Read the article by Alex Davies via Rethink Research’s August 6, 2020 Faultline issue.
Building a house that is strong enough to withstand the test of time requires well-defined codes, specifications based on rigorous testing, and thorough certification. Building a secure IoT device is no different. As a part of Open Connectivity Foundation (OCF), engineers from over 450 companies around the world have been collaborating on the trifecta of specification, certification, and open source reference architecture that is required to build secure IoT devices.
Read the full article by Kyle Haefner via Embedded.com
The success of the internet is largely due to a set of standards which define the internet protocol (IP). Prior to IP, communication systems required their own domains, each with unique protocols and infrastructure. The key advantage of IP is that it acts as a foundation for multiple communication systems to interoperate over the same domain.
Many of the current systems of automation and control reside on proprietary domains which do not use IP. The installed base of such proprietary domains is often extensive and cannot easily be replaced. Such systems may be connected to the internet, but a gateway and (often bespoke) control software are needed to interface with IP-based IT infrastructure.
Read the full article via Smart Energy International.
Building automation is shifting from proprietary networks to IP networks, creating a large impact on network management as there will be an influx of Building IoT devices on the network. These devices will need to be securely added to the network and then provisioned in the Building Management System (BMS). This process will involve Information Technology (IT) administrators and the provisioning in the BMS system will involve Operational Technology (OT) administration. To reuse an existing, managed IT network, the devices on that network need to be evaluated by IT managers before onboarding to the network, since being on the same network can cause disruption for the other services that are running on the same network. Using the same IT network for IoT devices will avoid duplicating a second network in the building, with the additional benefit of reusing the existing operational infrastructure to manage the devices.
It is for these reasons that the same security requirements should be applied for Building IoT devices as for other devices managed by the IT department. The initial step is…
Read the full article by Wouter van der Beek via Embedded.
Cable’s next generation, 10G networks, holds the promise to deliver symmetrical multi-gigabit speeds that are 100 times faster than what some consumers are currently experiencing today. This great leap forward will enable services and experiences that will drive internet innovation for years to come. It is our mutual responsibility to assure that devices we connect to these blazing 10 gigabit internet connections, are updated and patched, free from default passwords and use proper authentication and authorization.
The lack of following basic cyber-security principals surfaced in the late Fall of 2016, when many popular sites such as Twitter, Amazon, Reddit and Netflix, were unreachable for several periods, lasting hours. The cause was a massive distributed denial of service (DDoS) attack coming from hundreds of thousands of compromised internet of things (IoT) devices. Traffic from these devices overwhelmed the DNS service provider dyn.com and effectively blocked customers and users from reaching these popular Internet locations for hours at a time.
As we approach a world where households are connected at gigabit and greater speeds, building secure devices and getting them in the hands of consumers is essential. Over the last several years CableLabs has been engaged with standard organizations such as, the Consumer Technology Association (CTA) and the Open Connectivity Foundation (OCF), to draft specifications and guide security baselines for IoT devices. This work has culminated in the release of OCF’s international ISO\IEC specification for IoT interoperability.
Read the full blog by Kyle Haefner via CableLabs.