The Department of Homeland Security (DHS) will weigh into the debate about securing the vast Internet of Things next week, laying out new guidelines for connected device makers at the third annual Security of Things Forum in Cambridge, Massachusetts.
Robert Silvers, the DHS Assistant Secretary for Cyber Policy, will use the event to present a set of strategic security principles for manufacturers, designers and developers of connected, Internet of Things products to consider when designing new products. Silver will also talk about steps that organizations can take to secure connected infrastructure and devices that are already deployed.
The talk, on Thursday, September 22, comes amid growing interest by government, industry regulators and private firms in what a burgeoning population of connected “stuff” that is predicted to number in the billions of devices by the end of the decade.
“I think what we’ve come to recognize is that the Internet of Things is a full blown phenomenon and it’s here,” Silvers said in an interview. “The IoT brings incredible value to consumers and industry, but those also come with attendant risks.”
The Department of Homeland Security is just the latest government agency to take a swing at taming the storm of connected “stuff” hitting store shelves and worming their way on to corporate networks. And there’s ample evidence of work to be done on both security and privacy.
Speaking alongside Silvers at the Cambridge Forum, Dr. Kevin Fu of the firm Virta Labs, and the Archimedes Center for Medical Device Research at the University of Michigan will discuss the challenge that hospitals face as they try to ensure continuity of operations with a population of medical devices that are often difficult or impossible to secure.
Travis Goodspeed, a world-renowned security researcher who has developed tools to research embedded systems and wireless devices, will talk about the ways in which small, subtle, hardware based flaws can become major security issues as components are used and reused across products of many different types.
More than one presentation at the conference will highlight serious vulnerabilities in home automation systems of the kind sold online and at box store retailers like Home Depot and Best Buy. In a talk entitled “Breaking BHAD,” Scott Tenaglia of the firm Invincea will delve into security holes he discovered in home automation hubs by the firm Belkin, including multiple vulnerabilities in Belkin’s WeMo line of home automation products as well as the mobile (Android) application that controls it.
Separately, researchers from the firm Senr.io will unveil a range of vulnerabilities in inexpensive embedded devices used for home networking and to connect “smart” products.
“When we first started doing this event, security and Internet of Things was kind of a novelty – like: ‘Can we really talk about these two things together?’” No more. “Today, security is front and center, because concerns about security and privacy are perceived to be one of the biggest obstacles to the IoT’s growth,” Roberts said.
A report by the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) in May found that public faith in the Internet has dimmed in the wake of data breaches, cybersecurity incidents, and reports critical of the privacy practices of online services. The biggest threat came in the form of “negative personal experience,” the report found.
In a similar vein, a report from Berkeley’s School of Information and the Hewlett Foundation noted, cybersecurity is on the cusp of “profound psycho-social impact” on human society. The Security of Things Forum will take place in Cambridge, Massachusetts on Thursday, September 22. Information on the show and tickets are available at Securityofthings.com.