Internet of Things

RSSSubscribe to this blog
About Author

Dr John Riley is passionate about improving the innovation process, having first hand experience of large enterprises, small business, academia, and government. As Managing Editor of Computer Weekly (1992-2008) he championed true business value from IT and founded the CW500 Club for IT Directors. He was until recently Strategic Advisor to Erudine, an early adopter of agile technology, campaigning for the wider UK SME community. He was a founder of the UK Innovation Initiative and is active across the IT community.

Contact Author

Email John

How Boards Should Prepare for IoT Security

CISOs: "Reach for Your Life-Vests"

Article comments

The latest Forrester Report on IoT security, called “Prepare Your Security Organisation for the Internet of Things: Why the Next Internet Revolution is Much More Alarming than the Last”, is significant on two counts.

Firstly it asserts that we really are facing a revolution - and that Chief Information Security Officers need to prepare now for the “unprecedented data privacy and security challenge” to come.

Secondly, Andrew Rose, leader author of for the report, being a former corporate CISO himself, speaks to CISOs in their language and mindset.

The Report message is stark (“reach for your life-vests”), and, as part of a wide ranging analysis, pinpoints the six things that CISOs need to do now to prepare for the IoT revolution. Warning that “the potential for innovation and business growth will be irresistible to most organisations”, the Report urges CISOs need to be ready at a moment's notice to discuss with senior management. The need to:

1. Create boundaries and segmentation with industrial control systems to reduce risk and create “air gaps” to stop Stuxnet-like viral attacks spreading.
2. Focus on the physical people safety implications of the system and understand how they may be adversely impacted through interactions with other IoT systems.
3. Define security accountability and implement security checks at the machine level in an autonomous M2M (machine-to-machine) process.
4. Be aware that inconsequential personal data can become very sensitive when collated and cross-referenced and ensure measures are put in to guard against this risk.
5. Anticipate future EU privacy control legislation adopting opt-out “right to be forgotten” clauses so prepare now to build opt-out functionality into systems.
6. Remember that the “I” in IoT “is for Internet”, so to be sure to design out traditional Internet security vulnerabilities.

This Report is timely as conference organisers plan their agendas for 2013 - security was very much an after-thought in the many IoT related conferences I went to this year.

Email this to a friend

* indicates mandatory field

ComputerWorldUK Webcast