Blogginlägg -

The Hacked Jeep is not alone

As I wrote about in the blog post “Demystifying Security and Identities for Internet of Things” it is essential to implement security by design. The recent article in Wired shows how the threat is real and even though causing accidents might not be the prime target it points out that we need to take what we have learnt when opening up systems and API to the IoT world and not just care about remote access to IoT, its also about how different objects in the near perimeter act and are authorized to act.

The Chrysler example is just one of many and I’m sure we will see a lot more in the future and attacks and vulnerabilities that can have a major effect on financial systems and national security.

What the article also points out is the area of Life Cycle Management, IoT needs to have Life Cycle Management and be have the capability of updating the security technology and policies in place at the device. In the Chrysler case it has issued a recall of 1.4 million vehicles to address the issue.

Just as a reminder, 5 steps to help you address IoT security

  1. Activation of Objects
  2. Provisioning of Identities to Objects
  3. Authentication of Objects and Authorization of the Access
  4. Secure Transport of Data from and to and object and Security of Data at Rest on the Object
  5. De-activation of Objects including revocation of identities, clean-up of data and reset of the object

/Per Hägerö

Director Software

Relaterade länkar

Ämnen

  • Datasäkerhet

Kategorier

  • security
  • iot

Kontakter

Relaterat innehåll

  • Carolen Ytander ny CMO för neXus

    neXus stärker sin företagsledning ytterligare och rekryterar Carolen Ytander som ansvarig för marknad, kommunikation och strategisk HR. Carolen kommer närmast från Vattenfall där hon haft flera olika chefsroller, däribland som nordisk marknadschef.

  • neXus stärker i Mellanöstern

    neXus har ingått ett distributionsavtal med Shifra, en distributör i Dubai, vilket gör det möjligt för Shifra att sälja neXus PKI-plattformar i Mellanösternregionen.

  • The SCIM standards just grew up to become RFC's

    Integrity and simplicity for both users and IT-departments just took a huge step forward on the Internet. The SCIM specifications, System for Cross-Domain Identity Management, are now published as publications by the Internet Engineering Taskforce (IETF) as RFC7643 and RFC7644. At neXus we are super proud because we have been playing a key part of the specifications.

  • Personal Integrity and Identities in the Connected World

    The Internet of Things, The Internet of Everything, the Connected World or what ever you call it means that your identity will interact with an ever-increasing number of other objects, objects that will store your identity information – information you most likely would like to control and determine who does what with it.

  • The world needs dynamic identities

    At neXus we are profoundly convinced that Identity-based Security is the solution to meet security requirements and yet at the same enable you to take full advantage of the opportunities that lays in front of you today and in the future, new opportunities that are created when the Physical and Digital Worlds intertwine

  • WebCrypto, Invisible Token and Hybrid Access Gateway

    After following the development of WebCrypto for more then three years it is awesome to see how it now slowly becomes implemented by the larger browsers. You can test your browser here.

  • Explosion in IoT reveals risk of massive black market

    In a recent report Gartner predicts that by 2020 over 50% of new major business process and system will incorporate some element of the Internet of Things. From a security perspective this growth will be challenge from many perspectives.

  • The IETF #93 meeting is wrapping up and it was a great week

    An very intensive Internet Engineering Task Force (IETF) week in Prague is just winding down. It’s been a great week in warm and welcoming Prague. IETF works on the specifications that together form the Internet and IETF attendees meets three times a year to try to make the internet, slowly but consistently, a better place.

  • Demystifying Security and Identities for Internet of Things

    Regardless of where you believe IoT is on the hype cycle you need to start planning on how you shall take control over the security of your IoT scenario otherwise you will find your self in a situation by far harder to manage than any change you have previously faced.

  • neXus TruID for Blackberry 10

    Using your mobile device as a token to enable strong two factor authentication for your applications is really user convenient.

Fyll i din epostadress för att följa Nexus Group

När du väljer att skapa ett konto och följa ett nyhetsrum kommer dina personuppgifter behandlas av oss och av ägaren av nyhetsrummet för att du ska kunna motta nyheter och uppdateringar enligt dina bevakningsinställningar.

För att läsa mer om detta, var vänlig läs vår Integritetspolicy som berör vår behandling av dina personuppgifter, och Integritetspolicy för Contacts som berör behandlingen av dina personuppgifter från ägaren av nyhetsrummet du följer.

Vänligen notera att våra Användarvillkor gäller alla våra tjänster.

Du kan dra tillbaka ditt samtycke när som helst genom att avregistrera dig eller genom att ta bort ditt konto.
Kolla din inkorg

Mejl skickat till __email__. Klicka på länken i mejlet för att följa Nexus Group.

Okej