- Home
- CFP
- Registration
- Training
- Schedule
- Speakers
- CXO Track
- CTF
- Exhibition
- Live Bug Hunting
- Hack Young
- Resume Clinic
- Media Pass
- Sponsors
- For You
- Venue
- Volunteer
- Goa 2022
- CXO Synopsis
IoT Supply Chain Blues and the way forward
There has been over a 50% rise in the number of IoT connected devices worldwide since 2019. This has widened the threat landscape for attackers and signaled a pressing need for increased awareness among vendors and users of IoT devices. The scale of devices connected to the Internet is physically large but we need to constantly identify ways to protect consumers while causing minimal disruption. When we consider IoT devices, there are number of vendors involved in the supply chain system each with a different set of security requirements.
For example, a source company responsible for manufacturing raw materials may have some set of X security requirements while the assembling unit company may have a set of Y-X security requirements. This become dangerous since standardization across all the vendors becomes challenging. For instance, the security framework being referred by the vendor company mandates AES-256 encryption but the source company has raw materials which at the firmware level do not have the capability to implement AES-256.
Another pressing question to consider is the accountability when breaches happen. Laying the boundaries for regulatory compliance becomes challenging in the IoT supply chain. There are two important actions that need to be taken – (1) Applying the discipline of building security in the firmware (2) Getting the right skilled people. Later, it is essential to implement a zero-trust security model throughout the IoT supply chain and gradually figure out the channels to be trusted.
Whenever there is a mismatch between the security standards and the IoT device capabilities, companies like Payatu (ExpLIoT) known for IoT security assessments can help identify the low hanging fruits. The future in the world of IoT devices looks much worse (before it begins to get better) and so we need to constantly improve and imbibe security within the IoT supply chain stack. The way forward is to foster a strong collaboration within the IoT industry thus overcoming the lack of discipline and sourcing the required skillset for implementing security in the IoT supply chain.