Managing digital identities is one of the most vexing problems on the Internet of Things. That shouldn’t come as a surprise – managing digital identities was a high bar to clear even for the old “Internet of machines,” where the challenges of managing PKI infrastructure often prompted application and device makers to take shortcuts, or avoid the use of strong identities altogether.
On the Internet of Things, of course, the challenges multiply. Endpoints might be small and resource constrained. Ecosystems are spread between dispersed agents and cloud-based management back ends. Deployments are far more varied and – in some cases- have far greater scale than could be found on any enterprise network. Identity on the IoT has to be secure – yes – but also highly- scalable and cryptographically-agile. That’s a big challenge.
Still: strong, provable digital identity is more critical than ever. Just last week, for example, the security firm Pen Test Partners warned that their red team analysis of SatCom satellite communications systems used aboard container ships revealed a range of security flaws that could be exploited by malicious adversaries to coax the huge ships off course – possibly even sinking or grounding them. Pen Test hackers found they could hack into satcom terminal hardware via administrative interfaces that were accessible from the public Internet over the insecure Telnet and HTTP protocol. Many accepted unsigned firmware updates, as well, they found.
This can’t stand. We’ve already tasted the fruit of insecure IoT deployments with the Mirai botnet and the WannaCry and NotPetya wiper malware. As the stakes of adverse events move from bits and bytes to “flesh and blood” (as our featured speaker Josh Corman will explain), organizations that are building and deploying connected products need to do son on a foundation of trust.
That’s why we’re thrilled to welcome CSS as a Security of Things sponsor and to have Judah Aspler of CSS on our agenda on June 19th to talk about how CSS’ customers are using trusted partners – including CSS and PTC – to secure IoT deployments at scale. In his featured talk, Judah will discuss how organizations can use ThingWorx platform to provide a wide range of security capabilities to IoT deployments, including authentication, authorization, encryption and secure software and firmware updates.
If you’re not familiar with CSS, they provide a range of solutions that offer effective PKI operations and digital certificate management. Their tools allow firms to automate the management of digital certificates, enforce certificate security requirements and scale PKI to IoT dimensions in a way that is economically viable. You can learn more about CSS here.
We look forward to seeing you in the audience for Judah’s talk on strong identity and IoT, which takes place at 11:00 AM on Tuesday, June 19!
