RSS FeedBlogs

Internet of Things

John Riley

RSS FeedSubscribe to this blog
About Author
John Riley

Dr John Riley is passionate about improving the innovation process, having first hand experience of large enterprises, small business, academia, and government. As Managing Editor of Computer Weekly (1992-2008) he championed true business value from IT and founded the CW500 Club for IT Directors. He was until recently Strategic Advisor to Erudine, an early adopter of agile technology, campaigning for the wider UK SME community. He was a founder of the UK Innovation Initiative and is active across the IT community.



How Boards Should Prepare for IoT Security

CISOs: "Reach for Your Life-Vests"

Article comments

The latest Forrester Report on IoT security, called “Prepare Your Security Organisation for the Internet of Things: Why the Next Internet Revolution is Much More Alarming than the Last”, is significant on two counts.

Firstly it asserts that we really are facing a revolution - and that Chief Information Security Officers need to prepare now for the “unprecedented data privacy and security challenge” to come.

Secondly, Andrew Rose, leader author of for the report, being a former corporate CISO himself, speaks to CISOs in their language and mindset.

The Report message is stark (“reach for your life-vests”), and, as part of a wide ranging analysis, pinpoints the six things that CISOs need to do now to prepare for the IoT revolution. Warning that “the potential for innovation and business growth will be irresistible to most organisations”, the Report urges CISOs need to be ready at a moment's notice to discuss with senior management. The need to:

1. Create boundaries and segmentation with industrial control systems to reduce risk and create “air gaps” to stop Stuxnet-like viral attacks spreading.
2. Focus on the physical people safety implications of the system and understand how they may be adversely impacted through interactions with other IoT systems.
3. Define security accountability and implement security checks at the machine level in an autonomous M2M (machine-to-machine) process.
4. Be aware that inconsequential personal data can become very sensitive when collated and cross-referenced and ensure measures are put in to guard against this risk.
5. Anticipate future EU privacy control legislation adopting opt-out “right to be forgotten” clauses so prepare now to build opt-out functionality into systems.
6. Remember that the “I” in IoT “is for Internet”, so to be sure to design out traditional Internet security vulnerabilities.

This Report is timely as conference organisers plan their agendas for 2013 - security was very much an after-thought in the many IoT related conferences I went to this year.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *