IoT & Device Security logo

Securing IoT from the network to the edge

Munich, Germany
5-6 December 2017
#IoTDS

Agenda

Please find the Internet of Health conference programme below

08:00-09:00

Registration & Refreshments
9:00- 9:10
Internet of Business Welcome Address
09:00-09:20
Chairman’s Opening Remarks
Keynotes
 

09:20-09:50

Opening Keynote: IoT- What Does it Mean When Considering Security?

We are now in the era of the Internet of Things, where digitally connected devices are influencing every aspect of our lives, including our homes, offices, cars and even our bodies. The opportunities that IoT have developed are huge and without precedent. But it is becoming an increasingly attractive target for cybercriminals. More connected devices mean more attack vectors and more possibilities for hackers to target us, thus we need to move fast to address this rising security concern.
But how do we do it? Several measures are already being taken to gap holes and prevent security breaches at the device level, new regulations have been proposed and new technologies implemented.
Let’s analyse the unstoppable growth of IoT and the necessity for organisations to take appropriate measures to protect their networks.

 

 

09:50-10:10

Inventory and Authentication Keynote: Do you Know What You Have and Do you Have it Authenticated?

Ten years ago, most of us had to only worry about protecting our computers. Five years ago, we had to worry about protecting our smartphones as well. Now we have to worry about protecting our car, our home appliances, our wearables, and many other IoT devices.
But how to know when a new device is connected to the network?

Once those devices have been identified they need also to be authenticated so they can securely communicate with each other. IoT systems must be equipped with multi-factor authentication and granular access control mechanisms that can substantially reduce the risk of unauthorized access.
Are your systems lacking authentication?

 

10:10-10:40

Who’s Who Keynote Panel: Who Should Own IoT & Device Security Within Your Organisation

Organisations need to reassess how they approach IoT security. It’s no longer something apart from the business; it is a real business issue. Breaches can have a substantial impact on customer confidence and the bottom line. However confusion of who owns security within the development, testing and implementation process remains in question. The organisational functions most responsible for mobile and IoT
security very often reside outside the security function. Being a business issue also means that IoT security is not just a technical challenge for the Chief Information Officer, Chief Technology Officer, or Chief Security Officer, it’s under the purview of all the corporate officers and the board.

Stream A: Securing Your IoT Network
Stream B: A Different Approach

10:40-11:10

Presentation: Eliminate Threats at the Edge

Much of the IoT’s value resides at the network’s edge, where organisations collect some of their most sensitive information. Unfortunately, edge protection like firewalls and antimalware software do not provide the visibility
or security needed in this new computing world. The intelligent edge is where people, places, and things converge, and where rights converge as well.
Follow this session to analyse each key capabilities including: antivirus, antimalware, firewalls, intrusion prevention, and detection systems.

Privacy Perspective: Building Protection to Reduce Vulnerability and Privacy Concerns

The inescapable introduction of sensors and devices into currently intimate spaces poses particular challenges and a major area of concern is privacy. As physical objects in our everyday lives increasingly detect and share
observations about us, consumers will likely continue to want privacy. Security and privacy challenges for any IoT solution need to be addressed from the start.
We will look at how introducing security in the early life cycle of the IoT solution can reduce vulnerability and privacy concerns.

 

11:10-11:40

Real Cases: Embedding Security in the Design Phase

When designing a system, it is important to understand the potential threats to that system, and add appropriate defences accordingly, as the system is designed and architected. To date, we have failed to embed security into each piece of data as it is created. All data should have embedded security, and the systems that consume, process and store this data must adhere to the security policies embedded therein.
We will analyse new business models based on design phase security, what solutions and what processes are needed.

API To Create A Secure Global Device Oriented Network

APIs are fundamental to build secure components of the IoT. It enables to govern the flow of data with the security you need to protect sensitive information. But still the epicentre of some of the largest IoT security errors
started with a poorly secured application program interface.
Therefore we will look at several steps that organisations’ decision-makers can follow in order to maintain device security and device data security through API.

Networking Refreshment Break

11:40– 12:00

Keynote: Applying Machine Learning to Security

Machine learning is defined as the ability of a machine to vary the outcome of a situation or behaviour based on knowledge or observation. Machine learning can provide the bridge to utilise the vast amounts of data that IoT devices produce and collect this information into patterns which can be used to understand whether a device or not is compromised.
Our expert keynote will talk us through how machine-learning algorithms can be used to combat IoT security threats. Algorithms will learn users’ behaviours over time to more effectively detect fraudulent activity.

12:00-12:50

Prevention Workshop: Detecting and Automatically Blocking Ransomware

Malware and more specifically ransomware has been the most effective way for attackers to reach targets globally. This only proves the need for better, and faster ransomware protection methods. Of course you want to block ransomware before it has a chance to encrypt your network data stores. But keeping up with the pace of ransomware innovation can be a challenge.
During the workshop we will talk about costs and prevention of ransomware attacks by analysing deception technology.

 

12:50-13:20

Case Study: Biometric Authentication for Cloud Security

As enterprises increasingly move sensitive data to the cloud, security is often an afterthought and managed on a cloud-by-cloud basis. User authentication will need to take place each time a service is used. To overcome the challenge, different types of biometric techniques have been developed and will be examined during this session.

Presentation: Blockchain As a Building Block for IoT Lifecycle Management

Blockchain holds a record of every transaction ever completed in the network. When registered, the IoT endpoint remains a unique entity within the Blockchain throughout its life. The possibility of maintaining device
information, history, and software revisions in the Blockchain means the Blockchain itself can become the trusted IoT registry. But how can Blockchain become the building block in IoT security?

13:20-14:20
Networking Lunch
 

 

14:20-14:50

Case Study: Protecting the Endpoint

As more enterprises adopt practices such as BYOD and remote/mobile/pc employees, the enterprise network security has effectively softened. Any device provides an entry point for threats. Endpoint security aims to
adequately secure every endpoint connecting to a network to block access attempts and other risky activity.
We will analyse key components of an effective endpoint security solution:
• Encryption
• Application Control
• People

Virtualisation Best Practice: NFV as a Security Opportunity

As SDN and NFV becomes more widely adopted and there have been a multitude of SDN & NFV use cases, the challenge of securing IoT virtualisation is higher than before. New security models and controls need to be developed to accommodate NFV and new software-defined security tools.
The great news is that with the NFV infrastructure, all of the testing can be automated with the push of a button, but do we know how?
The workshop will be your chance to familiarise.

 

 

14:50-15:40

Data Management Workshop: From Storage to Analyses

As data flows increase, not only organisations must have enough space to store information, but they must also make sure data is easily accessible and stored in a safe manner. IoT data comes from vastly different environments in different formats using different languages and users face a serious challenge in compiling these disparities into a safe and common language and storage solution.

Many solutions are now available that simplify the collection and storage of IoT data from disparate systems but are those solutions also taking security into
account?

Join the workshop to address this and many other questions around IoT data management in a safe environment.

Workshop: How SLA Frameworks Should Look Like?

We have seen that service level agreements between service providers and customers or third parties have been a low priority in the internet of things space partly due to the high complexity of the solutions. SLAs is becoming
increasingly important in the IoT ecosystem, especially in light of the GDPR. E.g. If a company choose to outsource its IT management, it will become illegal under GDPR not to have a formal SLA in place with the third-party
service provider.
So what should you do if you are unhappy with your provider agreements? The workshop will aim to create a new set of SLA frameworks based on IoT security requirements.

 

 

 

15:40-16:30

Working Groups: Securing New Business Opportunities

The IoT will transform most existing industries and enable a multitude of new business opportunities. However, as it extends further and further into the physical world, the associated security challenges get tougher and appear to multiply exponentially.

During this interactive session we will look at the different ways of IoT security deployment based on verticals, what are the best IoT security to use, competitive advantages and much more.
Choose your vertical and extrapolate the capabilities necessary to protect your ecosystem!
During the last 10 minutes a representative of each group will discuss with the entire audience the outcome of their discussion.

• Smart Meter/Grid
• Smart Home
• Smart Cities
• Smart Energy
• Smart Cars
• Smart Healthcare

 

16:30- 17:00

Regulatory Panel: The Inescapable Rise of Regulation – GDPR as a Step to Create Trust

In May 2018, the European General Data Protection Regulation becomes enforceable. The regulation concerns all electronic communications. The GDPR is strengthening the rights of individuals whose personal data is being processed mainly by requiring consents. Not easy at all, depending on context and use case. The new regulation is making even more important for companies to set up measures to prevent privacy
violation. In case of a breach, the GDPR requires administrative fines of up to 4% of global turnover for companies responsible for the incident.

Companies being able to prove compliance with GDPR will have the chance to create trust in their IoT ecosystem.
So how are you preparing? Who can advise you on the specific risks regarding IoT and related technologies?

17:00-17:15

Chairman’s Day 1 Recap
18:30-21:00
Evening Drinks Reception
08:30-09:00
Registration & Refreshments
09:00-09:15
Chairman’s Welcome & Day One Recap
Keynotes
 

09:15-09:45

CISOs Point of View: What is the Cost of a Data Breach?

The IoT budget will reach $547 million by 2018, according to a Gartner report. But it’s still challenging for a CISO to get budget for IoT Security, since the board of directors wants to spend that IT money on projects and solutions that will expand the business and bring in more revenue. But the cost of a data breach is composed of several things, including the cost of acting to reduce the impact, the loss of brand reputation and
consumer trust, and even the cost of litigation.

So how do you show that there is value in investing in IoT Security and justify a proper security budget?

 

09:45-10:15

Interactive Discussion: Security Patching: Making the Patch Process and Ally not a Foe

The biggest problem with many IoT devices is that they are un-patchable, and if they cannot be patched, they cannot be made secure. An IoT device is not a standalone product; it is highly dependent on the services it receives over the Internet, from the technical, organisation and policy services. Therefore how can IoT software be updated? The discussion will help us capture the current best practices in the IoT industry relative to software update.

Stream A: Industry Application
Stream B: Executive Roundtables on IoT Security
 

 

10:15-10:45

Best Practice: Looking at the 2018 Threat Landscape

New challenges will arise in 2018. Security experts have warned that the Internet of Things is a cybersecurity nightmare and more large-scale attack will be unleashed, using IoT vulnerabilities.
Advanced threats are growing fast, by 2020, more than 25% of identified enterprise attacks will involve IoT.

This best practice session will provide a forward-looking view of the biggest security threats.

 Roundtable Discussions

The goal is to facilitate a meaningful group discussion that is engaging and helpful. The audience will divide into 5 groups. During the last 10 minutes each speaker will share with the rest of the audience the outcome of the
discussion.

Skills Required
Prevent Cybersecurity
Identity Issuance
Implementing Tried-and-Trusted IoT Ecosystems
Holistic Approach to Security
Hack the Device

 

10:45-11:05

Presentation: Big Data & IoT Security Analytics

The data generated from IoT is a valued commodity for hackers, as it can contain sensitive information such as personal information, payment card information or heath information.
However new encryption technology have been released to protect IoT data. Our expert speaker will present the new platform that graphically design and easily manage data flows in an IoT or back-end environments.

11:05-11:35

Networking & Refreshment break
 

11:35-12:05

From Security to Trust Debate: Building Trust in your Supply Chain 

Digital revolution is totally affecting our lives and changing the ways, in which we collaborate. New potential breaches need to be considered before developing or implementing new devices. But all IoT devices are embedded systems. Trust in embedded security refers to an expectation of integrity that a system is operating as designed.

The session will cover the system’s root-of-trust as the point where authentication starts and then extends through each software layer.

Blockchain Workshop: Benefits and Challenges of a Decentralised IoT Network

Adopting a decentralised communication model will significantly reduce the costs associated with installing and maintaining large centralised data centres and will distribute computation and storage needs across the billions of devices that form IoT networks. But there are still dispute between bitcoin developers for the architecture of the blockchain technology. Processing power and energy consumption are also concerns that will be discussed during the interactive discussion. with those buttons and new control areas.

 

12:05-12:25

Presentation: Already Thinking about API Protocols?

There are security protocols already in place to improve IoT security, but with the continued rise of IoT devices in use, business leaders must make sure API management is a central part of their security strategies in order to
protect safety and security of their organisation’s connected devices and customers’ data.

Our expert will show several steps that organisations can follow in order to maintain device security through APIs.

12:25-12:55

Interactive Session: Industry 4.0

Industry 4.0 incorporates and extends the IoT within the context of the physical world and it’s used to digitalise the business operation. But security implications of compromised IoT devices include production downtime, damage to equipment or facilities and much more. IoT device manufacturers have a responsibility to produce IoT devices that are naturally more secure and hardened.

Education: Increase in Security Education

Education on security is crucial in organizations where security is not an afterthought but looked upon from a holistic and end-to-end perspective, as it should be in this digital business age. Educate your people as they are a
major cause of security breaches. You can invest in a state-of-the-art security solution with predictive analytics and an embedded security strategy approach but if the human factor is overlooked, then nothing else goes.

12:55-13:55

Networking Lunch

13:55-14:25

Best Practice: Ensuing IoT Security in Smart Cars

Over the past few years, automotive security threats have become a reality. Even though technology exists to solve many of security problems, the challenges of deploying such technology in cars are way bigger that for tradition IT services.

The automobile manufacturing process needs to be very precise and meet the highest quality standards to put a car on the road. The safety of everyone on the road depends upon the quality of vehicles being manufactured and sold.
This session will cover the risks and best practices to manage security in the Automotive industry.

Governance, Risk and Compliance Keynote: Fitting in with Guidelines and Standards

IoT can be complex environment, regulatory and compliance challenges are likely to grow in importance. Understanding the risks, opportunities and challenges in IoT is the first critical step towards an effective and secure implementation. The pending GDPR is already significantly impacting businesses across Europe. But compliance means fitting in with a guideline, congruity with a particular standard or law. But investing in a standardcompliant, fully secure and ethically fair regime can be an expensive responsibility for an enterprise.

14:25-14:55
Panel Discussion: OEMs’ Perspective on IoT Security for Smart Home

OEMs play the key role in smart home security since they are responsible for installing security software onto the devices. However very often they give the responsibility for the security of the device to the operating system vendor.
Everyone involved in the development and deployment of the device plays an important role.

14:55-15:45
Prevent Your Cyber Attack!

Our Industry expert will tackle some imaginary hacking scenario and attendees will create a framework of actions to prevent and then react, which will be presented and shared with the other tables.

15:45-16:15
Case Study 2: Simpler Network for a More Effective Security

Description TBC

16:15-17:00

 

Final Discussion: What the ‘Future Security Treats’ Reserve and How the Ideal IoT Platform will be?

Providing IoT security is an ongoing effort, not a one-time process. New threats will emerge, as will new technologies to combat those threats. An ideal IoT platform will have sufficient built-in flexibility to allow manufacturers to not only improve the level of security they offer with new products, but also update the security of products in the field.
Let’s finish the conference dreaming for an ideal IoT Scenario.

17:00-17:15
Closing Remarks from the Chair and End of Conference