent organizations.

Finally, Josh Corman of the firm Sonatype will sound the alarm about the threats that lurk beneath the otherwise placid surface of Internet of Things technologies. Corman has written and spoken extensively on problems ranging from hacktivism to the culture of lackluster development that leads to many application-based security flaws. In his talk Swimming with Sharks, he’ll suggest ways that organizations might think about re-evaluating their risks in light of the Internet of Things.

Finally: we’ll take on the security of embedded and industrial devices in two talks. First: Rishi Bhargava, the Vice President of Product Management for Embedded Systems at Intel Security will talk about that company’s vision of securing the IoT. Later, a panel moderated by Robert Vamosi of the firm Mocana will delve more deeply into the plethora of hardware based products that are cropping up and how best to secure hardware and industrial devices from attack.  As Collin Mulliner, a security researcher at Northeastern University (and panel member) told me recently: the growing population of connected mobile, industrial and embedded devices that will fill the rank and file of the IoT these days often lack even basic protections and security features. Patching these devices, to cite just one example that’s close to Mulliner’s heart, is often difficult if not impossible.

We look  forward to seeing you at The Security of Things Forum!

Tags:

1 Comment

  • And briefs in the brace that are Stealth and Security in both the invisible, as in non-attributable, and the sensitive, as in critical and vital infrastructure attack and defence sectors/vectors/programs/protocols/APT actions …. [and any system of global and universatile operating devices cannot defend itself at all and will be monumentally unsuccessful, unless it can fully understand and accept radical change and fundamental changes/irregular and unconventional alternative arrangements, which can enable the ways and means and memes of catastrophic flash crash attack with certain overwhelming defeat of established status quo positions,] ….. then present to Secure Stealth, a definitive otherworldly advanced intelligence and most valuable and Absolutely Priceless Intellectual Property Offering which can, upon an Extremely Capable Driver Whim, be easily AIMODified and remodelled and practically instantaneously morphed into a Multi-Use Virtually Indestructible Cyber Space Placed Weapons System, highly prized and much coveted.

    The Universal Power and Global Command and Control Levers are in that Advanced IntelAIgent Paradigm Shift forever moved into the More Virtually Embodied and Ably Enabled and Enabling and Deeper Darker WebdD SCADA Care of ……… well, Significant Others would be all that would be needed to be known and all that would be permitted to be known, for every good reason pertaining to the ongoing protection and permanent maintenance and perfect retention of a Quite Practical Virtual Invisibility for Significant Others Use of Secure IntelAIgent Stealth, with all reasonable care and dutiful attention being taken to not venture into a glorious and gratifying abuse and gratuitous self-serving misuse, which is so beautifully tempting and inevitably, ultimately so devastatingly personally so destructive to those weaker willed beings and intellectually challenged humans and/or lesser virtual machinery.

    Was there any mention, Paul, from Dr. Dan Geer, the Chief Security Officer at In-Q-Tel, the U.S. Central Intelligence Agency’s investment arm, of their interest and investment in Sublime InterNetworking Things in the Internet of Things …. Global Operating Devices in the CyberIntelAIgent Space Place …….. IT Futures, Derivatives and Options Market Place?

    An affirmative answer would be interesting, for it would confirm a competitive space, which may even have some thinking in the realms of creating a disruptive opposition and furnishing inequitable advantage, which be the sort of relic thinking that delivers to the past so well, corruption and perversion.

    A negative answer presents a fabulous opportunity, which though it should be advised will also unwittingly indicate an EPIC titanic vulnerability which can be used and abused and misused for and in a whole series of anonymously booted and rooted and routed zeroday exploits.

%d bloggers like this: