IoT Security Foundation launched in London
October 1, 2015
The Internet of Things Security Foundation (IoTSF) officially launched last week in London and set out its plans to respond to rising concerns surrounding cyber-security problems in IoT. The creation of the IoTSF follows an eight-month investigative and consultative process that included staging the IoT Security Summit earlier this year.
The summit validated a need to bring more focus to security issues and, since that time, work has continued to determine an appropriate response to both business and technical threats. The IoTSF aims to bring an international and expert focus to promote excellence in IoT security with the ambition to make it safe to connect.
“The formation of the IoTSF has been through a rigorous process to make sure it is fit for purpose,” said John Moor, vice president at NMI and IoTSF director. “With so many concerns and a new complexity of security in IoT, it is important that we now start the necessary work in earnest to address known, yet not always addressed, and emerging vulnerabilities. The scale and scope of the issues are formidable and as such they require a formidable response. This can only be achieved effectively by working together, so I am delighted to announce the IoTSF is open for business and invite organisations to back the mission and join us. Together we can raise standards and make it harder for criminals, adversaries and rogues of all denominations to exploit us.”
To meet identified needs, the IoTSF has been setup as a non-profit, technology neutral body, which will take a system wide, holistic perspective on IoT security best practice. It is not a standards body but intends to work collaboratively with existing standards and other consortia by default. The programme of activities of the foundation will initially target three key stakeholder groups – technology providers, systems adopters and end users.
The IoTSF has an executive steering board comprised of technology organisations and security experts including BT, Vodafone, Imagination Technologies, Royal Holloway University of London, Copper Horse Solutions, Secure Thingz, NMI and PenTest Partners. John Haine, industry veteran and visiting professor at the University of Bristol, has been named as the inaugural chair.
“Improving the security of IoT is beneficial to consumers, suppliers and businesses,” said Ben Azvine, global head of security research and innovation at BT. “It will help to accelerate adoption of the technology and protect privacy and confidentiality of information. The IoTSF has an important role to play in achieving this, and BT is delighted to be driving its formation. We look forward to taking an active role in engaging with IoTSF members.”
Haydn Povey, CEO of Secure Thingz, added: “Security is critical to the success of the internet of things. There are significant issues already arising through the current lack of security, including attacks on appliances, lighting systems and bounce attacks onto PCs from compromised devices which needs to be addressed early by industry. We must also tackle the near certainty of future successful compromises. The IoTSF will assist in the development of best practices for the nascent IoT domain, pulling in experienced individuals from MNO, semiconductor, traditional infosec, automotive and other domains, to ensure we do not repeat the painful mistakes of the past”
To accompany the launch, the IoTSF announced three activities to initiate its work: IoT security, the big picture; self-certification for product developers; and an inaugural conference in December in London.
“Recent high profile cyber-attacks have reinforced the necessity for high levels of security so that the rapidly growing IoT market can flourish,” said Robin Duke-Woolley, CEO of market analyst firm Beecham Research. “This is a complex process to achieve, requiring high levels of interoperability between different domains often pursuing very dissimilar security goals. We see the IoTSF as an important new initiative to assist in bringing these together in a way that promotes rapid and secure IoT market development.”
Majid Bemanian, director of strategic marketing, networking and storage at Imagination Technologies, added: “Recent incidents make it clear that IoT devices must implement new security paradigms to address a range of new threats. Imagination is taking action today with new technologies for next-generation security and we are delighted to be part of the IoTSF, which we expect to be a significant vehicle for responding to the security concerns arising around IoT.”
The IoTSF is funded by a low-cost membership model and will supplement income through its own operations. It will also accept donations from benefactors who support its mission.