Last Tuesday the prpl Foundation took part in the annual IoTSF conference in London. Art Swift, President on the prpl Foundation, took part in a panel Tuesday afternoon on “United We Stand; Addressing the Bigger Challenges of IoT Security with Collaboration”. The panel centered around the idea of the building an “Internet of Trust” and how security through collaboration can help. Along with Art, the panel featured John Hayne, chairman of the IoTSF, Paul Wilson of the Multos Consortium, Hugh Boyes of the IET, Idris Jahn from IoTUK and Aapo Markkanen, principle Analyst at Machina Research.
The panel began by asking each member how they see the IoT terrain changing over the next few years, and how can the current work being done by the IoTSF in promoting best practices in security could help this. The main theme throughout all answers was simple: trust. The IoT needs to invest in a supply chain of trust between manufacturers and consumers,with consumers being able to trust that the security of the products is up to standard, and that manufacturers will take the security of their products more seriously.
The new collaboration between the prpl Foundation and the IoTSF was also considered an important aspect moving forward, as the two foundations complement each other’s efforts. While the prpl Foundation has developed and published a security framework for the IoT leveraging new hardware features, virtualization, open API’s, and open source software, the IoTSF focuses on developing best practices for security self-certification, software patching, vulnerability disclosure and connected consumer products. The two foundations have agreed to cooperate on areas of common interest and to invite members of each organization to participate in their respective working groups.
The panel agreed that the industry does not need more standards, instead the standards that are already in place need to be better understood and deployed properly. For the IoT industry to move forward in a safe and secure manner, security should be at the foundation of everything, instead of being used as a differentiator for different companies and products. All members taking part encouraged companies to use the IoTSF best practice initiatives along with the IoTSF logo to promote that their companies take IoT security seriously, and for all manufacturers with products in gestation to work with both foundations to ensure a safer future for all.
The involvement of governments and regulators in the security of the IoT was a topic of some interest to the audience. Here the panel members diverged somewhat with some advocating more regulation, while others including Art, suggested not more regulation but instead more active engagement with the regulators to better understand their concerns and to inform them as to the efforts underway by industry and developers. Art cited the work that the prpl foundation has been doing with the US FCC as a model for this type of industry – developer – government engagement.