In-brief: Security Ledger Editor in Chief Paul Roberts speaks with John Dickson, a principal at Denim Group about the recent Internet of Things privacy sweep and about the challenge of securing the Internet of Things supply chain.
The past week was another big one for news about security, privacy and the Internet of Things. As Security Ledger reported, data privacy authorities in 29 countries including Canada, undertook a privacy “sweep” of connected devices including personal fitness devices, connected thermostats and the like. We don’t know the results of that survey yet, but it seems likely that there will be some meaningful findings as a result of the effort.
An even bigger and scarier prospect, however, is the security of the hardware and software supply chain. Much of that lies outside of Europe and the U.S. in countries, like China, where notions of privacy and security are different – if not non-existent.
In this week’s podcast, we talk to John Dickson, a principal at Denim Group, about the Iot supply chain and how sophisticated companies are addressing the risk posed by connected stuff.
“Ironically, most of the manufacturing for retail devices does not occur in the US or in Europe, but in fact China, where personal privacy is by definition non-existent,” Dickson notes. “However, Chinese manufacturers will listen to their buyers, so there is hope here that IoT security might be addressed,” Dickson said.
The alternative? Lots of what Dickson refers to as “market failures” – basically gaping holes in IoT products that make it into production and cause problems. Last summer’s demonstration of a wireless software hack of a Fiat Chrysler Jeep Cherokee is an example of that dynamic at play.
John is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. Our conversation was recorded on Friday.