Skip to main content
Beyond The Now IoT podcast

Beyond The Now IoT podcast

By PSA Certified
Join David Maidment, PSA Certified founder, as he speaks to industry leaders from across the tech sector to discuss their views on the past, present and future of IoT security. Each episode we dial in on the challenges businesses and consumers face to secure the future of the IoT to create a safer more connected society.
Listen on
Where to listen
Apple Podcasts Logo

Apple Podcasts

Spotify Logo

Spotify

Currently playing episode

Predicting the Future of IoT security: “When our customers have the requirements, we need the silicon to be ready.”

Beyond The Now IoT podcast

1x
IoT Security Post-COVID: “Collaboration is our greatest armory”
In this podcast, David is joined by Dr. Sally Eaves, Senior Policy Advisor for the Global Foundation of Cyber Studies & Research and CEO of Aspirational Futures. Sally and David examine the impact Covid-19 has had on both our professional and personal lives and the crucial role security has played in this adaption. They also discuss how the narrative around security must change and the key role collaboration plays in the future of IoT security. ·  Introduction to Sally Eaves. [1:05] ·  Technology as a cause for good. [2:32] ·  The emergence of hybrid models over the last 12 months in all aspects of everyday life and the impact this has had on IoT security. [3:18] ·  Has COVID-19 raised the awareness of the cyber threat? [7:16][SS1] ·  Companies are changing how they approach digital transformation and IoT security: CFOs, CEOs and CTOs are leading security discussions and acting as positive agents of change. [9:30] ·  The role the tech industry has in improving cyber-security education. [12:09] ·  “Security has to be embedded in every aspect of organizational strategy”. [13:28] ·  The PSA Certified 2021 Security Report: is it a surprise that smaller companies are struggling to implement best practice security? [14:22][SS2] ·  The growing security skills shortage and addressing misconceptions surrounding IoT security access and cost. [17:08] ·  5G and other emerging technologies offer a wealth of possibilities, but this needs to be underpinned by robust security infrastructure. [21:12] ·  What are the biggest challenges for CTOs and CIOs on the digital transformation journey? [22:46] ·  The importance of changing the narrative around security- it's a differentiator that can enable the future of your organization and should be embedded into the DNA of every business. [25:18] ·  What is the future going to look like in 5 years’ time? The power of collaboration as a positive contagion of change for security and climate change. [27:18] ·  Bridging the gap between the perceptions of IoT security and the realities: “collaboration is our greatest armory”. [29:12] Sally’s main piece of advice for companies when approaching IoT security: your security strategy needs to be “holistic, flexible and scalable”.  [31:07] Prof. Sally Eaves is Senior Policy Advisor for the Global Foundation of Cyber Studies & Research and CEO of Aspirational Futures which enhances inclusion in education and technology. A highly experienced Chief Technology Officer, Professor in Advanced Technology and Global Strategic Advisor, Sally is an Author and Speaker on Digital Transformation (Cloud Computing, Cyber Security, 5G, IoT, IIoT, AI, ML, Blockchain), Culture, Skills, Sustainability and Social Impact. LinkedIn Twitter
35:27
April 7, 2021
Predicting the Future of IoT security: “When our customers have the requirements, we need the silicon to be ready.”
In this podcast, David is joined by Mike Dow, Senior Product Manager, IoT Security at Silicon Labs. Mike and David talk about changes in the semiconductor industry over recent years, including emerging regulations and more sophisticated attacks that target end nodes. Mike provides the silicon vendor perspective, discussing the critical role they play in setting the foundation for IoT security and the importance of looking to the future when designing products to meet customer requirements. ·  Introductions to Mike Dow [00:45] ·  Introductions to Silicon Labs [02:00] ·  Where are we with security? Are customers asking for security? [03:30] ·  Where is the pull for security coming from? The IoT regulations mean you can’t ignore security [04:20] ·  We’re moving from ignoring security, to being actively concerned about the role it plays for a business’ success [05:45] ·  The change in IoT security over the last two years [06:25] ·  What this change means for semiconductors: more things to worry about [07:30] ·  The role of the Root of Trust for semiconductor vendors: the “brain of the device”, the secure boot process and why this is important [08:15] ·  Do OEMs have an appreciation for the Root of Trust and what it offers them? [10:15] ·  Silicon Labs are the world first to achieve PSA Certified Level 3. The role of remote attacks vs. physical attacks and why it is important to protect against both [11:35] ·  The sophistication of the attacks will grow over time and we must be ahead of the game [14:18 ] ·  The time delta between creating a silicon product and that product being in the market is quite large: so we essentially have to predict the future [15:22] ·  Looking five years ahead, staying ahead of where the world is moving. How much can you patch later? The role of updatable security subsystems [16:22] ·  You must start with good quality silicon, or everything unravels [18:24] ·  IoT deployment models and the long lifecycle of IoT, especially for embedded sensors [19:03] ·  If the premise is that that the crooks will always find a way, and always find a hole, then a good engineer will always build in a mechanism to update [19:57] ·  Why update policies are suddenly very important [20:40] ·  PSA Certified Security Report 2021 and the feedback from the industry on cost, the view on cost from a silicon vendor point of view? [22:37] ·  The state of the nation of certification on IoT and what we need to overcome: inheriting certification and “crowdsourcing” certifications to avoid choking the ecosystem [27:00] ·  Mike’s advice for the future of IoT: consolidating requirements and protection profiles [34:22]
41:02
March 16, 2021
ODM and OEM IoT Security Must be Prioritized: “Security is just as necessary as your device power supply”
In this podcast David is joined by Dr. Juan Nogueira, Senior Director of Connectivity Center of Excellence, from worldwide ODM, Flex. They have a fascinating discussion about how Flex approach security and why there is always space in the bill of materials for security. They also talk about how ODMs are not only creating IoT, but also embracing IoT – it’s one not to miss! Dr.  Nogueira is Sr. Director for Connectivity in the Global Technology Team at Flex. In this role he is defining technology roadmaps, evaluating new innovative solutions, establishing strategic collaborations with partner companies and leading internal research programs in the field of wireless communication. Prior to working at Flex, he was Lead System Architect of Advanced Development and System Architectures first at Robert Bosch GmbH and then at Bosch Connected Devices and Solutions GmbH (BCDS) in Reutlingen (Germany). In this position he defined the connectivity technology roadmap that later concluded with the foundation of BCDS as the Bosch subsidiary focused in connectivity and IoT. Before that, he worked in corporate R&D for wireless communication and sensing systems at Sony Corporation in Stuttgart (Germany) where he held the positions of Senior System Engineer and Principal Engineer. Dr. Juan Nogueira holds a PhD in Telecommunications Engineering from the University of Vigo (Spain). He subsequently became an associated professor at the University of Vigo in the Electronic Technology Department, collaborating with industry on projects in the area of industrial field buses. He has written numerous articles and holds 20+ patents in the area of communication protocols, wireless sensor networks and IoT. 1.03: Introduction to Flex and their role in the IoT industry. 5.15: Is security a growing concern with Flex’s customers? 5:40: Why it’s easy to overlook IoT security in the construction industry. 6:28: Security isn't just for high value assets, time is money. 7:56: The business cost of failure when things go wrong? 8:50: Educating customers on IoT security. You cannot just assume thing are secure in IoT. 9:19: Flex’s proactive approach to IoT security. Demonstrating security credentials, adding credibility. 10:20: Introducing the PSA Certified 2021 Security Report: cost is still an issue for OEMs and the main concern for customers. 13:15: There is always room in the Bill of Materials (BOM) to compensate for the additional cost of security, it’s just as necessary as your power supply. 16:28: All markets must consider security, the high-impact industries are leading the way. 18:11: Relationship between IoT, security and machine learning in the edge. 20:10: Flex are not just creating IoT, but also embracing IoT to benefit from AI and digital transformation. 21:50: Opportunities for production lines, and the challenge of technical debt/retrofitting existing machinery, so machines can benefit from digital transformation too. 24:10: The IoT landscape in five years time – IoT will feel like “everyday normal.” 5G will be deployed in both public and private networks. 26:58: Juan’s advice for device security implementations now to secure tomorrow.
29:43
February 18, 2021
IoT Security Relies on the Cloud to “Prevent Scalable Attacks”
Richard Barry joins David to talk about the role of the RTOS in IoT, the increasing complexities that need to be considered when connecting devices to the internet and how security must be a mindset from the beginning of product development. The discussion also covers the coordination of device-side and cloud-side security to look at patterns from a fleet of devices and prevent scalable attacks. Minutes: Introducing Richard Barry and the FreeRTOS project [00:57] Breaking down what an RTOS is [2:04] Real-time use cases – the variety of real-time requirements [4:10] The increase in remote accessibility and the security challenges it brings [5:40] RTOS as the undifferentiating factor in devices [6:48] Internet connectivity and the increasing security complexities it brings [8:10] The role of Amazon in FreeRTOS - making development as quick and secure as possible [9:18] Knowledge gaps in a multi-disciplinary IoT [10:50] The relationship between the RTOS and Root of Trust [13:22] Reference integrations and standardized interfaces to ease the porting to hardware security [14:28] Developer security expertise – the challenge of new concepts, terminology and requirements [15:55] Practical challenges that come with scale [17:35] Developer considerations for lifecycle security [18:40] The importance of demonstrating and educating best practice [19:26] Awareness of the consequences of getting it wrong, the increased legislation and, inevitably, the increased use of the Root of Trust [21:36] The importance of security being the mindset from the beginning [22:37] Evolution of Open Source projects – being driven by market requirements, enabling scalability [23:30] Building confidence in FreeRTOS, with backing and credibility from Amazon [24:30] Simplifying the FreeRTOS software – making it smaller and decoupled to suit the diversified use cases [25:11] Futureproofed strategy for developers – reuse undifferentiating factors [26:42] Coordinating cloud and device security to prevent scalable attacks [27:33] Learn more about PSA Certified www.psacertified.org
31:24
January 6, 2021
"Building-in surety and confidence" to speed IoT deployments and adoption
This podcast takes a slightly different format as we host a panel session as David joins Peter Armstrong, Cyber-insurance expert at Munich RE and Duncan Jones, Senior Product Manager at Pelion.  Peter provides a fresh perspective into the industry and how insurance companies model the risk of the IoT. We discuss where the liability lies and Peter describes how companies can build trust into their products and drive adoption of the IoT at scale with surety, confidence and the backing of insurers. [1:05] introductions to the panellists [2:39] An insurers view on digital transformation, and how new hyperconnected devices are impacting the insurance world [4:25] The evolving portfolio of risk and supply chain responsibility [5:25] Understanding liability across the value chains involved in delivering IoT services [6:05] The importance of the Root of Trust in enabling the trusted deployment of technologies [6:30] The opportunity for insurers from digital transformation [7:35] Broadening the thinking about IoT products to data and services [8:40] Digital transformation across industries - a mass deployment of devices beyond the traditional IoT model [9:30] New technologies driving digital transformation - An individual product has to be trusted. [11:25] Customer challenges, building business applications high up the stack [12:01] With scale of the IOT, we can't scale the expertise to secure these solutions [12:26] Realizing the true potential of the IoT [13:30] An overview of the insurance market, the role of capital availability and trust [14:55] Confidence in the 'worst case scenario' and the challenges this brings for cyber-risk [16:42] The importance of surety and confidence in the embedded processes and devices [17:24] The role of the Root of Trust in modeling quantified risk, minimizing the front-end variables with sufficient transparency [18:30] Challenges that come with scaling the IoT [19:37] Building trust in data to base business decisions upon [20:03] Regulation and standardization: a help or a hinderance? [22:00] The responsibility from chip to OEMs to show compliance locally but ship globally [24:15] The need for a framework and infrastructure for a black and white view of responsibility [24:35] The geographic challenges for insuring the IoT [26:00] Responding to nuance and guidance over mandated views [26:29] The technology industry needs to lead and embrace the requirement for compliance in this evolving environment. [27:00] Final pieces of advice from the panellists to embrace digital transformation with surety and confidence. Useful Links: Explore this topic further in our blog Learn more about Munich RE: https://www.munichre.com/en.html Learn more about Pelion https://pelion.com Learn more about PSA Certified www.psacertified.org
30:58
December 15, 2020
The Journey to Secure IoT: Secure Today Isn't Secure Forever
In this podcast, David is joined by Brad Ree (CTO of the ioXt Alliance) to talk more about their journey to make IoT more secure for consumers. They also talk about the partnership between PSA Certified and ioXt Alliance and how it’s easing fragmentation in the IoT ecosystem. Brad Ree is chief technology officer of ioXt. In this role, he leads ioXt’s security products supporting the ioXt Alliance. Brad holds over 25 patents and is the former security advisor chair for Zigbee. He has developed communication systems for AT&T, General Electric, and Arris. Before joining ioXt, Brad was vice president of IoT security at Verimatrix, where he led the development of blockchain solutions for ecosystem operators. He is highly versed in many IoT protocols and their associated security models.  Introduction to IoXT Alliance. [01:00] A bit more about Brad’s career history. [02:20] The IoXT alliance and why it was founded. [04:09] We do have a shared vision to scale the market, unlocking issues. We obsess a lot about connectivity, cost, functionality > but what about security?! [04:40] We need security that is strong, easy to deploy, scale globally, scale worldwide and across the device spectrum. [05:41] Security certification for fire trucks (!) [06:40] Defining "good enough security" and setting bars that the industry can understand. [07:10] Who are customers of the IoXT Alliance? Plus the struggle of navigating upcoming IoT legislation. [08:15] Enabling devices that scale regulation. [10:30] About IoXT Alliance and how the scheme works. Explaining the profiles and the certification scheme. [11:00] QR codes replacing certification stamps. [12:56] Dynamic lifecycles of devices - you can’t ship and forget! Are manufacturers embracing this concept? [13:52] Security isn’t a product it’s a process. Secure today doesn't mean secure forever. [15:00] Collaboration in the ecosystem. IoXT Alliance and PSA Certified announcement: overcoming fragmentation. [17:10] Enabling security both for software and for hardware. [19:00] The vision of PSA Certified and the Root of Trust (RoT) [19:50] PSA Certified helps to drive the understanding that hardware Root of Trust actually means something and that we shouldn’t do it all in software. [21:20] IoXT expanding into commercial lighting, smart buildings and cellular IoT. [23:30] What does it mean if a cell phone has IoXT certification (at a high level!) [24:05] The growing awareness of security not being an afterthought, enabled by frameworks, APIs etc [26:46] Brad’s one piece of advice: don’t go alone! When things go wrong (which they will) you don’t want to be on your own. Be part of the herd and don’t be left behind. [27:40] Useful Links Learn more about IoXT Alliance: https://www.ioxtalliance.org/ Read the IoXT + PSA Certified press release: https://www.ioxtalliance.org/news-events-blog/ioxt-alliance-psa-certified-align-to-improve-iot-device-security Learn more about PSA Certified: https://hubs.li/H0zJKSF0
32:01
November 19, 2020
Myth-busting: "Consumers Really Do Care About IoT Security"
Peter Stephens (Head of Secure By Design Cybersecurity, DCMS) joins David to talk more about consumer IoT security concerns and some steps they can take to secure their homes and businesses. There is also a unique insight into governmental views on IoT security, artificial intelligence and the DCMS approach to making the UK a more secure place when it comes to IoT devices. Introducing Peter Stephens and the DCMS [00:45] What is the current perception from consumers and IoT, what actually is an “IoT device” [02:18] Debunking the myth that consumers don’t care about security [03:13] Discussing the relationship between technology, security and insurance [04:41] Consumers should only need to see the top of the “supply chain iceberg” [05:11] Regulation is not as fragmented as you might think: there is consensus in the market already [05:55] Why is IoT security regulation needed? [06:55] Introducing the three components in the code of practise [08:05] Manufacturer transparency: it’s key for success [08:55] How smooth is the flow of conversation on IoT security between territories? [09:59] The consumer does understand the importance and the notion of a security lifecycle [12:00] What is the balance between the electronics industry and the regulation? [13:25] The shift in consumer buying habits, protecting the high street and making it fair [18:15] How important is it for the tech ecosystem to help governments? [19:55] How the DCMS open-door policy works [21:14] Artificial intelligence and the effects on security [22:30] One piece of advice from Peter [26:25] What to do next (resources and links) Connect with David https://www.linkedin.com/in/david-maidment-2956481/ https://twitter.com/dmaid Connect with Peter https://www.linkedin.com/in/peter-stephens-a6337523/ Learn more about DCMS: The IoT Security Landscape Map - https://iotsecuritymapping.uk/ A live open source map of all existing standards, guidance and materials related to consumer IoT devices, developed by the extended DCMS to enable organisations around the world to simplify good practice. The Secure by Design Landing Page: https://www.gov.uk/government/collections/secure-by-design The proposed regulatory approach (July 2020) -https://www.gov.uk/government/publications/proposals-for-regulating-consumer-smart-product-cyber-security-call-for-views/proposals-for-regulating-consumer-smart-product-cyber-security-call-for-views ETSI EN 303 645- https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf - The world's first globally applicable standard for IoT security. Learn more about PSA Certified: https://hubs.li/H0xrR_v0
28:34
October 8, 2020
Modernizing Automotive Security: "Autonomous is 30 Years Away"
David is joined by Peter Busch (Product Owner Distributed Ledger Technologies Mobility at Bosch) to discuss expanding automotive cybersecurity and modernising 100-year old protocols to take us beyond the now.  We also touch on the difference between safety, security and privacy, plus the role of digital fingerprints. Key talking points in this episode: More about Peter and Bosch [00:50] What do we mean by mobility? [02:30] Why is cybersecurity important for mobility and to Bosch? [03:29] What does the cost of failure mean to a company like Bosch? The German word for safety and security and the relationship between the two [04:57] How has the role of manufacturers changed over time? How does the long lifecycle of cars complicate matters? [07:38] The relationship between safety, security and privacy [09:30] The role of data privacy in automotive and mobility [11:19] The layers of architecture protecting mobility, the relationship between hardware and software [13:10] What are the challenges with mobility and automotive cybersecurity? How does the supply chain complicate things as the functionality increases? [14:10] The role of digital fingerprints and the relationship with old hardware [16:30] Entity Attestation Tokens [17:07] Digital identities for automotive: using the example of car batteries [18:25] Peter’s predictions for 5 year’s time (or 10 years!) for mobility: things actually need to be slow and consider safety [20:27] Peter’s number one piece of advice for security [23:43] What to do next (resources and links) Connect with David https://www.linkedin.com/in/david-maidment-2956481/ https://twitter.com/dmaid Connect with Peter https://www.linkedin.com/in/peter-busch-18286923/ https://twitter.com/pbusch42 Learn more about Bosch: https://www.bosch.co.uk/ Learn more about PSA Certified: https://hubs.li/H0xb-5v0 Join us on social media: https://twitter.com/PSACertified https://www.linkedin.com/company/psa-certified/
25:11
October 8, 2020
Security for smart lighting: “if it’s smart, it can be hacked”
David is joined by Jan Münther (Head of Digital Product Security, OSRAM) to discuss the cost of failure of insecure smart lighting, the growing security demand from customers and the need for IoT security best practice. Key talking points in this episode: More about Jan and OSRAM [01:00] Why is device security important to OSRAM? [03:10] Are companies starting to understand the cost of failure of inadequate security? [05:28] Hacks are often carried out due to basic and fundamental flaws, not sophisticated hackers [07:43] The balance of digital transformation, cybersecurity and the cost of scale [10:05] Devices at scale and hacking devices at scale [11:55] Jan’s thoughts on PSA Certified and security baselines [15:00] What has fundamentally changed with security – why don’t existing certification schemes work for IoT? [17:00] If we know all the issues – why haven’t we fixed the security issues? [18:10] Awareness of security knowledge and security experts are desperately needed [20:40] Jan’s predictions and advice for the future [21:45] Myth-busting IoT security not adding value: you can sell it [24:10] What to do next (resources and links) Connect with David https://www.linkedin.com/in/david-maidment-2956481/ https://twitter.com/dmaid Connect with Jan https://www.linkedin.com/in/jan-m%C3%BCnther-29b634 https://twitter.com/janmuenther Learn more about OSRAM: https://www.osram.com/di/ Learn more about PSA Certified: https://hubs.li/H0xbXX70 Join us on social media: https://twitter.com/PSACertified https://www.linkedin.com/company/psa-certified/
26:24
October 8, 2020
Introducing Beyond The Now IoT podcast
Introducing our Beyond The Now IoT podcast 
00:46
September 28, 2020