Endpoint Security , Internet of Things Security

Connected Devices and Security: Where Do We Stand?

IoT Security Specialist Brad Ree Says Work Is Underway to Harmonize Security
Brad Ree, CTO, IoXt

Without labelling or standards, consumers and enterprises face challenges when buying IoT devices.

See Also: Live Webinar | Rise of the Machines: State of Unmanaged and IoT Device Security

Organizations are realizing that while it's possible to issue required security specifications to vendors, they also must verify that the devices are secure, says Brad Ree, CTO of the consultancy ioXt and board member at the ioXt Alliance, a trade group dedicated to securing IoT devices.

"It's a real challenge," Ree says. "How do I know something is secure? How do I specify security in my RFPs?"

For consumers, buying secure IoT devices can be an opaque process. Also, there are worries over unknown vulnerabilities, such as the recently revealed Ripple20 flaws. A TCP/IP component deployed in a wide variety of connected devices was found to contain 19 flaws, including some that are remotely exploitable (see: Millions of Connected Devices Have Exploitable TCP/IP Flaws).

"Unfortunately there are going to be a lot of legacy devices with really deep supply chains, so I don't think we are going to just flip the switch and then all of the sudden solve our security problems," Ree says. "This is going to be a work in progress over time."

But connected device security is improving, Ree says. That's been propelled by numerous initiatives by industry groups and also regulations, such as SB 327 in California. The law, which went into effect in January, requires that devices have reasonable security features.

In this video interview with Information Security Media Group, Ree discusses:

  • How IoT manufacturers are responding to an increasing call for better security;
  • How regulators and industry groups are working to improve IoT security;
  • What challenges enterprises are facing deploying connected devices.

Ree is CTO of ioXt, a consultancy that tests the security of IoT devices. He's also a board member at the ioXt Alliance, a trade group dedicated to securing IoT devices, which includes members such as Amazon, Google and Facebook. Ree holds more than 25 patents and was formerly security advisory chair for Zigbee.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.