News : Newsletters : Alliance Member Bulletin : July 2017

July 2017 Monthly Member Bulletin

Executive Director’s Corner

IOT Security Thought Rooted in the Present, Not the Future

Every day I come across articles and blogs pointing out the security shortcomings of Internet-connected devices and networks, all of which seem to be calling for something to be done about it, yet no one seems to pay attention or step up. While we have dedicated our IoT information portal – www.iotsecurityconnection.com – to raising awareness of these security concerns, we’re not getting an avalanche of inquiries from organizations to join this fight to look at this problem.

Perhaps no one wants to admit that the security problem is already too embedded in the devices in the market today, and the cost to address the problem and proactively fix it is too unpleasant. It is similar to the Medicare fraud problem, where acknowledging that the government has a $30 billion a year security flaw that could be fixed with a less than $1 billion investment in chip-enabled Medicare ID cards is ignored, because nobody will own the solution so they allow the problem to continue.

Security experts agree that a few simple changes to the design of video cameras, home health monitors, industrial sensors, and connected consumer devices – for example, eliminating default passwords and assigning unique tamper resistant devices identifiers during the manufacturing process – would avoid prevent attacks from hacking systems. Those hacking systems are specifically designed to search the Internet for devices that aren’t built with those simple security features.

This elementary approach would address present threats, but security needs the development of technology that will prevent attacks in the future. That requires innovations in cryptography, which can be applied to low resource microcontrollers that can perform fast, low-overhead security challenges and responses on relatively simple 8-bit, 16-bit, and 32-bit processors.

These answers can be found in the modern smart card and secure element industry. Chip manufacturers in the Secure Technology Alliance have served industries such as payments, transit, smart IDs and e-passports, building security solutions into low power microprocessors. Embedding those chips and securely programming and personalizing them into IoT devices for specific environments are what they are building their future on.

But first, the IoT ecosystems need to admit that there is a problem. The Secure Technology Alliance provides the forum and resources to help IoT stakeholders address these problems. You are invited to join our IOT Security Council and work on promoting security solutions and you can attend our next public forum on advancing secure IOT payments by attending IOT Payments 2017 October 10-11 in Austin.

Council Highlights

If you would like to participate in a Secure Technology Alliance Council, please contact Mike Strock, [email protected].

New EMV Resources

Congratulations New Recipient

CSCIP/G Certification

CSEIP Recertification Program

In March 2017, the Secure Technology Alliance began offering a recertification program for CSEIP recipients. Recertification extends the value of the CSEIP certification by demonstrating that the CSEIP certificant is current with new technologies approved by GSA for implementing ePACS systems and refreshes knowledge of the best practices for design and implementation of government security solutions.

Benefits of Recertification

Recertification provides confirmation to industry colleagues, business partners and potential customers that the certificant:

Recertification Duration

The CSEIP certification is valid for two (2) calendar years, in line with federal agency requirements, and the recertification extends that for another two years. CSEIPs who completed their certifications in 2014 and 2015 must complete their recertification in 2017.

Upcoming Recertification Dates

Exam dates now through the end of the year are on the following days:

For complete information on recertification, fees and how to prepare, visit https://www.securetechalliance.org/activities-cseip-recertification/.

New Conference on IoT Payments

IoT Payments 2017 will be held October 10-11, 2017 at the Hyatt Regency Hotel in Austin, Texas. This new event will bring together financial executives, device and application providers and retail industry experts on the evolving intersection of payments and the Internet of Things (IoT). To register or submit a speaking proposal, please visit the event site.