Gatwick incident – Dronejacking will get worse before it gets better.

By Cesare Garlati – prpl Chief Security Strategist

With the recent news of a drone causing chaos at Gatwick airport, hacking IoT devices has resurfaced as a topic of discussion especially regarding the security issues should a multitude of devices be hacked.

In the optimal situation, there is no way that anyone should be able to access, much less hijack, the critical functions of an IoT device such as a drone. While the power for destruction from just one drone may seem paltry, directing these drones in large numbers at a target is a very real, and dangerous, possibility – as confirmed by this news.

The time to act is now to take control of security in IoT devices at the most basic level: the hardware.

Manufacturers need to move away from the attitude that “it works, let’s try to secure it and get it to market” to “if it’s not secure, it doesn’t work”. Unless the industry adopts this attitude, the security problems of IoT will continue to proliferate at an alarming rate and unfortunately, lives could quite literally be at stake.

*   *   *

More about what can be done today to secure IoT: prpl Security Guidance for IoT

More about what can be done today to secure the smart home: prpl Smart Home Security Report

prpl Foundation briefs German Defense Industry leaders as part of Annual Cyber Study tour

By Art Swift

President, prpl Foundation

Screen Shot 2017-07-06 at 13.21.51

Last week, we had the privilege of meeting with a delegation from the German defense industry to share how prpl members are working to build security in to the future IoT from the silicon level up. I was joined at this briefing by Cesare Garlati, prpl’s chief security strategist, and Majid Bemanian, director of vertical markets for prpl platinum member, Imagination Technologies.

Continue reading

EEMBC and prpl align to drive use of hypervisors to create security-by-separation for a more trusted IoT

Collaboration to assess performance overhead of virtualization technologies in embedded devices

SANTA CLARA, CALIF – April 4, 2017 – Today the prpl Foundation and EEMBC announced a formal partnership to advance the use of security-by-separation in Internet of Things (IoT) edge devices. By developing an industry-standard hypervisor benchmark, the collaboration aims to shatter the perception that the use of hardware virtualization in low-power embedded devices comes with big performance and energy overheads.

Continue reading

Embedded World 2017 – IoT coming of age.

by Cesare Garlati – Chief Security Strategist, prpl Foundation

Last week I had the pleasure of attending Embedded World 2017 in Germany as I was invited to give a couple of presentations on the pioneering work we have been doing at the prpl Foundation with regards to the prplHypervisor™ and prplPUF™ APIs for securing IoT. As it turns out, IoT was the top line at the conference that drew in more than 30,000 trade visitors – and the event solidified the notion that embedded computing is now synonymous with IoT.

Continue reading

Prpl Foundation tackles how to secure the Internet of Things at Embedded World 2017

Not for profit and its members showcase innovation and push the limits of embedded computing

Santa Clara, Calif. – 9 March 2017 – At Embedded World in Nuremburg, 14-16 March 2017, prpl Foundation and several of its member companies will address of the security concerns presented by embedded computing systems as they become more intertwined in our lives.

During two separate presentations on March 14 at the show, prpl’s chief security strategist, Cesare Garlati, will outline and demonstrate how a new separation-based approach anchored in hardware can create the trust needed across the IoT from node to cloud. How We Can Fix Embedded Computing Through an Open Source, Silicon-Layer Approach will take place at 9:30-10:00 and the Interactive Session: How a New Hardware-Based Approach Can Fix Critical Areas of Embedded Computing Security will take place at 14:30 – 15:00.

Continue reading

(Not so) Random Musings from RSA Conference 2017

Cesare Garlati, Chief Security Strategist, prpl Foundation

cesare-garlati-rsa-sf-2017The world’s great and good of the information security industry descended on San Francisco this week for RSA Conference 2017. On the surface, it looked like more of the same this year.  There weren’t a huge amount of new companies exhibiting this year and the traditional vendors all seemed to be consolidating and streamlining their product lines in attempt to demystify buyers.  It even saw the McAfee brand back this year after a noticeable absence in the previous “Intel Security” era.

What was extremely apparent, however, was a return to the future.  By this I mean the return of focus on securing  the endpoint.  From laptops, desktops and mobile phones, BYOD reared its head again under a different guise – Bring Your Own Anything.  The reason for this is likely the shift to the cloud and away from traditional on-premises offerings, where RSA vendors have typically focused in the past.  This trend has meant that as applications, services and virtual workloads move to the cloud and third parties, the corporate data centre is becoming less and less central to IT budgets.  As such, we are now seeing a trend where established vendors are following suit and looking once again the endpoint as a source of revenue, albeit from a slightly different perspective this time.

This difference comes in the form of Internet of Things (IoT) – which, based on the amount of presentations at RSA this year, is clearly of major significance within the industry.  Kaspersky jumped on the bandwagon and announced its platform for IoT and AT&T, IBM, Symantec and others announced an IoT Cybersecurity Alliance.

RSA Conference 2017
RSA Conference 2017

But is IoT just another buzzword? The scepticism comes from the fact that traditionally, RSA has been a datacenter/network security event.  Granted, network perimeters are changing significantly with the advent of things like the cloud and IoT, but I’m still unconvinced that people can define IoT successfully in this context.  It simply isn’t a problem that traditional network security is going to fix, as evidenced in prpl’s extensive research into how to secure the IoT. We know that security IoT has to start at the hardware level, and that traditional RSA conference vendors have little understanding of this space

It was encouraging to see a large presence by the not for profit Cloud Security Alliance that was poised to tackle the IoT issues and the crowd for the CSA seminar exceeded 1,400 – with queues out of the door for attendance.  Its approach, which advocates open standards, is one which prpl aligns itself with and it is heartening to see everyone coming together in an organised manner to undertake the problems associated with IoT security.

Finally, the last significant observation for me at RSA was the emerging role of identity  as it relates to securing corporate data.  There was a lot of innovation happening around the idea of making passwords obsolete and start-up UnifyID even took the RSA Innovation Sandbox contest with its implicit authentication platform that combines machine learning and the array of devices around us to match our bodies, and more specifically the way we move, to our identities.

It’s innovations like these and the group mentality of coming together to face security issues head on that mean RSA will be successful for years to come. It just needs scratching away at the surface to get to the real innovation: end to end security cloud to silicon.

Prpl interviewed by Share Radio on smart home security

While Cesare Garlati, prpl’s chief security strategist, was in London in December, he visited the Share Radio studios to pre-record an interview on the prpl Smart Home Security Report. His interview was aired on the 13th of December as part of the Share Radio Evening Show.

Cesare Garlati at Share Radio studiosCesare tackles the issue of whether smart homes are as secure as they should be and refers to prpl’s one of a kind global study that found that while there was more adoption of smart devices people were failing to secure their smart home. Jinan Rahma of Share Radio spoke to Cesare and began by asking whether the smart home was a thing of the future and dove deeper into what users should be doing to protect their connected homes.

shareradioThe full podcast is available to listen to here: https://www.shareradio.co.uk/podcasts/are-smart-homes-as-secure-as-they-could-be-13-dec-16/