IoT—Compliance and Defiance (I11c)
IoT ecosystems are complicated and global. A cyber-secure smart device requires expertise in firmware, hardware, cryptography, cloud, APIs, mobile connectivity, mobile apps, web apps and more. The potential for security mistakes grows exponentially. Outsourcing to solve this complexity problem is therefore common, often to third parties that provide a variety of services. In our experience of finding security flaws in IoT products can be easy, the security of these outsourced services varies massively. We’ve found entire platforms that can be trivially compromised, exposing not only the manufacturers intellectual property but also vast amounts of customer data. This talk will briefly examine some recent high profile supply chain attacks within IoT and Security Providers themselves. The speaker will talk about their own discoveries, discussing how the IoT is heavily dependent on the supply chain, rarely do manufacturers build their own systems. Detail will follow about things that can be done in the early stages to get ahead of the security curve. How can you validate the security of your IoT supply chain? How can you use standards and frameworks such as Cyber Resilience Act, IEC 62443, ETSI 303 645, UNR155 & R156, Electric Vehicles (Smart Charge Points) Regulations 2021 (UK), TISAX or CMMC to help ensure the smart products you deliver are cyber secure?