The Department of Homeland Security (DHS) will weigh into the debate about securing the vast Internet of Things (IoT) this week when it lays out new guidelines for connected device makers at the third annual Security of Things Forum in Cambridge, Massachusetts on Thursday.
Robert Silvers, the DHS Assistant Secretary for Cyber Policy, will present a set of strategic security principles for manufacturers, designers and developers of connected, IoT devices to consider when designing new products. Silver will also talk about the steps that organizations should take to secure connected infrastructure and devices that have already been deployed.
The talk comes amid growing interest by government, industry regulators and private firms in the burgeoning population of connected “stuff” that's expected to number in the billions of devices by the end of the decade.
“The Internet of Things is a full blown phenomenon, and it’s here. It brings incredible value to consumers and industry, but it also comes with attendant risks.” –Robert Silvers, DHS
IoT putting security, privacy at risk
The Department of Homeland Security is just the latest government agency to take a swing at taming the storm of connected devices hitting store shelves and worming their way onto corporate networks. And there’s ample evidence of work to be done on both security and privacy.
Speaking alongside Silvers at the forum, Dr. Kevin Fu, co-founder of the startup Virta Labs and Associate Professor, Sloan Research Fellow Computer Science and Engineering
Electrical Engineering and Computer Science, University of Michigan, will discuss the challenges that hospitals face as they try to ensure continuity of operations with a population of medical devices that are often difficult, or impossible, to secure.
Travis Goodspeed, a world-renowned security researcher who has developed tools to research embedded systems and wireless devices, will talk about the ways in which small, subtle, hardware-based flaws can become major security issues as components are used and reused across products of many different types.
More than one presentation at the conference will highlight serious vulnerabilities in home automation systems of the kind sold online and at big box retailers such as Home Depot and Best Buy. In his presentation, Breaking BHAD, Scott Tenaglia, Associate Research Director at endpoint security vendor Invincea Labs, will delve into security holes he discovered in home automation hubs from Belkin, including multiple vulnerabilities in its WeMo line of home automation products and the Android mobile app that controls it.
Separately, researchers with IoT security tool vendor Senr.io will unveil a range of vulnerabilities in inexpensive embedded devices used for home networking and to connect “smart” products.
Internet of Things: Security front and center
When we first started doing this event, security and IoT was kind of a novelty. We asked ourselves, "Can we really talk about these two things together?'" No more. Today, security is front and center, because concerns about security and privacy are perceived to be one of the biggest obstacles to the IoT’s growth.
A report by the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), released last May, found that public faith in the Internet has dimmed in the wake of data breaches, cybersecurity incidents, and reports critical of the privacy practices of online services.
The biggest threat came in the form of “negative personal experience,” the report found. In a similar vein, a report from Berkeley’s School of Information and the Hewlett Foundation noted that cybersecurity is on the cusp of “profound psycho-social impact” on human society.
The Security of Things Forum takes place in Cambridge, Massachusetts on Thursday, September 22. Information on the show and registration is available at SecurityofThings.com. Follow developments from the show on Twitter using the #secot tag and via @secthings.
Image credit: Flickr
Keep learning
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed fast on the state of app sec testing with TechBeacon's Guide. Plus: Get Gartner's 2021 Magic Quadrant for AST.
Get a handle on the app sec tools landscape with TechBeacon's Guide to Application Security Tools 2021.
Download the free The Forrester Wave for Static Application Security Testing. Plus: Learn how a SAST-DAST combo can boost your security in this Webinar.
Understand the five reasons why API security needs access management.
Learn how to build an app sec strategy for the next decade, and spend a day in the life of an application security developer.
Build a modern app sec foundation with TechBeacon's Guide.
