This past week I was fortunate to be invited as a guest speaker for the 1st Internet Society meeting on IoT security. This meeting was well attended from government, private sector companies and academia. It was a means to get on the same page to issues at hand and how do we as users, developers and government secure the Internet and IoT.

The key issues at hand include:

1. Awareness to the issue of IoT Security for Canadian, not just individuals but organizations who want to deploy IoT technologies

2. What exists now from standards and best practice perspective and what approaches can be used

3. What can be done to ensure the next generation of these devices is not a source of another DDoS or other malware on the Internet.

As promised, I am including my presentation and mind map that was presented. Please feel free to share this as necessary, the more groups and individuals who are talking about this subject the better.

For more information check out ISOC here.

ISOC Ottawa_v1

IoT Attack Surface_MindMap


Recently, I was asked to present to mobile operators in Malaysia on the topic of IPv6 security. As Malaysia is currently considering regulatory requirements to move to IPv6 some of the operators are struggling with being able to understand the security implications of moving to this new protocol.

The key aspects of my talk {which I am attach below} basically consider the following:
1. Create and maintain an ISMS
2. Threat Model all solutions options for architectural changes
3. Monitor at 6to4 for signs of suspicious activity
4. Evaluate security vendors for ability to monitor IPV6 traffic
5. Don’t let the vendors push you around. If they want your money they need to add the security features you want.
6. Evaluate all technology prior to deployment including technical assessments of the each device and platform being introduced to the network.
7. Ensure your lab is stocked with attack code and toolkits
8. Train, train, train your staff to be comfortable with v6
9. Understand we are still learning and will be for a while. Don’t be afraid to discuss your issues with your competitors because I can tell you they are experiencing the same issues.

Thanks again to MCMC for inviting me to share my knowledge. I look forward to visiting Kuala Lumpur again soon.


Presentation: IPv6 Security Best Practices – Oct 20_2015_v1


Starting next week Canada will be hosting the 3rd meeting of the WG 10 IoT in Ottawa.

These meeting are building towards the completion of ISO 30141 A Reference Architecture for IoT. We have many of the biggest companies, consortiums, special interest groups all in attendance. While, I am attending as an expert my focus is on the security and privacy elements of IoT. Over the summer,  I lead a SRG to develop the draft content for a Conceptual Reference Model (CRM) for this standard. While it is still a work in progress we are making significant strides on a base model.

I will provide more details next week once we begin our sessions and some details on what the major themes are.