At the cloud security summit, prpl Foundation chief security strategist states the IoT is broken and needs to be fixed with robust security measures.
Cesare Garlati, chief security strategist of prpl Foundation and co-founder and co-chair of the Mobile Working Group at Cloud Security Alliance, gave a keynote speech on putting security into the future of Internet of Things (IoT), cloud and mobile at the Cloud Security Summit in Milan on Wednesday 18th May. The summit was the first edition of an annual event which aims to create dialogue between institutions, industry and small and medium European enterprises and promote the sharing of information and experiences with a look to Europe and beyond.
“The world is becoming increasingly more connected and the cloud plays a big role in supporting these connections for IoT and mobile devices,” said Jim Reavis, founder of the Cloud Security Alliance and keynote presenter at the Summit. “Security is undoubtedly an indispensible common denominator that should be underpinning the growth of this sector, yet so far, it’s been more of an afterthought. The prpl Foundation has been making great strides in this area, as well as facilitating cooperation amongst organisations that is the key to interoperable standards in the device to data centre market.”
Garlati’s keynote focused on making sure we put security into the future of IoT, cloud and mobile devices. He discussed the Internet of Broken Things and how it can be fixed through an open-source, hardware-led approach. With embedded computing transforming the way we live, from hospital dispensing life-saving drugs to aircraft guidance systems and connected cars, it is now critical that we ensure it is as safe as possible. The address explained why the security challenges in embedded computing systems are more serious than anything we have seen before, using 1.5 million cars in the USA and major biomedical device vendors as crucial examples.
“A lot of people make a crucial mistake when they talk about the “coming” Internet of Things. The reality is that it is already here and it is broken,” said Art Swift, president of the prpl Foundation. “In order to fix it, we need to take a new hardware-based approach that is founded on open source principles and interoperable standards. At the core of this is the idea of a secure boot enabled by a “root of trust” anchored in the silicon and hardware-based virtualisation to restrict lateral movement at a chip level.”
The address picked out the commonalities in all the high-profile Internet of Things failures that we have seen so far, including connectivity, firmware updates and proprietary systems, before proposing a new way of overcoming all these challenges, as advocated by the prpl Foundation in its recent Security Guidance for Critical Areas of Embedded Computing for the IoT community.
The prpl Foundation urges IoT stakeholders to read and embrace the philosophy set out in the guidance and deploy the concepts to make IoT more secure.