IoT applications and prospective solutions mandate consideration of a broad set of security and privacy requirements. The explosion in the number of connected devices poses a significant challenge, as does the diversity of end uses. The World Forum will address the component and platform implications for IoT in the context of the full life cycle for security and privacy regimes. It will also address the many security architectures and approaches that have emerged from Government organizations around the world, from the Commercial Market space, and from the Research Community. Across the wide spectrum of use cases there is a need to appropriately balance security and privacy, and it is useful to think of classifications that distinguish the levels required. As an example, these may be thought of as:
- Highly security-centric “life-and-death” applications such as: critical infrastructure; control systems for connected automobiles, railroads, or aircraft; emergency healthcare
- Intermediate security uses that include: smart home; routine monitoring of facilities; sports and physical exercise activities that involve tracking such as geolocation
- Casual uses such as: games, entertainment, public virtual reality applications, and aspects of social media and general information services
The topics that the Presentations, Panels, and Working Group discussions, for the Track on “Security and Privacy Regimes for IoT” will cover include:
- Achieving secure compose-ability of individually secure devices and components
- Scalability (for massive number of devices, and as contributors to- and consumers of- big data)
- Device-associated robustness levels that also deal with the high variations in heterogeneity (such as stationary and mobile infrastructure, smart phones and user terminals, wearables, the wide range of possible sensors and actuator types, and embedded IoT devices)
- Device ownership and component control (accounting for interoperability, regulatory compliance, governance, audit-ability and risk management)
- Remediation for the reigning confusion caused by the proliferation of standards and certification, and the realization that IoT will create new experiences and a vulnerability surface that is not accounted for
- Testing approaches and procedures that overcome the lack of efficacious and accepted practices — These include: interfacing with and leveraging legacy devices and services; containment against expansion of compromise to other units, systems or networks; effective crypto-agility; defense against advanced threats such as quantum-computing attacks. These also include testing approaches for the differing device lifetimes, and lifecycle support of IoT solutions such as over-the-air firmware and software upgrades
One of the objectives of the Track is to launch future actions and activities that continue beyond the World Forum as part of the IoT Initiative Working Group on “IoT Security and Privacy”.
Jeff Voas, NIST
Jeffrey Voas is an innovator. He is currently a computer scientist at the US National Institute of Standards and Technology (NIST). Before joining NIST, Voas was an entrepreneur and co-founded Cigital that is now part of Synopsys (Nasdaq: SNPS). He has served as the IEEE Reliability Society President (2003-2005, 2009-2010, 2017-2018), and served as an IEEE Director (2011-2012). Voas co-authored two John Wiley books (Software Assessment: Reliability, Safety, and Testability  and Software Fault Injection: Inoculating Software Against Errors . Voas received his undergraduate degree in computer engineering from Tulane University (1985), and received his M.S. and Ph.D. in computer science from the College of William and Mary (1986, 1990 respectively). Voas is a Fellow of the IEEE, member of Eta Kappa Nu, Fellow of the Institution of Engineering and Technology (IET), Fellow of the American Association for the Advancement of Science (AAAS), and member of the Washington Academy of Sciences (WAS).