IoT applications and prospective solutions mandate consideration of a broad set of security and privacy requirements. The explosion in the number of connected devices poses a significant challenge, as does the diversity of end uses. This year’s World Forum will again address the component and platform implications for IoT in the context of the full life cycle for security and privacy regimes. It will also address the many security architectures and approaches that have emerged from Government organizations around the world, from the Commercial Market space, and from the Research Community. Across the wide spectrum of use cases there is a need to appropriately balance security and privacy, and it is useful to think of classifications that distinguish the levels required. As an example, these may be thought of as:
- Highly security-centric “life-and-death” applications such as: critical infrastructure; control systems for connected automobiles, railroads, or aircraft; connected healthcare
- Intermediate security uses that include: smart home; routine monitoring of facilities; sports and physical exercise activities that involve tracking such as geolocation
- Casual uses such as: games, entertainment, public virtual reality applications, and aspects of social media and general information services
This year we are adding a workshop within the track delving into “TIPPSS for IoT”, a framework IEEE has been developing since a February 2016 End to End Trust and Security Workshop. TIPPSS – Trust, Identity, Privacy, Protection, Safety and Security – requirements and implications will be presented and discussed by experts from around the world in technology, research, applications of IoT, and policy. This “TIPPSS for IoT Workshop” will include presentations and panels for Clinical IoT and connected healthcare, Smart cities and transportation, Smart grid and energy systems, Technology and Policy considerations, and research in the IOT and Cyber Physical Systems security and privacy domains.
The topics which the “Security and Privacy Regimes for IoT Track” Presentations, Panels, and Working Group discussions will cover include:
- Achieving secure compose-ability of individually secure devices and components
- The role of the user in helping to secure their IoT components, e.g., changing default manufacturer passwords
- The role of manufacturers to reveal claims concerning assurances concerning their products and services, e.g., cloud
- Scalability (for massive number of devices, and as contributors to- and consumers of- big data)
- Device-associated robustness levels that also deal with the high variations in heterogeneity (such as stationary and mobile infrastructure, smart phones and user terminals, wearables, the wide range of possible sensors and actuator types, and embedded IoT devices)
- Device ownership and component control (accounting for interoperability, regulatory compliance, governance, audit-ability and risk management)
- Remediation for the reigning confusion caused by the proliferation of standards and certification, and the realization that IoT will create new experiences and a vulnerability surface that is not accounted for
- Defense in depth strategies from IP design in the chip through the devices, systems and network to the cloud, including data and device validation and interoperability,
- Testing approaches and procedures that overcome the lack of efficacious and accepted practices — These include: interfacing with and leveraging legacy devices and services; containment against expansion of compromise to other units, systems or networks; effective crypto-agility; defense against advanced threats such as quantum-computing attacks. These also include testing approaches for the differing device lifetimes, and lifecycle support of IoT solutions such as over-the-air firmware and software upgrades
One of the objectives of the Track is to launch future actions and activities that continue beyond the World Forum as part of the IoT Initiative Working Group on “IoT Security and Privacy”.
Peter Thermos, President and CTO, Palindrome Technologies Inc.,
Peter has over 20 years of experience in Information Security and Assurance providing consulting to leading commercial and conducting research for government organizations. In his current position with Palindrome Technologies Inc., he spearheads the technological direction and vision of the company. He has been working as a subject matter expert for customers in various industry sectors (e.g., Telecommunication, Energy, Financial), in securing emerging technologies including Internet Multimedia Applications (i.e., VoIP, Unified Communications), carrier-grade networks (i.e., LTE/IMS/FMC), and user equipment (e.g., 4G handsets, STB’s).
Peter is the primary author of the book “Securing VoIP Networks” by Addison-Wesley and has been a speaker at various conferences (i.e., IEEE, ICIW, VoN, SANS, Blackhat, MIS InfoSec, ISSE) and has published several research papers in academic and industry journals (i.e., IEEE, ACM, IEC) and articles in trade magazines such as Information Security, ZDNET, Forbes, TechTarget and Wired. Peter holds a master’s degree in Computer Science from Columbia University, NY and he is a member of IETF, IEEE, ACM and ISSA.
Soumya Kanti Datta, EURECOM, Antibes, Provence-Alpes-Côte d’Azur, France
Soumya Kanti Datta is an expert on Cybersecurity, Cloud Migration, Digital Transformation Strategy, and IoT. He has seven years of research and technology development experience with French national, EIT Digital and EU H2020 projects. His R&TD are based on design thinking and focuses on innovation, standardization of next-gen technologies for IoT verticals. He also consults on Circular Economy – its ideation and implementation.
Soumya has published more than 80 research papers and articles in top ACM and IEEE Conferences, Magazines and Journals. His research papers have been cited more than 1750 times in peer-reviewed publications. Soumya is a Senior Member of IEEE. He leads the activities of IEEE CE Society Future Directions Team on IoT and is an Associate Editor in IEEE Consumer Electronics Magazine. He is also involved in W3C Web of Things (WoT) Working Group for WoT standard development activities. He obtained an M.Sc in Communications and Computer Security from Telecom ParisTech (EURECOM), France.
Soumya is the recipient of many awards for his research & leadership from IEEE WF-IoT 2019 (Ireland), IEEE ICII 2018 (USA), EU Datathon 2018 (Belgium), IEEE TenSymp 2018 (Australia), IEEE ISCE 2017 (Malaysia), and IEEE GCCE 2015 (Japan).
Arash Obaidi, T-Mobile, USA
Mr. Obaidi is the Director of Cybersecurity Strategy, Architecture & Roadmaps at T-Mobile USA & Deputy Chair of the global standards body GSMA Device Security Group. A prolific American inventor with 50+ US Patents Issued & 60+ Patents pending & over 23 years of experience in the Telecommunications industry. Mr. Obaidi’s educational, technical & employment backgrounds include: Cybersecurity Strategy & Architecture Management, Mobile/IoT Device Security, Computer & Telecommunications Networks, Software Development for Real-Time Embedded Systems + Object Oriented Software Engineering & Cybersecurity Technologies. Mr. Obaidi has also been engaged with Innovation Labs such as DT T-Labs in Silicon Valley as well as Academic partners such as UC Berkeley and is a pioneer in his field of secure computing platforms and secure resilient networks.
Scott Poretsky, Ericsson
Scott Poretsky is Director for Security, Network Product Solutions, North America. He has over 25 years of experience in telecommunications security design, engineering, and thought leadership for global service providers, government, and enterprises. Scott is Ericsson’s voting member at the O-RAN Alliance’s Security Focus Group (SFG) and represents Ericsson in industry-government collaborative cybersecurity working groups including NSTAC, FCC CSRIC, and DHS ICT SCRM. He also represents Ericsson at the CSCC 5G Committee and CTIA CSWG and is Advisory Board Chair for the IEEE ComSoc’s CQR technical committee. Scott is a recipient of the Ericsson MANA Networks 2020 Gold PRIDE Award for External Customer Satisfaction.
Title: A systems-based approach to cybersecurity for cellular IoT
Aman Singh, Palindrome Technologies
Aman Singh is Systems Scientist at Palindrome Technologies. He leads cybersecurity research on mission critical systems including, 5G wireless infrastructure, edge computing and IoT platforms. With a diverse experience in research, development and operations, he has worked with multiple global teams to build secure and resilient web-scale services. An expert in end-to-end cybersecurity, his current areas of interest include autonomous information security, context-aware IoT systems, disinformation modeling, data portability and privacy-aware computing. He is senior member of IEEE, and member of Sigma Xi, ACM, and IACR associations. He holds a graduate degree in Computer Science from Columbia University.
Title: Context-aware IoT Security
Ashish Mahajan, IoTSec Australia
Non-Executive Director with IoTSec Australia .His focus is on enabling organisations to build cyber security capabilities and resilience by design outcomes, combining deep subject matter expertise and business leadership.
Ashish has led numerous cybersecurity greenfield engagements including strategy development, risk management, policy development, industry compliance certifications and regulatory requirement compliance. Ashish is also a member of the Internet of Things (IoT) community and is a frequent speaker on the risks involving threats in the IoT landscape, particularly on critical infrastructure in healthcare environments.
IEEE-(Chair) IoT Ecosystem Security This Industry Connections activity is to raise awareness at the consumer and manufacturer sectors and work with regulators to promote secure practices in the IoT ecosystem with a view of IoT as an inextricably linked ecosystem comprised of people, processes, and technology.
Member of working group: IEEE P2733, Standard for Clinical Internet of Things (IoT) Data and Device Interoperability with TIPPSS. This standard establishes the framework with Trust, Identity, Privacy, Protection, Safety, Security principles for Clinical IoT data and device validation and interoperability.
Member of the CISO Advisory Board (APAC) at EC-Council.