We had a great a line up of speakers and talks for the 2018 conference
Dr Andrew Jones, System Architect, Arm
Presentation: Threat Modelling & Security Analysis For IoT
Among the most critical tasks in developing secure device is designing platforms with robust countermeasures for identified threats. Andrew will give an overview of Arm’s Platform Security Architecture and how threat modelling can be performed to identify and mitigate attacks.
Dr Andrew Jones is the Arm architect focused on future systems design of IoT and embedded automotive systems. Andrew is a veteran system architect having previously worked at the University of Bristol, and several microelectronics companies in the UK and US. He has managed the specification of dozens of successful chips and is the holder of over 50 patents. Andrew Jones is the author of a book on network design and of a number of publications focused on system on chip architectures.
Dave Walker, Solutions Architect, Amazon Web Services
Presentation: Recommendations for AWS IoT Security Practice
Dave is a recognised expert in IT security, networking and compliance design, consultancy, review, implementation. Multi-level and cross-domain security, especially label-based, is a particular speciality.
Occasional creator of novel approaches to security issues; Cloud, hypervisors, Trusted Computing, Adversity Modelling and privacy number among areas of interest.
Experienced speaker / presenter on security topics.
Specialties: Multi-level, cross-domain, label-based security, compliance consultancy, audit design.
Tony Gee, Associate Partner, Pen Test Partners
Presentation: Blockchain, does it fix everything? Hacking the IoT to break blockchain!
As we march ever closer to a world of IoT and the irrefutability of the ledger, we are now seeing companies looking to implement blockchain technology, however, as with the early IoT, organisations are rushing to make the same mistakes. This talk will look at what we learnt from hacking the IoT, including demonstrating some new compromises and show how we can apply this to attacking blockchain and the devices used to interact with it.
Tony has over 13 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor.
Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime and key payment systems. Tony is able to illustrate and demonstrate critical issues in these systems in a way the audiences of all levels can understand. He has spoken at PCI events in Europe and Asia, at the SC Congress in London, technical conferences such as BSides and many other partner events, including speaking at the US Congress, European Central Bank and the European Parliament.
Stuart Traynor, Solutions Architect, Cisco
Presentation: Evolution of factory security for Industry 4.0
The digitisation of manufacturing, or Industry 4.0 as it is commonly known, is driving manufacturing organisations to rapidly adopt new technologies including, Robotics, Industrial IoT, Mobility, Collaboration and Analytics to help drive efficiency within their processes. Unfortunately, more devices and connections also open the door to new cyber-security risks, and previous generations of industrial control systems were not conceived with security or the IP connectivity needed in mind.
Traditional guidance to create air gapped and siloed networks is no longer relevant in today’s world which needs to make use of the data generated on the factory floor. This session looks to explore how cyber-security is evolving in order to allow organisations to effectively adopt Industry 4.0 whilst maintaining the required level of security. It will discuss two case studies (large enterprise and SMB) to explore the different challenges and approaches required to evolve security in the manufacturing environment.
Stuart is Solutions Architect within Cisco UKI Technology Office with a focus on working with manufacturing customers as they look move towards Industry 4.0
Ivan Reedman, Global Hardware Security Capability Development Lead, X-Force Red, IBM
Ivan will talk about common techniques used during hacking of embedded systems from simple signal interception to side channel attacks including a deeper look at early exit comparisons and the risks they pose. Moving to simple advice for engineers/designers and project managers to help design securely rather than retrospectively plugging security holes all as common sense advice.
With more a 30 years in research and development, and in excess of 8 years in offensive hardware tool development, Ivan Reedman (aka ToyM4ker) brings with him deep hardware design and development experience, from switching power supplies through to complex embedded systems.
Keen to share his knowledge, Ivan provides hardware capability development thought leadership and innovation for his team and works with clients in assessment, design consultancy and training capacities with respect to hardware security.
Having discovered a number of silicon level vulnerabilities present in millions of IoT products from large Silicon Valley vendors, developed a working proof of concept generic IoT platform to demonstrate the design flaw and presented this material at a number of security conferences, Ivan works to find un-patchable hardware vulnerabilities in order to help convey the importance of secure by design applying to hardware as well as all other aspects of the design life cycle.
Dan Craddock, Cyber Security Project and Policy Manager, Department for Digital, Culture, Media and Sport (DCMS)
Presentation: The UK Government's approach for tackling insecurity in consumer IoT devices
Dan will give an overview of the UK Government's ongoing work to tackle insecurity in IoT devices. The talk will include a detailed look at the recently published Code of Practice for Consumer IoT and other outputs including mapping, consumer guidance and the response to the informal consultation following the March 2018 publication of the Secure by Design report. Dan will also give an overview of the next steps for this policy area and outline how the UK Government is working closely with manufacturers to improve the security of IoT devices.
Dan Craddock is a Policy Advisor in the Secure by Design Team at the Department for Digital, Culture, Media and Sport. He is currently leading on stakeholder engagement and driving manufacturer uptake of the UK's Code of Practice for Consumer IoT.
Tim Snape, Head of Security - IoT, Vodafone Group Enterprise Technology
Presentation: IoT saves lives – An alternative view of IoT security
With increasing adoption of IoT in all industry sectors, security professionals continue to focus on the risks introduced by this revolutionary technology. In this session, Tim will share the view from a mobile operator perspective and explore the safety, privacy and security aspects of IoT, as it continues to be embedded in more of the technology we use on a daily basis.
Cellular technology provides a range of opportunities for organisations to leverage IoT. You will hear from Tim about how IoT is being used to transform the automotive industry, to provide customers with new levels of safety and convenience, while addressing the issues, including:
- securing IoT devices
- managing IoT complexity
- protecting customer information
Rob Dobson - Director, Device Authority
Presentation: Keeping Patients Alive: A Secure Internet of Medical Things
Experts predicted that like the Internet, the Internet of Things (IoT) too is going to be a part of our everyday life. With an increasing number of medical devices connecting to the Internet, the idea of a connected healthcare sphere becomes more interesting. Several software, service, and product companies are showing interest in connecting devices with a view to make their primary product or service more achievable.
IoT medical devices provide many benefits for different stakeholders, most notably improved healthcare for patients, efficiency and cost savings for the manufacturer and real time monitoring for healthcare professionals. However, there are risks associated with connecting medical devices to the Internet. The good news is there are ways to mitigate them, which will be addressed in this session.
The session will include:
- Introduction to IoT medical devices: benefits, concerns and risks
- Common security challenges
- How to secure a connected / IoT medical device
Rob has over 25 years of experience in industry, with a wide range of expertise across cybersecurity, IoT, SaaS, Semiconductors and Software engineering. He has been involved in several successful start-ups. Rob helps customers architect and deploy successful IoT solutions with the security they need and is also well known for speaking at various events around the world on IoT Security across many markets, most prominently Industrial & Medical/Healthcare.
Dr. Shane Rooney, Executive Director, IoT Networks, GSMA
Presentation: IoT Security by Design
Shane Rooney is an Executive Director at the GSMA on the IoT Programme. Bringing together strategies and synergies across the M2M verticals and the wider IoT ecosystems.
Shane had previously led the GSMA’s initiative in developing mobile solutions in Smart Cities and collaborating with cities like Barcelona, Dubai and Shanghai. His team has developed a wider range of Smart City Indicators, Case Studies and Business Cases demonstrating the importance of mobile technology.
Shane's team also have developed enablers in IoT Security and embedded SIM. He has led the launch of Cellular LPWA Networks Technology ( NB-IOT & LTE-M) initiative globally and now promoting Cellular V2X technology.
Previously he has been a Group Vice President with Etisalat , developing solutions for Energy, Security and Transport IoT solutions for Middle East, Africa and Asia. Before that he has worked with other Mobile Operators, Vodafone, Hutchison and 3 UK as well as launching and divesting of his own M2M company.
Shane pioneered early telematics and connected car solutions for Ford Motor Company in the USA and Europe. He has extensive Global experience. He holds a PhD in Communications Systems specialising in Location Based Servicesand studied Business Marketing at IMD Switzerland.
Roger Shepherd, Ambassador, IoT Security Foundation
Presentation: Using the IoTSF’s Security Compliance Framework to improve the security of your IoT products and systems
This talk looks at the IoT Security Foundation’s "Security Compliance Framework" and how to use it to help improve the security of IoT products and systems. The IoT IoTSF is a collaborative, non-profit, international organisation formed in response to the complex challenges posed by security in the connected world of the Internet of Things. Amongst other activities, the IoTSF has developed Best Practice Guides and a Security Compliance Framework.
Roger Shepherd, Managing Director, Chipless Ltd, has worked in the electronics industry for 38 years. He joined UK semiconductor start-up Inmos in 1979 where he was part of the team who designed the Inmos transputer. Subsequently he has worked across a wide range of hardware, software and embedded system technologies. In 2014 he set up Chipless Ltd, which provides consultancy in system design and security. In October 2015 Chipless became a founding member of the IoT Security Foundation. During 2016 Roger spent six months as CTO of cyber security venture Lujam
Tuukka Laurikainen, ICS Solutions Architect, Representing the Industrial Internet Consortium
Presentation: How to avoid being an idIoT by using the Industrial Internet Consortium’s Security Framework
A review of some of the incidents that have occurred in the IoT world, considering the proposals made by the IIC IIoT security framework that would have avoided the catastrophe.
During the talk we will introduce the IIoT security framework and give a series of recommendations on how to carry out a secure development and management of IoT systems.
Tuukka Laurikainen, specialised in networking and security and more than 15 years of experience in information technology in different sectors and roles. Highly skilled in problem solving and technical architectures, he started his career in the health sector in Finland after operating BBS systems and pre-email messaging exchange. Since then and for more than 10 years he has been doing technical consulting in Spain for both national and international customers ranging from automotive and manufacturing to banking and public sector.
Currently Tuukka is an ICS Solutions Architect at Titanium Industrial Security, where he is helping industrial enterprises address the changing needs in the industry and to secure their most important assets.
Tom Gaffney, Principal Consultant, F-Secure
Presentation: Not so Smart devices. IoT threats, examples, actors and mitigation
Tom's talk will review the dark side of the explosion in number of connected devices within our homes, businesses and critical infrastructure.
The session will include:
- Examples of the diverse risks facing “smart" devices, from power stations to consumer goods, core networking kit and even hotel key cards
- The threat actors responsible and their motivations
- Mitigation factors in design and how consumers and businesses can protect themselves
Tom has been in technology for 20 years and in security for 15. Currently at F-Secure where he runs the technical engineering teams who serve Internet Service Providers and is the technical face of F-Secure in the UK for media. Interested in security (of course) and privacy and runs secure ops and privacy sessions for NGO’s.”
Stephan Noller, CEO & Co-Founder, ubirch
Presentation: Making IoT Security Pervasive with Blockchain and Cryptography
ubirch has developed a solution, that uses Blockchain-Technology and ECC-Cryptography to secure IoT device data in a new way. Instead of focussing on the security of the device itself or the transmission channel the ubirch solution adds security credentials to every single measurement of an IoT sensor. This digital signature can then be used by everyone who receives the data, even if he does not operate the sensor or the device. The data can always be checked for integrity and provenance, even years later and if the data has travelled a lot. This changes how IoT data from industrial production can be used for connected production, but it is also a game-changer for parametric insurances.
Stephan Noller, Psychologist and Serial Entrepeneur from Cologne, Germany. Developed the first machine learning based audience measurement system for the german advertisting market, known as „internet facts“ and still in use. Founder and CEO of targeting specialist nugg.ad AG in Berlin, european market leader for predictive targeting, sold to Deutsche Post and later Zalando AG. Chairman of the policy committee at IAB Europe in Brussels, negotiated self-regulation for online advertising across all european markets with the commission. Member of the advisory board of the german ministry of economics, vice-chairman of german association for the digital industry bvdw with a focus on IoT and digital transformation. Founder of Calliope mini, a non-profit initiative to bring digital education to first grade kids. Since 2015 founder and CEO of ubirch GmbH, a company that offers the "Blockchain for Things", a secure stack to link things to the cloud by using cryptography and blockchain technology, recently awarded as "cool vendor" by Gartner.
Clive Watts – Product Manager, Secure Thing
Presentation: Securing the Supply Chain
As widely reported, there are significant issues with modern supply chains, leading to widespread theft of intellectual property, injection of malware, over production and counterfeiting.
To tackle this issue the IoT requires a holistic approach to security, focused on the early introduction of device specific identity, the management of secured boot services, secure provisioning capability and secured update management systems.
In this session we will look at the root causes of these issues, and how companies are partnering to deliver a secure supply chain through next generation silicon, smart distribution channels and secure management of software and secrets.
Prof. Gareth Howells, Founder, Director and Chief Technology Officer, Metrarc
Presentation: ICMetrics: A keyless security platform for IoT
Metrarc Ltd. has developed a ground-breaking security technology based on the derivation of encryption keys directly from the properties of IoT devices. Established encryption systems have an inherent weakness that the keys that are used to encrypt and decrypt data are stored and therefore if found can be abused. Metrarc have developed ICMetrics, which derives a stable encryption key from potentially varying features of an IoT device, subsequently discarding it without storing either it or any reference templates underlying its generation. The lack of templates and stored keys ensures much greater security then alternative approaches.
Prof. Gareth Howells is a Founder, Director and Chief Technology Officer of Metrarc Ltd and holds a Chair in Secure Electronic Systems at the University of Kent. He has been involved in research areas relating to security technology for over 30 years and has been instrumental in the development of novel technologies for device authentication. He has published over 200 papers in the technical literature, co-editing two books and contributing to several other edited publications.
Tom Chen, Professor in Cyber Security, City, University of London
Presentation: MSc IoT with Entrepreneurship
The Engineering School at City, University of London is offering a new Msc IoT with Entrepreneurship programme.
This programme is unique in a couple of ways: it is centred around student design projects that are industry-oriented; and a substantial entrepreneurship component is delivered by our highly rated Cass Business School.
Modules include: IoT Security; IoT Technologies; Data Analytics; Entrepreneurship; Communication Networks.
Tom is a Professor in Cyber Security at City, University of London. Previously he was a Professor in Networks at Swansea University, and Associate Professor in Electrical Engineering at Southern Methodist University (Dallas, Texas).
He also worked for several years at GTE R&D Labs (now Verizon Labs) in Boston, Massachusetts. His research areas include malware, network security, privacy, biometrics, and cyber terrorism.
Robin Kennedy, Cyber Security, Knowledge Transfer Network (KTN)
Presentation: CyberASAP - Commercialising UK Academic Ideas
The Cyber Security Academic Start-up Accelerator Programme was set up in 2017 to commercialise UK academic ideas. With the support of industry experts, UK cyber security researchers and their teams are encouraged to develop their innovative ideas into products and services with a clear route to market and scope for further development.
In the first stages of the programme, teams work on the development and market validation of their value proposition. The final stage focuses on the development of a minimum viable product. The programme culminates in a showcase/demo day to investors and industrialists.
The Year 2 Demo Day takes place in January. Applications for Year 3 are planned to open in February with the programme starting in April.
Industrialists / Investors / UK Cyber Academics - Register your interest via www.cyberasap.co.uk & we'll keep you posted.
CyberASAP is funded by DCMS (the Department for Digital, Culture, Media and Sport) and delivered in partnership with Innovate UK and Knowledge Transfer Network (KTN).
Robin will give an introduction to the programme followed by presentation pitches from some of the current cohort.
Robin Kennedy is Knowledge Transfer Manager for Cyber Security at the Knowledge Transfer Network (KTN).
Duncan White, Partner, Chartered (UK) and European Patent Attorney, Marks & Clerk
Presentation: Protecting IoT security innovations
Duncan White is the Managing Partner of Marks & Clerk’s Oxford office. In the course of nearly 25 years in the patent profession, he has established a well-regarded international practice, spanning the UK, USA, Japan, Israel, and Northern Europe.
Duncan specialises in the drafting and prosecution of patents in the fields of computer-implemented and software-related inventions, particularly in the consumer electronics sector. He also handles patent cases in a wide range of other industries, such as oil and gas, semiconductor manufacturing, and medical devices.
Duncan also provides filing strategy and portfolio management advice, regularly represents clients in oral proceedings at the EPO and UK IPO, evaluates standard-essential patents, conducts freedom to operate searches, and handles design registrations in the UK and overseas.
Alan Hall, CEO, Valbrio
Presentation: Why Static Analysis is mandatory for IoT Device Software
Alan Hall is CEO of Valbrio Limited who specialise in tools for developers to improve software quality, safety reliability and security.