Skip to main content
Beyond The Now IoT Security Podcast | PSA Certified

Beyond The Now IoT Security Podcast | PSA Certified

By PSA Certified

Beyond the Now is an IoT security podcast, brought to you directly from the technology ecosystem. Your host is David Maidment, Senior Director Secure Device Ecosystem at Arm (a PSA Certified founder). He brings over 25 years of experience in the embedded and connectivity industry.

In this podcast, David speaks to industry leaders from across the tech sector to discuss their views on the past, present and future of IoT security. In each episode, we dial in on the challenges businesses and consumers face to secure the future of the IoT to create a safer more connected society.
Available on
Apple Podcasts Logo
Google Podcasts Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

SMB Cybersecurity Challenges: “Collaboration is our greatest armory”

Beyond The Now IoT Security Podcast | PSA CertifiedApr 07, 2021

00:00
35:27
Secure by Default with Microsoft: “Without IoT security people will be reluctant to innovate.”

Secure by Default with Microsoft: “Without IoT security people will be reluctant to innovate.”

In our second #beyondthenow podcast episode with Microsoft, we take a deep dive into IoT security with Eustace Asanghanwa (Principal Program Manager for Security, Azure IoT, Microsoft). Eustace and David explore IoT security challenges, what we mean by a secure by default approach, and the benefits of protection profiles. They also discuss Microsoft Azure's PSA Certified Level 1 certification, how it is helping to facilitate better collaboration with the ecosystem, and why we need to see more cohesion between different security certification schemes.

  • Introductions to Eustace and Microsoft. [01:24]
  • The Azure RTOS is PSA Certified Level 1 and how this addresses the ‘trilemma’ of IoT security. [03:56]
  • PSA Certified is also helping to facilitate collaboration between the AzureRTOS and the ecosystem. [06:56]
  • People value IoT security but they don’t always know what it means. [09:41]
  • Securing the IoT will encourage new innovations [10:44]
  • The autonomy of IoT devices is removing the ‘human companion’ and the IoT security protection that provides. [12:01]
  • What is a ‘secure by default’ approach to security? [16:11]
  • A Secure by default approach enables a threat modeling mindset. [17:08]
  • When you design-in security you need to consider the product’s entire lifecycle. [18:52]
  • People are willing to invest in IoT security because they understand the value of the IoT and digital transformation. [22:10]
  • Securely deploying the IoT requires an ecosystem approach. [23:00]
  • It's unrealistic to expect system integrators to become experts in all areas of IoT development and deployment. [24:53]
  • As an ecosystem, we need to work together on the solutions to reduce the burden on system integrators. [26:29]
  • Microsoft Azure’s Blueprint approach to IoT security. [27:39]
  • Confidential Compute and the edge. [31:47]
  • Protection profiles help us to answer the question ‘Is this device secured?’ [33:21]
  • Protection profiles create a baseline of requirements for specific devices to be secured. [36:20]
  • Multiple certifications help us target security at different levels of granularity. [39:36]
  • We expect to see a more cohesive composition between IoT security certification schemes that target different functionalities and markets. [41:27]
  • Eustace’s predictions for the IoT in 5 years’ time. [46:02]
  • Blockchains might lower the cost of security infrastructure. [49:01]
  • Eustace’s top piece of IoT security advice. [50:26]
Feb 15, 202253:53
Digital Transformation, Digital Twins, and the Metaverse with Microsoft

Digital Transformation, Digital Twins, and the Metaverse with Microsoft

In the first of two #beyondthenow podcast episodes with Microsoft Azure, we explore the wider impact of the IoT and digital transformation on businesses, setting the scene for the importance of security. Tony Shakib (General Manager, Azure IoT, Microsoft) sits down with David to discuss why digital transformation is becoming a necessity, how the IoT is helping fuel a more proactive business model and why security should be part of the core fabric of your solutions.

  • Introduction to Tony Shakib (General Manager, Microsoft Azure IoT). [01:18]
  • What are the main industries that Microsoft are working with on their digital transformation journey? Industrial IoT, Smart Cities, and Connected Healthcare. [03:01]
  • The three phases of digital transformation: connectivity, context, connected ecosystems. [05:29]
  • Digital transformation results in operational efficiency but also allows you to grow your business in new ways. [09:09]
  • What are digital twins? [11:43]
  • The IoT is fueling a more proactive business model. [14:17]
  • The IoT is helping build the industrial metaverse. [15:47]
  • Businesses are realizing that digital transformation is no longer optional. [17:25]
  • Microsoft take a zero-trust approach to IoT security and their IoT security solutions. [20:30]
  • Legacy devices are one of the biggest challenges for those starting their digital transformation journey. [23:21]
  • Tony’s predictions for the IoT landscape in 5 years’ time. [26:01]
  • Edge compute and cloud compute are equally important. [28:51]
  • Tony’s advice for the listeners: Utilize the existing guidance on IoT security to better understand the nuances of IoT security your industry. [30:07]
Feb 15, 202232:24
IoT Security at the Edge with Eurotech: “Security is not just a concern. It’s a barrier to adoption”

IoT Security at the Edge with Eurotech: “Security is not just a concern. It’s a barrier to adoption”

In the first episode of series 2 of the #beyondthenow IoT security podcast, David is joined by Marco Carrer, CTO of Eurotech, to examine the emergence of edge devices. They discuss what we mean by edge devices, the crucial role the edge is playing across all industries, and the challenges of edge device security. We also discuss the benefits of industry collaboration and how IoT security frameworks are bridging security knowledge gaps. 

· Introductions to Marco Carrer and Eurotech. [01:01]

· What do we mean by the edge and edge devices. [03:20]

· Why have edge devices been developed? What is driving compute closer to the data source? [4:13]

· Edge devices reduce our reliance on the cloud but the application will decide how much computing power you need at the edge. [06:27]

· Do edge devices still have a relationship with a data center? [07:44]

· What kind of industries are adopting edge technologies? [10:24]

· How the edge is enabling the merging of IT and OT in the Industrial IoT space and how this complicates security further. [12:15]

· The PSA Certified 2021 Security Report found that a lack of expertise was a major barrier when implementing IoT security, with that in mind how do customers describe their IoT security requirements to a company like Eurotech? [14:48]

· We’re in a transition phase where early adopters are keen to implement IoT security, but many people are still holding back. [16:07]

· The importance of industry collaboration to provide IoT security collaboration. [16:48]

· How IoT security frameworks are helping Eurotech and their customers understand their security requirements. [17:39]

· IoT is fragmented even beyond security with many different architectures, protocols, and deployment scenarios. [19:10]

· IoT security needs to be embraced by the entire business, not just the engineering teams. [20:02]

· We need collaboration from the entire ecosystem, even those who are traditionally seen as competitors. [21:24]

· What do you think the IoT landscape will look like in 5 years?: The emergence of edge workload consolidation. [23:31]

· How edge workload consolidation will increase IoT security adoption. [25:19]

· What advice would you give listeners when it comes to IoT security? [26:40]

Nov 30, 202130:00
SMB Cybersecurity Challenges: “Collaboration is our greatest armory”

SMB Cybersecurity Challenges: “Collaboration is our greatest armory”

In this podcast, David is joined by Dr. Sally Eaves, Senior Policy Advisor for the Global Foundation of Cyber Studies & Research and CEO of Aspirational Futures. Sally and David examine the impact Covid-19 has had on both our professional and personal lives and the crucial role security has played in this adaption. They also discuss how the narrative around security must change and the key role collaboration plays in the future of IoT security.

·  Introduction to Sally Eaves. [1:05]

·  Technology as a cause for good. [2:32]

·  The emergence of hybrid models over the last 12 months in all aspects of everyday life and the impact this has had on IoT security. [3:18]

·  Has COVID-19 raised the awareness of the cyber threat? [7:16][SS1]

·  Companies are changing how they approach digital transformation and IoT security: CFOs, CEOs and CTOs are leading security discussions and acting as positive agents of change. [9:30]

·  The role the tech industry has in improving cyber-security education. [12:09]

·  “Security has to be embedded in every aspect of organizational strategy”. [13:28]

·  The PSA Certified 2021 Security Report: is it a surprise that smaller companies are struggling to implement best practice security? [14:22][SS2]

·  The growing security skills shortage and addressing misconceptions surrounding IoT security access and cost. [17:08]

·  5G and other emerging technologies offer a wealth of possibilities, but this needs to be underpinned by robust security infrastructure. [21:12]

·  What are the biggest challenges for CTOs and CIOs on the digital transformation journey? [22:46]

·  The importance of changing the narrative around security- it's a differentiator that can enable the future of your organization and should be embedded into the DNA of every business. [25:18]

·  What is the future going to look like in 5 years’ time? The power of collaboration as a positive contagion of change for security and climate change. [27:18]

·  Bridging the gap between the perceptions of IoT security and the realities: “collaboration is our greatest armory”. [29:12]

Sally’s main piece of advice for companies when approaching IoT security: your security strategy needs to be “holistic, flexible and scalable”.  [31:07]

Prof. Sally Eaves is Senior Policy Advisor for the Global Foundation of Cyber Studies & Research and CEO of Aspirational Futures which enhances inclusion in education and technology. A highly experienced Chief Technology Officer, Professor in Advanced Technology and Global Strategic Advisor, Sally is an Author and Speaker on Digital Transformation (Cloud Computing, Cyber Security, 5G, IoT, IIoT, AI, ML, Blockchain), Culture, Skills, Sustainability and Social Impact.

LinkedIn

Twitter

Apr 07, 202135:27
Predicting the Future of IoT security: “When our customers have the requirements, we need the silicon to be ready.”

Predicting the Future of IoT security: “When our customers have the requirements, we need the silicon to be ready.”

In this podcast, David is joined by Mike Dow, Senior Product Manager, IoT Security at Silicon Labs. Mike and David talk about changes in the semiconductor industry over recent years, including emerging regulations and more sophisticated attacks that target end nodes. Mike provides the silicon vendor perspective, discussing the critical role they play in setting the foundation for IoT security and the importance of looking to the future when designing products to meet customer requirements.


·  Introductions to Mike Dow [00:45]

·  Introductions to Silicon Labs [02:00]

·  Where are we with security? Are customers asking for security? [03:30]

·  Where is the pull for security coming from? The IoT regulations mean you can’t ignore security [04:20]

·  We’re moving from ignoring security, to being actively concerned about the role it plays for a business’ success [05:45]

·  The change in IoT security over the last two years [06:25]

·  What this change means for semiconductors: more things to worry about [07:30]

·  The role of the Root of Trust for semiconductor vendors: the “brain of the device”, the secure boot process and why this is important [08:15]

·  Do OEMs have an appreciation for the Root of Trust and what it offers them? [10:15]

·  Silicon Labs are the world first to achieve PSA Certified Level 3. The role of remote attacks vs. physical attacks and why it is important to protect against both [11:35]

·  The sophistication of the attacks will grow over time and we must be ahead of the game [14:18 ]

·  The time delta between creating a silicon product and that product being in the market is quite large: so we essentially have to predict the future [15:22]

·  Looking five years ahead, staying ahead of where the world is moving. How much can you patch later? The role of updatable security subsystems [16:22]

·  You must start with good quality silicon, or everything unravels [18:24]

·  IoT deployment models and the long lifecycle of IoT, especially for embedded sensors [19:03]

·  If the premise is that that the crooks will always find a way, and always find a hole, then a good engineer will always build in a mechanism to update [19:57]

·  Why update policies are suddenly very important [20:40]

·  PSA Certified Security Report 2021 and the feedback from the industry on cost, the view on cost from a silicon vendor point of view? [22:37]

·  The state of the nation of certification on IoT and what we need to overcome: inheriting certification and “crowdsourcing” certifications to avoid choking the ecosystem [27:00]

·  Mike’s advice for the future of IoT: consolidating requirements and protection profiles [34:22]

Mar 16, 202141:02
IoT Devices and the Cost of Cybersecurity with Flex: "Security is as necessary as the device power supply"

IoT Devices and the Cost of Cybersecurity with Flex: "Security is as necessary as the device power supply"

In this podcast David is joined by Dr. Juan Nogueira, Senior Director of Connectivity Center of Excellence, from worldwide ODM, Flex. They have a fascinating discussion about how Flex approach security and why there is always space in the bill of materials for security. They also talk about how ODMs are not only creating IoT, but also embracing IoT – it’s one not to miss!

Dr.  Nogueira is Sr. Director for Connectivity in the Global Technology Team at Flex. In this role he is defining technology roadmaps, evaluating new innovative solutions, establishing strategic collaborations with partner companies and leading internal research programs in the field of wireless communication. Prior to working at Flex, he was Lead System Architect of Advanced Development and System Architectures first at Robert Bosch GmbH and then at Bosch Connected Devices and Solutions GmbH (BCDS) in Reutlingen (Germany). In this position he defined the connectivity technology roadmap that later concluded with the foundation of BCDS as the Bosch subsidiary focused in connectivity and IoT. Before that, he worked in corporate R&D for wireless communication and sensing systems at Sony Corporation in Stuttgart (Germany) where he held the positions of Senior System Engineer and Principal Engineer. Dr. Juan Nogueira holds a PhD in Telecommunications Engineering from the University of Vigo (Spain). He subsequently became an associated professor at the University of Vigo in the Electronic Technology Department, collaborating with industry on projects in the area of industrial field buses. He has written numerous articles and holds 20+ patents in the area of communication protocols, wireless sensor networks and IoT.

1.03: Introduction to Flex and their role in the IoT industry.

5.15: Is security a growing concern with Flex’s customers?

5:40: Why it’s easy to overlook IoT security in the construction industry.

6:28: Security isn't just for high value assets, time is money.

7:56: The business cost of failure when things go wrong?

8:50: Educating customers on IoT security. You cannot just assume thing are secure in IoT.

9:19: Flex’s proactive approach to IoT security. Demonstrating security credentials, adding credibility.

10:20: Introducing the PSA Certified 2021 Security Report: cost is still an issue for OEMs and the main concern for customers.

13:15: There is always room in the Bill of Materials (BOM) to compensate for the additional cost of security, it’s just as necessary as your power supply.

16:28: All markets must consider security, the high-impact industries are leading the way.

18:11: Relationship between IoT, security and machine learning in the edge.

20:10: Flex are not just creating IoT, but also embracing IoT to benefit from AI and digital transformation.

21:50: Opportunities for production lines, and the challenge of technical debt/retrofitting existing machinery, so machines can benefit from digital transformation too.

24:10: The IoT landscape in five years time – IoT will feel like “everyday normal.” 5G will be deployed in both public and private networks.

26:58: Juan’s advice for device security implementations now to secure tomorrow.

Feb 18, 202129:43
IoT Software Security with AWS: IoT Security Relies on the Cloud to "prevent scalable attacks"

IoT Software Security with AWS: IoT Security Relies on the Cloud to "prevent scalable attacks"

Richard Barry joins David to talk about the role of the RTOS in IoT, the increasing complexities that need to be considered when connecting devices to the internet and how security must be a mindset from the beginning of product development. The discussion also covers the coordination of device-side and cloud-side security to look at patterns from a fleet of devices and prevent scalable attacks.

Minutes:

  • Introducing Richard Barry and the FreeRTOS project [00:57]
  • Breaking down what an RTOS is [2:04]
  • Real-time use cases – the variety of real-time requirements [4:10]
  • The increase in remote accessibility and the security challenges it brings [5:40]
  • RTOS as the undifferentiating factor in devices [6:48]
  • Internet connectivity and the increasing security complexities it brings [8:10]
  • The role of Amazon in FreeRTOS - making development as quick and secure as possible [9:18]
  • Knowledge gaps in a multi-disciplinary IoT [10:50]
  • The relationship between the RTOS and Root of Trust [13:22]
  • Reference integrations and standardized interfaces to ease the porting to hardware security [14:28]
  • Developer security expertise – the challenge of new concepts, terminology and requirements [15:55]
  • Practical challenges that come with scale [17:35]
  • Developer considerations for lifecycle security [18:40]
  • The importance of demonstrating and educating best practice [19:26]
  • Awareness of the consequences of getting it wrong, the increased legislation and, inevitably, the increased use of the Root of Trust [21:36]
  • The importance of security being the mindset from the beginning [22:37]
  • Evolution of Open Source projects – being driven by market requirements, enabling scalability [23:30]
  • Building confidence in FreeRTOS, with backing and credibility from Amazon [24:30]
  • Simplifying the FreeRTOS software – making it smaller and decoupled to suit the diversified use cases [25:11]
  • Futureproofed strategy for developers – reuse undifferentiating factors [26:42]
  • Coordinating cloud and device security to prevent scalable attacks [27:33]

Learn more about PSA Certified www.psacertified.org

Jan 06, 202131:24
Cybersecurity Risk Management with Munich Re: "Building-in surety and confidence"

Cybersecurity Risk Management with Munich Re: "Building-in surety and confidence"

This podcast takes a slightly different format as we host a panel session as David joins Peter Armstrong, Cyber-insurance expert at Munich RE and Duncan Jones, Senior Product Manager at Pelion. 

Peter provides a fresh perspective into the industry and how insurance companies model the risk of the IoT. We discuss where the liability lies and Peter describes how companies can build trust into their products and drive adoption of the IoT at scale with surety, confidence and the backing of insurers.



[1:05] introductions to the panellists

[2:39] An insurers view on digital transformation, and how new hyperconnected devices are impacting the insurance world

[4:25] The evolving portfolio of risk and supply chain responsibility

[5:25] Understanding liability across the value chains involved in delivering IoT services

[6:05] The importance of the Root of Trust in enabling the trusted deployment of technologies

[6:30] The opportunity for insurers from digital transformation

[7:35] Broadening the thinking about IoT products to data and services

[8:40] Digital transformation across industries - a mass deployment of devices beyond the traditional IoT model

[9:30] New technologies driving digital transformation - An individual product has to be trusted.

[11:25] Customer challenges, building business applications high up the stack

[12:01] With scale of the IOT, we can't scale the expertise to secure these solutions

[12:26] Realizing the true potential of the IoT

[13:30] An overview of the insurance market, the role of capital availability and trust

[14:55] Confidence in the 'worst case scenario' and the challenges this brings for cyber-risk

[16:42] The importance of surety and confidence in the embedded processes and devices

[17:24] The role of the Root of Trust in modeling quantified risk, minimizing the front-end variables with sufficient transparency

[18:30] Challenges that come with scaling the IoT

[19:37] Building trust in data to base business decisions upon

[20:03] Regulation and standardization: a help or a hinderance?

[22:00] The responsibility from chip to OEMs to show compliance locally but ship globally

[24:15] The need for a framework and infrastructure for a black and white view of responsibility

[24:35] The geographic challenges for insuring the IoT

[26:00] Responding to nuance and guidance over mandated views

[26:29] The technology industry needs to lead and embrace the requirement for compliance in this evolving environment.

[27:00] Final pieces of advice from the panellists to embrace digital transformation with surety and confidence.

Useful Links:

Explore this topic further in our blog <https://www.psacertified.org/blog/can-we-insure-billions-connected-devices/>

Learn more about Munich RE: https://www.munichre.com/en.html

Learn more about Pelion https://pelion.com

Learn more about PSA Certified www.psacertified.org

Dec 15, 202030:58
The Cybersecurity Certification Journey with ioXt Alliance: "Secure today isn't secure forever"

The Cybersecurity Certification Journey with ioXt Alliance: "Secure today isn't secure forever"

In this podcast, David is joined by Brad Ree (CTO of the ioXt Alliance) to talk more about their journey to make IoT more secure for consumers. They also talk about the partnership between PSA Certified and ioXt Alliance and how it’s easing fragmentation in the IoT ecosystem.

Brad Ree is chief technology officer of ioXt. In this role, he leads ioXt’s security products supporting the ioXt Alliance. Brad holds over 25 patents and is the former security advisor chair for Zigbee. He has developed communication systems for AT&T, General Electric, and Arris. Before joining ioXt, Brad was vice president of IoT security at Verimatrix, where he led the development of blockchain solutions for ecosystem operators. He is highly versed in many IoT protocols and their associated security models. 

  • Introduction to IoXT Alliance. [01:00]
  • A bit more about Brad’s career history. [02:20]
  • The IoXT alliance and why it was founded. [04:09]
  • We do have a shared vision to scale the market, unlocking issues. We obsess a lot about connectivity, cost, functionality > but what about security?! [04:40]
  • We need security that is strong, easy to deploy, scale globally, scale worldwide and across the device spectrum. [05:41]
  • Security certification for fire trucks (!) [06:40]
  • Defining "good enough security" and setting bars that the industry can understand. [07:10]
  • Who are customers of the IoXT Alliance? Plus the struggle of navigating upcoming IoT legislation. [08:15]
  • Enabling devices that scale regulation. [10:30]
  • About IoXT Alliance and how the scheme works. Explaining the profiles and the certification scheme. [11:00]
  • QR codes replacing certification stamps. [12:56]
  • Dynamic lifecycles of devices - you can’t ship and forget! Are manufacturers embracing this concept? [13:52]
  • Security isn’t a product it’s a process. Secure today doesn't mean secure forever. [15:00]
  • Collaboration in the ecosystem. IoXT Alliance and PSA Certified announcement: overcoming fragmentation. [17:10]
  • Enabling security both for software and for hardware. [19:00]
  • The vision of PSA Certified and the Root of Trust (RoT) [19:50]
  • PSA Certified helps to drive the understanding that hardware Root of Trust actually means something and that we shouldn’t do it all in software. [21:20]
  • IoXT expanding into commercial lighting, smart buildings and cellular IoT. [23:30]
  • What does it mean if a cell phone has IoXT certification (at a high level!) [24:05]
  • The growing awareness of security not being an afterthought, enabled by frameworks, APIs etc [26:46]
  • Brad’s one piece of advice: don’t go alone! When things go wrong (which they will) you don’t want to be on your own. Be part of the herd and don’t be left behind. [27:40]

Useful Links

Nov 19, 202032:01
Myth-busting with DCMS: "Cybersecurity standards are not as fragmented as you think"

Myth-busting with DCMS: "Cybersecurity standards are not as fragmented as you think"

Peter Stephens (Head of Secure By Design Cybersecurity, DCMS) joins David to talk more about consumer IoT security concerns and some steps they can take to secure their homes and businesses. There is also a unique insight into governmental views on IoT security, artificial intelligence and the DCMS approach to making the UK a more secure place when it comes to IoT devices.

  • Introducing Peter Stephens and the DCMS [00:45]
  • What is the current perception from consumers and IoT, what actually is an “IoT device” [02:18]
  • Debunking the myth that consumers don’t care about security [03:13]
  • Discussing the relationship between technology, security and insurance [04:41]
  • Consumers should only need to see the top of the “supply chain iceberg” [05:11]
  • Regulation is not as fragmented as you might think: there is consensus in the market already [05:55]
  • Why is IoT security regulation needed? [06:55]
  • Introducing the three components in the code of practise [08:05]
  • Manufacturer transparency: it’s key for success [08:55]
  • How smooth is the flow of conversation on IoT security between territories? [09:59]
  • The consumer does understand the importance and the notion of a security lifecycle [12:00]
  • What is the balance between the electronics industry and the regulation? [13:25]
  • The shift in consumer buying habits, protecting the high street and making it fair [18:15]
  • How important is it for the tech ecosystem to help governments? [19:55]
  • How the DCMS open-door policy works [21:14]
  • Artificial intelligence and the effects on security [22:30]
  • One piece of advice from Peter [26:25]

What to do next (resources and links)

Connect with David

https://www.linkedin.com/in/david-maidment-2956481/ https://twitter.com/dmaid

Connect with Peter

https://www.linkedin.com/in/peter-stephens-a6337523/

Learn more about DCMS:

The IoT Security Landscape Map - https://iotsecuritymapping.uk/ A live open source map of all existing standards, guidance and materials related to consumer IoT devices, developed by the extended DCMS to enable organisations around the world to simplify good practice. The Secure by Design Landing Page: https://www.gov.uk/government/collections/secure-by-design The proposed regulatory approach (July 2020) -https://www.gov.uk/government/publications/proposals-for-regulating-consumer-smart-product-cyber-security-call-for-views/proposals-for-regulating-consumer-smart-product-cyber-security-call-for-views ETSI EN 303 645- https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf - The world's first globally applicable standard for IoT security.

Learn more about PSA Certified:

https://hubs.li/H0xrR_v0

Oct 08, 202028:34
Modernizing Automotive Cybersecurity with Bosch: "Autonomous is 30 years away"

Modernizing Automotive Cybersecurity with Bosch: "Autonomous is 30 years away"

David is joined by Peter Busch (Product Owner Distributed Ledger Technologies Mobility at Bosch) to discuss expanding automotive cybersecurity and modernising 100-year old protocols to take us beyond the now.  We also touch on the difference between safety, security and privacy, plus the role of digital fingerprints.

Key talking points in this episode:

  • More about Peter and Bosch [00:50]
  • What do we mean by mobility? [02:30]
  • Why is cybersecurity important for mobility and to Bosch? [03:29]
  • What does the cost of failure mean to a company like Bosch? The German word for safety and security and the relationship between the two [04:57]
  • How has the role of manufacturers changed over time? How does the long lifecycle of cars complicate matters? [07:38]
  • The relationship between safety, security and privacy [09:30]
  • The role of data privacy in automotive and mobility [11:19]
  • The layers of architecture protecting mobility, the relationship between hardware and software [13:10]
  • What are the challenges with mobility and automotive cybersecurity? How does the supply chain complicate things as the functionality increases? [14:10]
  • The role of digital fingerprints and the relationship with old hardware [16:30]
  • Entity Attestation Tokens [17:07]
  • Digital identities for automotive: using the example of car batteries [18:25]
  • Peter’s predictions for 5 year’s time (or 10 years!) for mobility: things actually need to be slow and consider safety [20:27]
  • Peter’s number one piece of advice for security [23:43]

What to do next (resources and links)

Connect with David

Connect with Peter

Learn more about Bosch:

https://www.bosch.co.uk/

Learn more about PSA Certified:

https://hubs.li/H0xb-5v0

Join us on social media:

Oct 08, 202025:11
Developing Smart Lighting Security with ams OSRAM: "If it's smart, it can be hacked"

Developing Smart Lighting Security with ams OSRAM: "If it's smart, it can be hacked"

David is joined by Jan Münther (Head of Digital Product Security, OSRAM) to discuss the cost of failure of insecure smart lighting, the growing security demand from customers and the need for IoT security best practice.

Key talking points in this episode:

  • More about Jan and OSRAM [01:00]
  • Why is device security important to OSRAM? [03:10]
  • Are companies starting to understand the cost of failure of inadequate security? [05:28]
  • Hacks are often carried out due to basic and fundamental flaws, not sophisticated hackers [07:43]
  • The balance of digital transformation, cybersecurity and the cost of scale [10:05]
  • Devices at scale and hacking devices at scale [11:55]
  • Jan’s thoughts on PSA Certified and security baselines [15:00]
  • What has fundamentally changed with security – why don’t existing certification schemes work for IoT? [17:00]
  • If we know all the issues – why haven’t we fixed the security issues? [18:10]
  • Awareness of security knowledge and security experts are desperately needed [20:40]
  • Jan’s predictions and advice for the future [21:45]
  • Myth-busting IoT security not adding value: you can sell it [24:10]

What to do next (resources and links)

Connect with David

Connect with Jan

Learn more about OSRAM: https://www.osram.com/di/

Learn more about PSA Certified: https://hubs.li/H0xbXX70

Join us on social media:

Oct 08, 202026:24
Introducing Beyond The Now IoT podcast

Introducing Beyond The Now IoT podcast

Introducing our Beyond The Now IoT podcast 

Sep 28, 202000:46