Aaron Guzman is a Director with Aon’s Cyber Solutions Group, also serving as Head of Automotive & IoT Testing.
After a single draft in September 2018, the United States Department of Commerce's National Institute of Standards and Technology Computer Security Resource Center published (yesterday, 2019/06/27) the NIST CSRC Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NOST 8228) (also available at https://doi.org/10.6028/NIST.IR.8228.
Congratulations to the authors of this document: Kaitlin Boeckl (NIST), Michael Fagan (NIST), William Fisher (NIST), Naomi Lefkovitz (NIST), Katerina Megas (NIST), Ellen Nadeau (NIST), Ben Piccarreta (NIST), Danna Gabel O'Rourke (Deloitte & Touche), Karen Scarfone (Scarfone Cybersecurity). Enjoy!
In preparation for the country's 2020 Olympics (and - ostensibly - in order to avoid catastophic numbers of IoT vectored attacks during the Olympic events)... Probably about 5 years too late, though, as the enormity of fixing the problems may be insurmountable even for the Japanese Governmental Security Groups, who are well-known for attention to detail. Regardless there will certainly be an enormous number of surprises and what-not in their targeted bailiwick of connected devices. H/T
Welcome to the new (old) world of Serfdom (essentially, a base rung of the societal ladder under Feudalism); in this case, an existence under the utility of IoT... Through the legal lens of Joshua A.T. Fairfield, Professor of Law, Washington and Lee University, comes this tremendous piece published at The Conversation. Today's Must Read, Indeed.
Andrei Robachevsky, a Technology Program Manager at The Internet Society (ISOC), writes of a contemplated security engineering initiative targeting security flaws in the Internet of Things environ. Today's Must Read.
"Unfortunately, as is often the case with fast-pace developments, security of IoT components and the system as a whole is lagging. Price and functionality features take higher priority. We need to make security and privacy the most important features. Never before has the virtual world penetrated so deep into our physical lives, and if the gap isn't shortened there is a high risk of long-term damage to user confidence in the IoT." - Andrei Robachevsky, Technology Program Manager at The Internet Society (ISOC)
Meanwhile, in troubling IoT news, a paper (published by the IACR) entitled "IoT Goes Nuclear: Creating a ZigBee Chain Reaction" & authored by Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten (a Weizmann MSc student); we find - perhaps - the ultimate ZigBee nightmare... Today's Must Read (and while your're at it, check out the video to round out your day). Thanks and Tip O' The Hat
'DroneTracker, developed by Dedrone in Kassel, is the key system that detects drones automatically by means of various sensors – such as video cameras, radio frequency scanners, and microphones – and repels them if necessary. At its core is smart software that is able to distinguish drones from birds, helicopters, and other flying objects safely, and even to recognize specific drone models.' - via HelpNet Security
"The Internet of Things (IoT) is an idea that has been around for a long time but is now starting to come to fruition. The idea is that anything and everything can have a sensor and can provide information to a remote collector somewhere else on The Internet. Our cars, our homes, farm animals, farmer’s fields, light bulbs, roads, just about anything can be fitted with a data collection device and the information used to make smarter decisions. The need to collect and analyze the huge amount of data collected is driving advances in Big Data computing. Such data collection also raises serious privacy and security concerns. More event information is on our website here, including speaker bios: http://www.sfbayisoc.org/iot-conference/ ." via the SF Bay ISOC Chapter