Enigma People Solutions caught up with Jenny Devoy, Head of Membership Engagement for the IoT Security Foundation and TechWorks, she has been with these world leading industry hubs for four years and we spoke to her as she prepares for the IoT Security Foundation’s 5th Annual Conference which takes place in central London on 26th November 2019.
Jenny is passionate about the endless possibilities of what tech can bring to our future from transforming our landscapes to improving healthcare, transport and mobility, energy, infrastructures, smart homes, wearables and much more. However unsurprisingly she also warns that security must come first “There are so many ways that technology can improve our lives and environments, we just have to be careful and ensure we're putting the right processes in place to make it safe”.
Hi Jenny, thanks for joining us today. Can you tell us about the IoT Security Foundation and why it's important to have them as an industry body?
The IoT Security Foundation was launched back in 2015 after various meetings with stakeholders to identify the security challenges of connecting a device or ‘thing’ to the internet and to establish what industry really needed. We launched four years ago with mission to make it safe to connect and in our first year we prioritised key projects which included building a comprehensive IoT Security Compliance Framework, as well as developing some simple, easy to digest one-pagers about designing secure consumer IoT products.
During that year, we also published guidance for vulnerability disclosure as we felt like that was such an important topic in security but not much had been done on it up to that point. Hackers evolve and will find new ways to get in, so businesses need to implement mechanisms or vulnerability touch points on their websites to make sure that the good guys like white hats (a person who hacks into a computer network in order to test or evaluate its security systems) have got a channel to report this. We commissioned a report on this topic last year that evaluated over 300 consumer IoT products (available here: https://www.iotsecurityfoundation.org/best-practice-guidelines) and we will be publishing an updated report in the coming months. In our mission to make it safe to connect, we have published several guides, architectures and other reports to aid industry such as our latest whitepapers for the healthcare industry and smart buildings, and we host training events to educate and illuminate industry on security challenges and solutions. We are proud to run the world's longest running IoT Security Conference, which is now in its fifth year and returns to London on November 26th. We've built a loyal global following due to the high quality content that we put on the programme and I’m really looking forward to this year’s event that has 5 talk tracks and such a great agenda.
What do you feel members benefit most from the IoT Security Foundation?
Our members understand that security isn't going to be fixed by an individual - it needs a group effort. We have a global network of over 120 corporate organisations, as well as individual professional members, who all work with us on projects to produce various publications that, make things easier for people who don't have the expertise to secure the internet of things. There are a lot of standards out there that are very lengthy and technical, our aim is to simplify common security guidance so that you don't need to be an expert to implement our Framework security recommendations and best practice guidance.
IoTSF have actually done so well that we had to redefine our original mission statement from 2015, as we have achieved those objectives. We've enhanced our mission statement to reflect what our goals are for the next couple of years for maintaining our framework and guides whilst giving industry a home to communicate and collaborate. We have a low cost membership model and we are a non-profit association, so this money is fully invested in our work to further aid industry.
What are your members currently telling you are the greatest challenges in the market right now?
One of the main challenges for the market is the wealth of information out there with differing advice, so it can be really challenging to know which route to go down. Creating a common framework for our members allows them to satisfy the legal and regulatory requirements, as well as security. When a new Standard or guidance publication comes out, we often map it to our Framework and publish it separately so people can see that by using our Framework, they are adhering to numerous Standards.
This year, we've mapped our Framework to the ETSI Technical Standard for consumer IoT devices (ETSI TS 103 645) and the UK Government’s Code of Practice for consumer IoT security. As regulation comes in, the market faces adjustment challenges so we also developed a Whitepaper that outlines the global regulatory environments. At the IoT Security Foundation, we welcome regulation because it means that technology manufacturers and providers must put security at the forefront of their priorities.
Another challenge in industry is the present and future skills shortage. Having recruitment experts like Enigma People Solutions is a great advantage so businesses can find the talent they need and there are industry initiatives like the UK Electronics Skills Foundation that helps companies find top university graduates and champion educational initiatives to encourage kids into electronics.
What about the greatest opportunities for your members right now?
Knowledge sharing and collaboration are great opportunities for industry and society as whole; look at what we’ve achieved so far with less than three decades of the internet. For our members, working with us means they benefit from access to a unique community of IoT stakeholders from all across the world, and the opportunity that comes with that.
Working with us on security challenges saves our members money and the resources it would take to solve these challenges internally. Members have said that it's a great opportunity, as they do not have to foot the cost of an R&D project. Companies are able to commit one or two people to one of our projects and they're able to learn a lot more thanks to their involvement, and they can take that project experience back to their own companies.
How do you think the UK is better facilitating its tech industry?
I think the government is doing a good job at promoting a range of guidance, especially in departments like DCMS, NCSC and BEIS, and more generally in terms of supporting the UK tech community. Public funding has been made available in a number of areas for technology companies, which is fabulous. Though there has been a bit of hesitation and stunted growth because of Brexit, we will get through it with much less disruption than is being reported in the media and the UK tech community will be better than ever.
The UK tech scene right now is thriving – London and around it is a real hub, and tech hubs continue to expand throughout the UK. For Scotland, Glasgow and Edinburgh have some really impressive design, gaming and software companies. The UK has gone from strength to strength with technology. We've got the talent and there are start-ups that have achieved some amazing things. It's only going to get better!
Can you tell us more about the IoT Security Conference?
Of course! The IoT Security Foundation’s 5th Annual Conference takes place in central London on 26th November, as a world leading IoT Security Conference this event attract 300+ delegates to hear from the experts at executive and technical level, and we’ve added a new training track too so there's a bit for everyone.
The IoTSF Conference will feature 40+ speakers over the ‘big picture’ plenary sessions and four breakout tracks. In the plenary sessions, we will be exploring markets, policy, regulation, certification, standards and assurance as all stakeholders work together on the security agenda.
Within the four breakout tracks, we will be illuminating the industry challenges with security by design, applied IoT security, security resilience and a parallel training track. Plus, there are plenty of opportunities for industry networking including a drinks reception.
You can find out more, including our speaker line up here: https://iotsfconference.com (see our discount code below).
Enigma has secured a special discount code for IoTSF Conference tickets, use code: secure150 to save £150.
IoT Security Foundation Website: https://www.iotsecurityfoundation.org
Conference Website: https://iotsfconference.com