IoT attack surface by Aaron Guzman of OWASP

For those who are looking for a good overview on the challenges of complexity in IoT Security, OWASP's Aaron Guzman gives a great talk from Defcon 23 on the complexity of IoT from the device to cloud platform to datacenter resources. Pay particular attention to the number of layers in the device, from board to ODM to OEM. Each introduces a layer of software in the form of SDK which of has a high probability of vulnerabilities. At this layer the device almost never gets flashed/firmware updated so the majority of devices are still running with the original kernel. This is why a holistic security architecture which promotes iterative risk based approach at each layer of the IoT ecosystem is

Free web-based IIoT training via ICS-CERT

For those interested in IIoT security training ICS-CERT, the US Industrial control system cyber emergency response team have released free web-based training with a downloadable certificate upon completion. Thanks to Peter Nikitser at ALC-Group for the heads up.

It takes a security architecture to solve the challenge of IoT

This article appeared in iotworldnews - IoT is one of the most significant technology shifts since the creation of the internet with projections of up to 100 billion devices connected by 2025. This scale is enormous and the value of both consumer and enterprise IoT connecting wearables, cars and trucks, highways and entire cities has been measured in the trillions of dollars by 2025. IoT literally has the potential to transform the way humans work, live and play. With this value and transformational potential comes inherent risks and none more serious than a car being hacked or as catastrophic as

  • LinkedIn Social Icon
  • Twitter Social Icon
  • YouTube Social  Icon