Blog post -

The Hacked Jeep is not alone

As I wrote about in the blog post “Demystifying Security and Identities for Internet of Things” it is essential to implement security by design. The recent article in Wired shows how the threat is real and even though causing accidents might not be the prime target it points out that we need to take what we have learnt when opening up systems and API to the IoT world and not just care about remote access to IoT, its also about how different objects in the near perimeter act and are authorized to act.

The Chrysler example is just one of many and I’m sure we will see a lot more in the future and attacks and vulnerabilities that can have a major effect on financial systems and national security.

What the article also points out is the area of Life Cycle Management, IoT needs to have Life Cycle Management and be have the capability of updating the security technology and policies in place at the device. In the Chrysler case it has issued a recall of 1.4 million vehicles to address the issue.

Just as a reminder, 5 steps to help you address IoT security

  1. Activation of Objects
  2. Provisioning of Identities to Objects
  3. Authentication of Objects and Authorization of the Access
  4. Secure Transport of Data from and to and object and Security of Data at Rest on the Object
  5. De-activation of Objects including revocation of identities, clean-up of data and reset of the object

/Per Hägerö

CTO

Related links

Topics

  • Data, Telecom, IT

Categories

  • technology nexus

Regions

  • England

Contacts

Lars Pettersson

CEO +46 8 685 45 60

Related content

Six themes drive identity management in 2016

For neXus, the leading global provider of security solutions and services, identity management will be one of the central issues in the context of IT security in 2016. The trends such as continuous flexibilization in the working environment, new forms of customer communication and the growing number of cyber-attacks are responsible for this.

Carolen Ytander new CMO for neXus

neXus is boosting its company management by recruiting Carolen Ytander to head up marketing, communications and strategic HR. Carolen most recently worked at Vattenfall, where she held a number of executive positions, including Head of Nordic Marketing.

neXus supplies service card solutions to municipality of Ale

Municipality of Ale has negotiated a solution for the production and administration of service cards for all its employees. The management of the municipality wanted all personnel to have secure identification that could also be used for secure login, and for access, print-on-demand etc.

neXus appoints new CFO

Magnus Karlsson joins neXus as CFO on February 22, 2016, becoming a new member of the group management. Magnus succeeds Björn Johansson, who has decided to seek new challenges outside the group after nine years with neXus.

neXus' office on the world list of stylish offices

The neXus office is located in Ericsson's old premises at Telefonplan south of Stockholm, since two years. The premises decorated by MER architectural firm, has now been named one of the world's 35 most exciting workplaces.

The IETF #93 meeting is wrapping up and it was a great week

 An very intensive Internet Engineering Task Force (IETF) week in Prague is just winding down. It’s been a great week in warm and welcoming Prague. IETF works on the specifications that together form the Internet and IETF attendees meets three times a year to try to make the internet, slowly but consistently, a better place. The gathering consists of quick presentations and long discussions in

Mobile app authentication by using Hybrid Access Gateway

Traditionally authentication in mobile apps is not much different from authentication in web applications. However there are some key differences in mobile apps
The UI is not build up on the server side so any changes to the UI (e.g. new authentication methods) requires new version of the application to be deployed. These kinds of things take time and focus from the actual app development. For

Demystifying Security and Identities for Internet of Things

https://www.youtube.com/watch?v=Dvfwg8dbBrI&index=8&list=PLtDs7N_g_eiaMna00kv4PoNAYFCVy7UYP

neXus Hybrid Access Gateway 5.4.4

neXus recently made Hybrid Access Gateway 5.4.4 available.

The SCIM standards just grew up to become RFC's

Integrity and simplicity for both users and IT-departments just took a huge step forward on the Internet. The SCIM specifications, System for Cross-Domain Identity Management, are now published as publications by the Internet Engineering Taskforce (IETF) as RFC7643 and RFC7644. At neXus we are super proud because we have been playing a key part of the specifications.

Securing your identities for cloud applications like Microsoft Office 365

Using cloud applications is very common today. Each user tend to use several different cloud services and applications every day in working life. To work efficiently and secure you should define you own cloud strategy for your organization.

WebCrypto, Invisible Token and Hybrid Access Gateway

After following the development of WebCrypto for more then three years it is awesome to see how it now slowly becomes implemented by the larger browsers. You can test your browser.

Explosion in IoT reveals risk of massive black market

In a recent report Gartner predicts that by 2020 over 50% of new major business process and system will incorporate some element of the Internet of Things. From a security perspective this growth will ...

Identity data capture and validation is key

This week I had the pleasure of visiting NORSIS event IDentitet 2016 in Oslo. Very well structured the event started with presentations around the capturing and validation of identity data which is fundamental for the trust in eIDs (and of course other types of credentials).