Featured Talk: CSS on Secure Identity as the Key to doing IoT at Scale

Managing digital identities is one of the most vexing problems on the Internet of Things. That shouldn’t come as a surprise – managing digital identities was  a high bar to clear even for the old “Internet of machines,” where the challenges of managing PKI infrastructure often prompted application and device makers to take shortcuts, or avoid the use of strong identities altogether.

On the Internet of Things, of course, the challenges multiply. Endpoints might be small and resource constrained. Ecosystems are spread between dispersed agents and cloud-based management back ends. Deployments are far more varied and – in some cases- have far greater scale than could be found on any enterprise network. Identity on the IoT has to be secure – yes – but also  highly- scalable and cryptographically-agile. That’s a big challenge.

Judah Aspler is the Vice President of Business Development at Certified Security Solutions (CSS)

Still: strong, provable digital identity is more critical than ever. Just last week, for example, the security firm Pen Test Partners warned that their red team analysis of SatCom satellite communications systems used aboard container ships revealed a range of security flaws that could be exploited by malicious adversaries to coax the huge ships off course – possibly even sinking or grounding them. Pen Test hackers found they could hack into satcom terminal hardware via administrative interfaces that were accessible from the public Internet over the insecure Telnet and HTTP protocol. Many accepted unsigned firmware updates, as well, they found.

This can’t stand. We’ve already tasted the fruit of insecure IoT deployments with the Mirai botnet and the WannaCry and NotPetya wiper malware. As the stakes of adverse events move from bits and bytes to “flesh and blood” (as our featured speaker Josh Corman will explain), organizations that are building and deploying connected products need to do son on a foundation of trust.

That’s why we’re thrilled to welcome CSS as a Security of Things sponsor and to have Judah Aspler of CSS on our agenda on June 19th to talk about how CSS’ customers are using trusted partners – including CSS and PTC – to secure IoT deployments at scale.  In his featured talk, Judah will  discuss how organizations can use ThingWorx platform to provide a wide range of security capabilities to IoT deployments, including authentication, authorization, encryption and secure software and firmware updates.

If you’re not familiar with CSS, they provide a range of solutions that offer effective PKI operations and digital certificate management. Their tools allow firms to automate the management of digital certificates, enforce certificate security requirements and scale PKI to IoT dimensions in a way that is economically viable. You can learn more about CSS here.

We look forward to seeing you in the audience for Judah’s talk on strong identity and IoT, which takes place at 11:00 AM on Tuesday, June 19!

RSA Innovation Sandbox Finalist ReFirm Labs at Security of Things Forum

Terry Dunlap, the Chief Executive Officer and Co-Founder of ReFirm Labs will present at the June 19 Security of Things Forum in Boston.

Taking place alongside PTC LiveWorx, The Security of Things Forum is New England’s premiere IoT and security event. It brings together some of the world’s top experts, executives and entrepreneurs who are focused on the challenge of our time: securing the Internet of Things. [Use this link to register for the Forum!]

Continue reading “RSA Innovation Sandbox Finalist ReFirm Labs at Security of Things Forum”

Senrio researchers to expose risk of lateral IoT attacks

As connected devices make their way onto more enterprise networks, researchers from the cutting edge IoT security  firm Senrio will demonstrate how insecure and compromised Internet of Things endpoints can be leveraged in damaging cyber attacks.

Senrio Chief Technology Officer Stephen Ridley and VP of Research M Carlton will demonstrate how would-be attackers can exploit known vulnerabilities in the firmware (software) running on devices like IP cameras, wireless routers,  network attached storage and other devices to gain access – to and control over hardware ranging from medical devices to industrial machinery.

>> Your ticket to the Security of Things™ Forum comes with an Explorer pass to LiveWorx 2018.
Register now and get $75 off admission using this link. <<

The two will present their research at The Security of Things Forum, a one day Internet of Things and security event taking place alongside the 2018 PTC LiveWorx Conference in Boston on June 19.

Stephen Ridley Senrio
Stephen Ridley, the CTO and Founder of Senrio will present research on the danger of lateral attacks between IoT devices.

Embedded devices like routers and cameras pose a variety of risks to sensitive IT environments, Ridley and Carlton say. Among them: the re-use of vulnerable code across product families. That means a software flaw found in one firmware file might exist across dozens or scores of other versions of that software running on hundreds of different types of products.

Senrio has used research to expose these risks before. Last year, for example, its researchers highlighted a flaw dubbed Devil’s Ivy, which affected hundreds of security cameras made by the firm Axis Communications. That flaw was linked to a third-party software library and would allow an attacker who could connect to an Axis camera from the public Internet to take control of it, even if she did not know the user name and password required to log into the device.

In their presentation at The Security of Things, Ridley and Carlton will demonstrate how attackers can launch lateral attacks between IoT devices using critical vulnerabilities in popular devices. Among other things, the two will show that common responses to this threat, such as segmenting networks containing IoT devices is an insufficient defense.

The two will discuss useful approaches to identify IoT devices in sensitive network environments, assess their security risk and to protect them from compromise. Get your tickets now to reserve your seat!

About the Security of Things™ Forum (SECoT)

The Security of Things™ Forum (SECoT) delivers some of the world’s leading experts and executives for a day of discussion and debate on the preeminent challenge of our time: securing the Internet of Things. Since 2014, SECoT has drawn experts, practitioners, executives and entrepreneurs from government, academia and the private sector get together to explore the practical and political challenges of securing a global population of tens of billions of connected, intelligent devices.

Past keynote speakers include Chris Valasek of Uber, Dan Geer, the Chief Information Security Officer of In-Q-Tel, Federal Trade Commissioner, Julie Brill, Raytheon CTO Michael Daniels and renowned hacker Moxy Marlinspike.

Bits and Bytes, Flesh and Blood: PTC CSO Joshua Corman to address June Forum

Josh Corman, CISO at PTC

Joshua Corman, the Chief Security Officer at PTC and co-founder of the grassroots advocacy group I Am The Cavalry will be a featured speaker at the 5th Security of Things Forum on June 19th in Boston.

Corman, formerly the Director of the Cyber Statecraft Initiative, will present a talk entitled “Bits and Bytes, Flesh and Blood: The Real Cyber Consequences of Unsafe IoT.” In it, Corman discusses the need to re-evaluate cyber risk and cyber security for the Internet of Things.

[Grab your Security of Things Tickets here.]

Josh Corman, CISO at PTC
Joshua Corman is the Chief Information Security Officer at PTC.

Our society and others have learned through hard experience to balance the convenience and public health trade offs of other technological breakthroughs. It took decades, for example, for public health and safety advocates to force basic safety features like seatbelts on the automobile industry. Four decades later, seatbelts are accompanied by front and side airbags and the safety rating of a vehicle is a big part of its value on the sales lot.

In the information security space, however, the stakes for attacks and failures have – thus far- been low: the loss of data or availability, a hit to an organization’s productivity numbers. However, that is changing. Faults in IT systems increasingly have real world consequences, as the WannaCry attack demonstrated when it crippled hospitals throughout the UK.

With cyber risk involving not just “bits and bytes” but “flesh and blood,” as Corman notes, do we need an equivalent “five star safety rating” for Internet of Things devices like connected cars, implantable medical devices or even the lowly webcam? If so, what is the best way to stand up such an oversight function and where should its authority lie?

Beyond that: what cultural changes are needed within the software development- and information security industries to address the risks posed by billions of Internet connected things? Corman gives us his thoughts and a vision of a possible future.

Join us on June 19th in Boston to hear Josh’s illuminating talk!

NY Times Best-Selling Author Cory Doctorow to Keynote 2018 Forum

The Security of Things™ Forum is pleased to announce that technology activist, journalist and New York Times best-selling author Cory Doctorow will keynote the 2018 Security of Things Forum in Boston on June 19th.

Registration for our 2018 Forum is now open and you can purchase tickets here.

Cory Doctorow
Cory Doctorow is a science fiction author, activist, journalist and blogger — the co-editor of Boing Boing (boingboing.net) and the author of fiction and non-fiction novels.

Doctorow is one of the brightest thinkers on issues related to technology, security, privacy and civil liberties: issues he has tackled in his writing, from his New York Times Bestseller LITTLE BROTHER, to 2014’s INFORMATION DOESN’T WANT TO BE FREE, a book about creativity in the Internet age. His latest young adult novel is HOMELAND, the bestselling sequel to 2008’s LITTLE BROTHER.

“I’m excited to be able to address an audience of practitioners, experts and entrepreneurs: as we subsume computers into our lives in ever-more-intimate ways, on our bodies, around our bodies, even *in* our bodies, understanding the ways that our designs can thoughtlessly enable crimes, harassment and even dictatorship is key to averting a future none of us want to see,” Doctorow said.

“The events of recent months have underscored the degree to which technology cannot be held apart from issues like morality and ethics, as well as societal values such as privacy, intellectual freedom and freedom of expression. Cory is one of the smartest and most influential voices of reason on these issues,” said Paul Roberts, the Founder of The Security of Things Forum. “We’re thrilled to have him as the keynote speaker for our 2018 event!”

When he is not writing, Doctorow is a special consultant to the Electronic Frontier Foundation (eff.org), the non-profit civil liberties group that defends freedom in technology law, policy, standards and treaties. He holds an honorary doctorate in computer science from the Open University (UK), where he is a Visiting Professor; he is also a MIT Media Lab Research Affiliate. In 2007, Cory served as the Fulbright Chair at the Annenberg Center for Public Diplomacy at the University of Southern California.

Cory’s novels have been translated into dozens of languages. He is the recipient of the Locus, Prometheus, Copper Cylinder, White Pine and Sunburst Awards, and been nominated for the Hugo, Nebula and British Science Fiction Awards. Cory co-founded the open source peer-to-peer software company OpenCola, and serves on the boards and advisory boards of the Participatory Culture Foundation, the Clarion Foundation, the Open Technology Fund and the Metabrainz Foundation.

About The Security of Things Forum

The Security of Things™ Forum (SECoT) delivers some of the world’s leading experts and executives for a day of discussion, learning and debate on the preeminent challenge of our time: securing the Internet of Things. Now in its fourth year and fifth installment, Security of Things Forum has brought some of the world’s top experts on the security of embedded systems, connected devices, critical infrastructure and cloud together under one roof. Past keynote speakers include noted car hacker Chris Valasek, medical device security expert Kevin Fu of the University of Michigan, In-Q-Tel Chief Technology Officer Dan Geer and Signal/Whisper Systems creator and “hillbilly hacker” Moxie Marlinspike.

Security of Things and LiveWorx: Better Together

This year’s Forum is happening alongside LiveWorx 2018, a global technology conference and marketplace for solutions engineered for a smart, connected world. With your Security of Things registration, you’ll receive a complimentary LiveWorx Explorer Pass that gives you access to LiveWorx Keynotes, LiveTalx Presentations and Xtropolis, the 150,000 sq. ft. exhibition hall.

Or you can upgrade your registration to include a LiveWorx All Access pass to attend over 230 breakout sessions featuring thought leaders from a wide range of industries and technology disciplines. For more information on LiveWorx, please visit www.LiveWorx.com.

Call for Papers for 5th Security of Things Forum

Chris Poulin IBM

Just a note to all of our friends in the information security community that we’re gearing up for our fifth Security of Things™ Forum, which is taking place June 19th in beautiful Boston, Massachusetts.

Our call for paper abstracts opened March 1st and runs through April 19th. We encourage everyone who has a topic relating to security for the Internet of Things to use the simple submission form. We’d love to hear your ideas.

[Submit a talk or panel for our June Security of Things™ Forum]

Since 2014, The Security of Things Forum has distinguished itself with superb technical and strategic content focused on emerging security problems and solutions related to the Internet of Things. This year, our Forum will be held alongside PTC LiveWorx, a digital transformation conference where you can join over 7,000 leaders and change makers from around the world.

This year’s theme

Our theme for this year’s Security of Things Forum is “Partnering In Security.” The idea is simple: we’re well past the point of marveling at the woeful security of connected devices or lamenting the myriad of security problems engendered by the IoT.

The fact is: Internet of Things deployments are moving forward in sectors like manufacturing, critical infrastructure, healthcare, transportation and energy. Smart communities are taking root and (of course) homes and workplaces are being transformed by new generations of connected, sensing devices.

What we need to focus on now is how to secure these deployments and burgeoning Internet of Things ecosystems. No single technology will suffice. But what combinations of technologies and services are the best suited to secure IoT deployments? That’s the question we want to explore, with a focus on solving real-world challenges of IoT deployments.

What we’re looking for

As that suggests: we are particularly interested in presentations that have to do with how technologies and services can be brought together to secure (ideally) real-world Internet of Things deployments. Examples might be:

  • Tools and approaches to creating more secure IoT products and services (e.g. secure DEVOPS as a method for developing and deploying more secure connected products)
  • Efforts to address identity or communications security at scale
  • Tools, techniques and approaches for securely managing IoT endpoints at scale
  • Practical solutions to known challenges for IoT including including identity management, access management, endpoint management (including patching/updates)
  • Managing IoT risk to corporations and other public/private sector organizations
  • Hedging IoT risk in novel ways
  • Securing legacy infrastructure (think critical infrastructure) from modern threats
  • Securing IoT in the enterprise

Obviously, your presentation doesn’t have explicitly speak to the “partnering” theme. Check out our YouTube channel, which has videos from past Forums for a sense of the kinds of talks and panels we host.

Visit our talk submission page to send us your idea for a talk now. The Call for Papers runs through April 19th and we promise to notify all applicants of our decision by April 30th.

One Event, Many Choices for Attendees

The 2018 Security of Things Forum is co-located with LiveWorx 2018, giving you access to both the Forum’s cutting edge content focused on securing the Internet of Things and LiveWorx’s outstanding and varied sessions focusing on smart industry and other groundbreaking technologies. Your admission to Security of Things comes with a LiveWorx Explorer pass. You can also purchase the combo pass to attend Security of Things and all Liveworx sessions!

Continue reading “One Event, Many Choices for Attendees”

Sponsor for Visibility, Brand Promotion and Lead Generation

Security of Things Forum sponsorships come with a range of options for presenting your brand to attendees and an expanded online audience. As a sponsor, you will receive acknowledgment on print and online promotional materials; visibility on event signage; exhibit space in high-traffic areas; branded podcasts; and webcasts timed to coincide with our 2018 Forum.

Continue reading “Sponsor for Visibility, Brand Promotion and Lead Generation”