Audit and Assessment

To everyone that attending the IoT Ottawa Virtual Meetup thank-you for taking the time to attend this session and for participating. It was a good discussion and I hope it was helpful for those of you that attended. It is good to see that events like these can still be held despite the current conditions.

For those of you that were not able to make it to the Meetup here is the abstract of the presentation:

One of the biggest barriers for the adoption of the IoT products is the potential security and privacy risks. To help overcome this reluctance vendors need to ensure that they are clearly demonstrating to the market they have implemented security and privacy in their solution. This workshop will provide an understanding how to secure an IoT solution leveraging a risk based approach using standards. We are going to present how IoT projects should be approached to ensure both security and privacy requirements are included at design time and be validated during the development lifecycle. This is based on countless projects where we have worked on evaluating IoT products in multiple sectors to identify design and process issues including formal testing to T200 and UL2900.

We will share the best practices for the following:

  1. Design considerations
  2. Setting up a governance function
  3. How to operate a Secure Development Lifecycle (SDLC)
  4. Operational Considerations
  5. Testing and Verification

Other topics of discussion include:

  1. Latest developments in the global market for security and privacy requirements
  2. Strategy considerations

This session will be provided as a workshop to help SME’s hopefully address their security and privacy issues. Please bring your questions and concerns.

As mentioned, I am providing the presentation, the IoT attack surface poster and worksheet for the presentation. I am also hoping to provide the video of the session available at a later date as well.

Note: I will be posting the worksheet a bit later but wanted to share the presentation and poster right away.

Please reach out for any clarifications or questions you may have and most of all be safe everyone!

IoT Threat Poster

IoT Ottawa – Blueprint for IoT Security

 

Over the past few months, we co-authored a CABA Whitepaper with BC Hydro’s David Rogers. The goal was to write a document that would help IoT vendors identify standards that should be considered for their IoT solutions and organization. As many buyers and procurement departments are developing requirements for products prior to evaluation and purchase ensuring that vendors, especially early stage companies, better understood the options is going to be key to adoption. With regulatory requirements being developed in many regions the future for products is going to mandate that several product categories undergo formal testing and evaluation. Getting ready for this is going to ease the transition, allow vendors to adapt to the frameworks and expand to new markets globally.

TwelveDot is honoured to have worked with staff of BC Hydro and others to develop this body of work and hope that SMB IoT vendors will benefit from our document and the approach to securing your operations and products. Also a shoutout to the folks at CSA Group for the support during this project. The funding was greatly appreciated.

The whitepaper can be found here: https://www.caba.org

Today, TwelveDot is starting a multiyear R&D project with Carleton University in Ottawa, Canada and several other medical partners. The goal of this research to create a risk framework for evaluating the usage of IoT technologies in hospitals, clinics and other out patient services. As the technology/cyber partner for this research project, we are excited to be bringing our expertise in IoT and assessment to this project, and are look forward to working with all healthcare providers to make these environments much safer from a cyber perspective.

Lets help the healthcare professionals focus on getting our sick citizens well again and reduce the attack surface of the products and services they use.