签到天数: 43 天
发表于 2016-8-10 02:37:56
本帖最后由 enenge 于 2016-8-10 02:42 编辑 |
Much has been said about the potential of IoT. So much so, that it is has been featured at the peak of inflated expectations on Gartner’s hype cycle for quite some time. As the hype inevitably subsides, the reality of delivering the benefits of IoT grows, and the initial excitement turns to concern. Challenges around security and privacy have moved beyond technical consideration and are now board room agenda items - get them wrong and it could be the end of the business... really.
Whilst cyber security is well understood amongst computing professionals, the attraction of IoT is drawing interest from new comers from all quarters who are significantly less familiar with contemporary best practices or even the full implications of a breach. Your insecure product may not be the ultimate target but could provide the pivot point for an attack elsewhere in the system.
Cyber security is also moveable feast - what is deemed secure today may not be tomorrow. We can expect more of the same to apply as IoT applications emerge and mature. There is already a growing number of new-to-security practitioners who are just starting to realise the scale of threat that adding connectivity to their product brings. Introducing security vulnerabilities into a network can create unintended consequences for anybody connected to it and therefore anybody looking to connect has a duty of care towards others. Whilst ultimate security will likely remain elusive, we have to do all we can to add depth in our defences and make it ever harder for adversaries to succeed in their nefarious endeavours.
On that front there is good news; the underlying principles that inform good security practices are well established and quite stable. With a necessary "start at the beginning and successively raise the bar" mentality, the Internet of Things Security Foundation (IoTSF) has set about bringing a focus to holistic matters of IoT security. We invited executive board member and mobile security expert, Professor David Rogers, to edit a security principles primer and it is nowdownloadable from the IoTSF website - or, if you'd like a physical copy, they're available too.
Whether you are a technology provider, a technology adopter or a technology user, we hope the primer stimulates thinking on how you can exercise care and extend a duty of care to others. We also hope that you'll engage with IoTSF, as a stakeholder or perhaps as a member, and help us achieve our mission of making it safe to connect.
I'd like to thank Professor Rogers for editing the publication. I'd also like to thank our founder members and the Executive Steering Board who are leading the way and working together to address security in the era of IoT.