[content] => 
    [params] => Array
            [0] => /forum/index.php?threads/15-items-that-i-learned-from-attending-two-iot-security-panels-at-techcon-2016.8559/

    [addOns] => Array
            [DL6/MLTP] => 13
            [Hampel/TimeZoneDebug] => 1000070
            [SV/ChangePostDate] => 2010200
            [SemiWiki/Newsletter] => 1000010
            [SemiWiki/WPMenu] => 1000010
            [SemiWiki/XPressExtend] => 1000010
            [ThemeHouse/XLink] => 1000970
            [ThemeHouse/XPress] => 1010570
            [XF] => 2020771
            [XFI] => 1050170

    [wordpress] => /var/www/html

15 items that I learned from attending two #IoT security panels at TechCon 2016

Diya Soubra

New member
  1. #IoT is a system of systems. It is not just security of the node that matters. Think systems. Secure whole systems not components.
  2. Security is like insurance, you pay more for increased levels of protection. Layers upon layers of security to force the attacker to expand more resources for the attack till it becomes no longer worthwhile.
  3. The system will for sure be hacked so prepare a response plan in advance.
  4. Force the attacker to spend more money to hack the system than was spent to protect it. This is the only viable business model.
  5. The key to all security is protecting the identity of the source. It is not enough to protect the message. The receiver also needs to validate the identity of the source. Prevent the extraction of identity at all cost.
  6. If all partners contributing to a system share in the damage or loss from a hack then for sure the system will be designed with more layers of security.
  7. Offering developers a platform is the only way to bring security to the solutions they create.
  8. Get system designers to think about how to break into the system as opposed to only testing if it works as per specification.
  9. Negative testing. Test that the system does not work the way it is not supposed to.
  10. TrustZone is a tool for adding layered security.
  11. There is an industry average for expected number of bugs per lines of code. More lines of code mean more bugs, less security.
  12. A non-secure object introduced inside a system of systems will compromise all.
  13. Firewalls and encryption are not enough for #IoT security.
  14. Design the system such that it gets harder to break into the second device once the first one is hacked.
  15. AI will become the next tool for #IoT security by analysing identity, traffic and communication patterns.
I believe that most designers agree that all these points are valid. Maybe the key is that they need to be considered all as one at system design time.

It is urgent now for universities to start offering degrees in #IoT engineering where students learn how to design and build secure system of systems with AI supervision!