IoT Security | BringYourOwnIT.com

Inadequate IoT Security is Setting Regulators on Collision Course with the Entire Open Source Movement

March 16, 2016 2 Comments

open-source-software It was Charles Dickens’ much celebrated novel Oliver Twist that first popularized the phrase “the law is an ass.” It resonated far and wide for people who viewed the British legal system of the time as unjust and at odds with common sense. Now, no one is suggesting that the highly evolved legal and regulatory system we have in the modern United States is anything like the situation Dickens described 177 years ago. But it remains that rules set by regulators and lawmakers have consistently failed to keep up with the pace of technological change – and there’s a real danger they could now threaten the development of the Internet of Things (IoT) and embedded computing.

Virtualization, silicon, and open source are conspiring to secure the Internet of Things

January 28, 2016 1 Comment

My chat with Brandon Lewis, Technology Editor at IoT Design, highlighting prpl’s push around roots-of-trust, virtualization, open source, and interoperability in order to secure the Internet of Things (IoT).

Credits: Brandon Lewis, IoT Design, January 28, 2016 @TechieLew

The prpl Foundation is known for open source tools and frameworks like OpenWrt and QEMU, but has recently ventured into the security domain with a new Security prpl Engineering Group (PEG) and the “Security Guidance for Critical Areas of Embedded Computing” document, not to mention wooing you away from your role at security giant Trend Micro. What can you tell us about the drivers behind these moves?

Cesare: One way to look at it is a supply-and-demand schema. On the demand side, according to Gartner, the security market was worth $77 billion in 2015 and it’s going to grow much faster. One strong demand-side driver is the need for stronger security, because industry is not doing a very good job of it – and when I say industry I mean from silicon to software to services – and all of the spending is not resulting in better information security. Read more of this post

Filed under IoT Security Tagged with ARM, Cesare Garlati, embedded, interoperable standards, IoT, IoT Security, linux, MIPS, open source, prpl Foundation, prpl SecurityGuidance, root of trust, secure boot, Security, virtualization

The Journey to a Secure Internet of Things Starts Here

January 15, 2016 3 Comments

As the Internet of Things finds its way into ever more critical environments – from cars, to airlines to hospitals – the potentially life-threatening cyber security implications must be addressed. Over the past few months, real world examples have emerged showing how proprietary connected systems relying on outdated notions of ‘security-by-obscurity’ can in fact be reverse engineered and chip firmware modified to give hackers complete remote control. The consequences could be deadly.

A new approach is needed to secure connected devices, which is exactly what the prpl Foundation is proposing in its new document: Security Guidance for Critical Areas of Embedded Computing. It lays out a vision for a new hardware-led approach based on open source and interoperable standards. At its core is a secure boot enabled by a “root of trust” anchored in the silicon, and hardware-based virtualization to restrict lateral movement.

About Cesare Garlati

This is my personal blog about disruptive technology trends such as cyber security, open source processors, and the Internet of Things. It's full of my reasoned opinions, some of which will turn out to be absolutely wrong. You should not rely on anything in this blog for any reason other than for amusement.

This blog occasionally quotes excerpts from other publications, in which case it is done under Fair Use. I despise copyright trolls and think the EFF is due for sainthood any day now.

I am the founder of Hex Five Security and an active member of the RISC-V Foundation: some of my writing will appear here too if it's relevant. The opinions here are mine and mine alone, and are not representative of any professional organizations I belong to.

Comments are unmoderated. Say what's on your mind, be direct, speak the truth, etc., I'll try to keep all your comments ...

Happy reading!

Twitter @CesareGarlati

RT @JosephJacks_: From another reputable source: https://t.co/IIgFci61NG posted 2 weeks ago
David Patterson: Examining the Top Five Fallacies About RISC-V @risc_v design-reuse.com/news/53202/exa… posted 3 months ago
RT @hex_five: Learn how to quickly develop high-grade security applications with built-in remote firmware updates, telemetry, and device mo… posted 8 months ago
Congrats to team and investors! twitter.com/hex_five/statu… posted 1 year ago
New release of MultiZone Security for RISC-V available! v2.2.0 includes important security updates, secure DMA tr… twitter.com/i/web/status/1… posted 1 year ago

Follow @CesareGarlati