There are just 4 days left to purchase an Early Bird ticket for the Secure IoT 2019, Internet of Things cyber security conference. Learn about: the security issues, risks, threats and vulnerabilities associated with IoT systems and connected devices; gain an understanding IoT security best practice and meet leading experts and companies offering security products, solutions and services with speakers from:
- Amazon Web Services
- Copper Horse
- UK Government Department for Digital, Culture, Media and Sport
- Device Authority
- IoT Security Foundation
- NCC Group
- Pen Test Partners
Purchase your Ticket here.
Secure IoT 2019, Internet of Things Cyber Security Conference will be held at the Green Park Conference Centre, 100 Longwater Avenue, Green Park, Reading, Berkshire, RG2 6GP, on Thursday, 7th November with registration from 9.00 am and closing at 6pm. For more details see:
For details of the speakers see: Secure 2019 Speakers
Why attend the Internet of Things Cyber Security conference?
We are seeing an ever-increasing number and sophistication of cyber-attacks on systems and products that are using connected IoT devices. These attacks are being instigated by different types of actors including: criminals; states and state sponsored; issue-orientated hactivists (malicious insiders pose the greatest threat) and ‘script kiddies’.
The risk and damage in terms of reputation, costs, health & safety to an organisation or individual due to poor security practice can be considerable.
In May 2018, the General Data Protection Regulation(EU) 2016/679 (GDPR) became enforceable. GDPR covers “security by design” in hardware and software. Data controllers are obliged to consider “data protection by design and by default”. Organisations using insecure IoT devices, software and systems could face action under GDPR should they contribute to theft or “spillage” of personal data.
If you would like to learn more about IoT Security best practice then come along to Secure IoT 2019, Internet of Things Cyber Security conference.
Health implant maker MedTronic is recalling some of its insulin pumps following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them.
Specifically, the manufacturer is recalling its MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub and some blood glucose monitoring devices used with the at-risk gear. America’s medical drug watchdog the FDA also issued an alert this week over the holes, which can be leveraged by nearby hackers to execute commands on the pumps.
These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoacidosis.
See full Article from The Register:
Scumbags can program vulnerable MedTronic insulin pumps over the air to murder diabetics – insecure kit recalled
Secure IoT 2019 will be held 7th November
- Learn about the security issues, risks, threats and vulnerabilities associated with IoT systems and connected devices
- Gain an understanding IoT security best practice
- Meet Leading experts and companies offering security products, solutions and services
National Institute of Standards and Technology (NIST), US Department of Commerce have published a new document: Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their individual IoT devices throughout the devices’ lifecycles.
Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.
NIST defines cybersecurity and privacy risks for IoT devices in terms of three high-level risk mitigation goals:
1. Protect device security.
In other words, prevent a device from being used to conduct attacks, including participating in distributed denial of service (DDoS) attacks against other organizations, and eavesdropping on network traffic or compromising other devices on the same network segment. This goalapplies toall IoT devices.
2. Protect data security.
Protect the confidentiality, integrity, and/or availability of data(including personally identifiable information [PII]) collected by, stored on, processed by, or transmitted to or from the IoT device.This goalapplies toeach IoT device except those withoutany data that needs protection.
3. Protect individuals’ privacy.
Protect individuals’ privacy impacted by PII processing beyond risks managed through device and data securityprotection.This goalapplies to all IoT devices that process PII or that directly or indirectly impactindividuals.
This report, the first in a series addressing the IoT, looks at higher level considerations, NIST says future reports will go into greater depth and detail about related issues.
UK public sector lagging behind in taking IoT beyond pilot, says Yotta survey. The UK’s public sector is lagging behind in adopting Internet of things (IoT) with almost three-quarters, at 74%, yet to make use of the emerging technology commercially, according to a research from technology company Yotta.
The survey commissioned by Yotta found that 39% of public sector organisations did run pilots but could not go beyond that with any live commercial deployments. On the other hand, more than a third, that is 35% of the surveyed public sector IT decision-makers indicated that their organisations are yet to start off with the technology.
The survey also found that public sector IT decision-makers believe security concerns to be the biggest obstacles faced by councils in making effective use of IoT-driven technology.
Almost four out of 10 of respondents, at 38%, voted security concerns as the main challenge, while more than a third, at 35% cited perceived cost of implementations as the reason for not deploying the technology.
Other prime concerns for using IoT are lack of skilled in-house expertise, at 34%, and integration challenges with existing systems, which was referenced by 31% of the surveyed public sector IT decision-makers.
An E&T investigation together with leading cyber-threat experts reveals how simple it is to hack Internet of Things (IoT) devices hooked up to the internet, exploring the implications of what this could mean for consumers and critical infrastructure in the UK.
See E&T article:
How to hack an IoT device
Hackers targeted mobile phone networks around the world to snoop on specific users, according to a report by US-Israeli security firm Cybereason. The level of access they gained to the networks meant they could have shut them down had they wanted to.
Global phone networks attacked by hackers
A Norwegian aluminium producer is recovering after hackers took thousands of computers offline and demanded a ransom.
Cyber-attack forces company to use pen and paper