October is National Cybersecurity Awareness Month, and as part of our work with the Internet Society and Internet of Things (IoT) campaign, we think October also deserves another label… International IoT Security and Privacy Month. There are a number of significant activities and developments related to security and privacy. Here are a few highlights of what’s happening, how we are participating, and how you can get involved.
- The “How to Make Trustworthy #IoT” Workshop – (Oct. 8) This year’s Internet Society Chapterthon is focused on IoT, and we are excited to see how all 43 participating Chapters raise awareness of the privacy and security issues surrounding IoT. On Monday, 8 October, Jeff Wilbur and Megan Kruse from the Online Trust Alliance be in New York City with the Internet Society New York Chapter (ISOC-NY) and IoTNation holding a workshop on 'How to Make Trustworthy IoT' - an IoT Privacy & Security Workshop. If you’ll be in New York City on Monday, please consider registering for the event, or watching the livestream starting at 2PM.
- Comments due for NIST Internal Report (NISTIR) 8228: Considerations for Managing IoT Cybersecurity and Privacy Risks – (Oct. 24) The report by the non-regulatory agency of the United States Department of Commerce, the National Institute of Standards and Technology (NIST), is intended to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices throughout their lifecycles. The draft also includes recommendations about how to address risk considerations for these devices. We will submit comments by the Oct. 24 deadline.
- Europol-ENISA IoT Security Conference – (Oct. 24-25) The invite-only event is organized by the European Union Agency for Law Enforcement Cooperation, Europol, and the European Union Agency for Network and Information Security, ENISA. Our Chief Internet Technology Officer, Olaf Kolkman, was invited to address IoT security and privacy. Kolkman will specifically discuss the IoT Trust Framework which, if implemented, could easily avoid every single documented IoT vulnerability as OTA documented in 2016.
- UK Secure by Design Report – (coming soon) The UK government is expected to issue the final report of its recommendations about how to ensure that consumer Internet-connected products and associated services are sufficiently secure. In particular, the UK Secure By Design Report looks at the rights and responsibilities of consumers and industry. In its preliminary report released earlier this year, 30 of the 40 recommendations were from OTA’s IoT Trust Framework.