Last Tuesday the prpl Foundation took part in the annual IoTSF conference in London. Art Swift, President on the prpl Foundation, took part in a panel Tuesday afternoon on “United We Stand; Addressing the Bigger Challenges of IoT Security with Collaboration”. The panel centered around the idea of the building an “Internet of Trust” and how security through collaboration can help. Along with Art, the panel featured John Hayne, chairman of the IoTSF, Paul Wilson of the Multos Consortium, Hugh Boyes of the IET, Idris Jahn from IoTUK and Aapo Markkanen, principle Analyst at Machina Research.
The panel began by asking each member how they see the IoT terrain changing over the next few years, and how can the current work being done by the IoTSF in promoting best practices in security could help this. The main theme throughout all answers was simple: trust. The IoT needs to invest in a supply chain of trust between manufacturers and consumers,with consumers being able to trust that the security of the products is up to standard, and that manufacturers will take the security of their products more seriously.
The new collaboration between the prpl Foundation and the IoTSF was also considered an important aspect moving forward, as the two foundations complement each other’s efforts. While the prpl Foundation has developed and published a security framework for the IoT leveraging new hardware features, virtualization, open API’s, and open source software, the IoTSF focuses on developing best practices for security self-certification, software patching, vulnerability disclosure and connected consumer products. The two foundations have agreed to cooperate on areas of common interest and to invite members of each organization to participate in their respective working groups.
The involvement of governments and regulators in the security of the IoT was a topic of some interest to the audience. Here the panel members diverged somewhat with some advocating more regulation, while others including Art, suggested not more regulation but instead more active engagement with the regulators to better understand their concerns and to inform them as to the efforts underway by industry and developers. Art cited the work that the prpl foundation has been doing with the US FCC as a model for this type of industry – developer – government engagement.