IoT

Yesterday, we officially launched CSA P125 Technical Committee on  Operational Technology Functional Safety and Security. This group is compromised of experts who represent organizations in multiple sectors and from both Canada and the United States. Our mandate is primary ensure that both international and regional standards of interest are adopted in both countries.

As our standards will be published under Standards Council of Canada (SCC) and American National Standards Institute (ANSI) they will recognized in both of these markets. As we look forward to providing both vendors and organizations options for selecting and implementing standards and certification options that will reflect a commitment to secure products and solutions by these vendors.

As the co-Chair to this group, I am very fortunate to be in such great company and expertise. As the editor of T200, I am humbled by the expertise we will have available to make our standard reflective of industry needs and requirements. I am looking forward to building relationships with the new members in the years ahead.

As with all new journeys, this one is even more special due to many of the critical aspects of the technologies we are dealing with. Getting to discuss so many new use cases and sectors it the best part of the job. There are so many cool projects and technologies that the layman just never sees but ensuring that many aspects of society continue to operate normally. This group is going to be there to set the bar for security in OT technology.

//Faud

 

Over the past few months, we co-authored a CABA Whitepaper with BC Hydro’s David Rogers. The goal was to write a document that would help IoT vendors identify standards that should be considered for their IoT solutions and organization. As many buyers and procurement departments are developing requirements for products prior to evaluation and purchase ensuring that vendors, especially early stage companies, better understood the options is going to be key to adoption. With regulatory requirements being developed in many regions the future for products is going to mandate that several product categories undergo formal testing and evaluation. Getting ready for this is going to ease the transition, allow vendors to adapt to the frameworks and expand to new markets globally.

TwelveDot is honoured to have worked with staff of BC Hydro and others to develop this body of work and hope that SMB IoT vendors will benefit from our document and the approach to securing your operations and products. Also a shoutout to the folks at CSA Group for the support during this project. The funding was greatly appreciated.

The whitepaper can be found here: https://www.caba.org

Today our CEO presented at IoT613 an Ottawa based conference focused on all things IoT. There was also a developer day before the conference as well. The conference had really good attendance including several vendors or other organizations working in this area. If you are interested in this topic plan to attend the conference next year, speakers provide a range of views and experiences.

Our presentation focused on how to evaluate IoT products and solutions for both security and privacy. The lack of education in this area is of concern as many product companies are amping up their marketing to “assure” of product safety but yet many products have never undergone formal testing and certification nor do many even have secure by design or privacy by design approaches. Security for most IoT vendors is an after thought. When purchasing one of these products assume that security and privacy testing has not been conducted.

If you did not make it out to the presentation please find it attached, we hope that it helps to be better understand the issues.

IoT613 – TwelveDot – May 9 2019

If your Toronto and are tracking IoT security and privacy you need to head to the Internet Governance Forum (IGF) on Feb. 27th and the ISOC Multistakeholder events on Feb. 28th. Our CEO will be on a Panel for the IGF to discuss Labeling and will be presenting the Draft report on Labeling at the ISOC meeting the following day.

There will be many open discussions on the current of regulations and requirements that are being developed both in Canada and globally.

Details to IGF event are here

Detail to ISOC event are here

Bring your questions, issues, and problems to our open discussions. We hope to see you there.

 

Our CEO and President will be on a International Panel to discuss labeling for cyber for consumer and business products in the Canadian marketplace. As the Chair for the ISOC Labeling group for the IoT Security and Privacy Multistakeholder Process, Faud will be discussing what consumers and businesses need to consider when purchasing products and services and the current development of related standards and projects in Canada.

Please reach out on Twitter or LinkedIn to connect at the show. Hope to see you there.

Link to CES Session

 

 

This past weekend, I was very fortunate to be the keynote speaker at the China-Canada IoT and Blockchain Innovation and Development Summit in Markham (Toronto). It was great to see so many attendees who are interested in IoT and Blockchain and the potential for how we might be able to address security and privacy in IoT.

With the announcement of the Canada China IoT and Blockhain Research Institute it will greatly help Canadian and China organizations who want to expand their reach for products/services in these regions and be able have a source for testing, evaluation and business development. We are proud to be part of this and we look forward to helping companies secure their IoT solutions.

As a proud member of SDChain, TwelveDot is looking forward to growing the SDChain network which is already at 120K users and counting. As we get closer to building the SDK’s and expanding our platform, trustworthiness is going to be key element of providing security and privacy to IoT product/service users globally.

As many of you have requested a copy of my presentation I am providing it here: SDChain Keynote_v1

 

This past week I was fortunate to be invited as a guest speaker for the 1st Internet Society meeting on IoT security. This meeting was well attended from government, private sector companies and academia. It was a means to get on the same page to issues at hand and how do we as users, developers and government secure the Internet and IoT.

The key issues at hand include:

1. Awareness to the issue of IoT Security for Canadian, not just individuals but organizations who want to deploy IoT technologies

2. What exists now from standards and best practice perspective and what approaches can be used

3. What can be done to ensure the next generation of these devices is not a source of another DDoS or other malware on the Internet.

As promised, I am including my presentation and mind map that was presented. Please feel free to share this as necessary, the more groups and individuals who are talking about this subject the better.

For more information check out ISOC here.

ISOC Ottawa_v1

IoT Attack Surface_MindMap

 

On June 20th, 2017, RISC will be held in Bangalore, India. It is a one day cyber security conference focused on issues around IoT security. Delegates will have the opportunity to attend a wide array of sessions to learn more security concepts and approaches to creating more secure IoT products and solutions.

Our CEO will giving a keynote presentation entitled “IoT Security – Preventing a Global Disaster”. While it sounds ominous it really focuses learning from the bad and what we can do as an industry to correct this before it becomes really dangerous.

Hope to you see you there.

 

I was asked to present at the Cyber Security 2017: Securing the Smart City of the Future conference which is taking place on February 27 – 28th in Ottawa. This is a Conference Board of Canada event and will be providing insights from the experts on smart cities, and the impact that they will have on urban life and business in the future. My presentation on Monday, February 27th (Plenary 3)  is called “Protecting the Smart City from Cyber Attack”. If you are working on an IoT or cyber security project, you should attend as there will be lots of good discussion and you will get an insight into the many risks of and considerations for the numerous aspects of a secure smart city.

Here is my discussion outline:

This session will discuss the approaches that must be considered by policy makers, technology companies, and city managers when assessing new technologies to be deployed as part of the smart city infrastructure. Cities do not want to be attacked nor have their devices used to attack other cities or foreign governments. It will take planning and foresight to reduce these risks. Standards are being developed that will help with both architecture aspects and how to assess the security and privacy risks.

Hope to you see you there and don’t forget to bring your questions!

Well it has been good start to our 6th year in business. We would like to thank all our customers and partners both old and new who are contributing to our success. Without you we do not exist and most importantly get to build stronger more secure companies and products for our clients.

I wanted to bring your attention that on Feb. 7th I will be in Toronto to give a presentation to CIA Plus. My topic will be about IoT Challenges and Issues and Standards. If your in the Toronto area this evening please drop by and join our open discussion on security and IoT.

I will be joined by on my panel with Sangam Manikkayam of Symantec, Bob Martin of Cisco and Victor Garcia of the Schulich School of Business. It will be very informative if you or your organization are considering IoT projects this year. I will provide the security and privacy aspects you should consider when planning or getting ready to launch a new IoT project. If you are able to attend more information can be found here: https://www.meetup.com/CIA-Plus-TO-the-business-of-Cloud-IoT-and-Analytics/events/236370120/

In the meantime, if you have any security questions or concerns for IoT please do not hesitate to reach out to us.

Updated: Feb. 13, 2017

I would to take this opportunity to thank all of those that came out on an icy night in Toronto to the CIA Plus Meet Up. My only regret was the lack of time to discuss all the topics in depth. We did have some good discussion after in the networking portion of the meeting and key topics of discussion worth mentioning are how does one who has no experience in security and privacy conduct threat modeling? The other is finding the resources necessary to support these projects.

While there is publicly available information on threat modeling, you may have need to find a cyber security partner or consultancy that has this expertise in these areas to help you with a project to teach you approach, tools and train your staff. They should be able to provide the baseline elements to implement these aspects in your organization including the after project support, should you required it.

The second point about security resources is a bit more difficult as the number of technical security experts for IoT is limited. If you are looking to hire a security resource(s) look for reference-able projects that include aspects of technical architectures in mobile, cloud and distributed systems. Experience in these key areas will provide the necessary basis to conduct risk assessments against IoT architectures.

As discussed please find the following:

1. A copy of the presentation
2. A IoT mind map
3. The threat poster

Also please find an article from reporter, Denis Deveau, who was in the audience. Thank-you Denise for the coverage of this event.

IoT-Threats-and-RisksCIA Plus – Feb 7 – Final SWG_5_IoT_Technologies_MindMap