Nice to be in Nice
That is an obvious and cheap play on words for the popular South of France destination and a joke I made back in 2016 during the European Championships, but one worth re-cycling for a new audience…
RISE was invited to speak at ETSI Security week, (last week) and we gave an update on hardware security, including the latest R&D from the RISE researchers.
I have to honest with you readers, I can think of worse places to be sent away on business in late June than Nice. If there is any consolation for the readers, we were cooped up in a conference room that was just about underground, with questionable Air-Con and far away from the beaches of the French resort.
EDSI @ ETSI Security Week
ETSI stands for the European Telecommunications Standards Institute and is a not-for-profit, and one of only three bodies officially recognized by the EU as a European Standards Organization. Essentially, the Standards people. The ETSI HQ is a short drive from Nice, in Sophia Antipolis.
Tucked away in some very picturesque French hills, Sophia Antipolis, the ‘French Silicon Valley’, is celebrating its fiftieth anniversary this year.
ETSI host multiple events each year and Security Week hosts a couple of hundred people across 5 days, each year in late June. ETSI was established in 1992 and this Security Week was number 13. The great and the good from all over the globe were on site to debate and discuss all things policy related, AI, 5G, IoT and cryptography. To give you an idea of the calibre of people there, two introductions were, “The 3GPP Godfather” and “the Godfather of 3G”; both experts in their field.
RISE gave an update on each of the 8 projects that are now in-life, focusing on hardware security, more specifically on the threat of hardware Trojans and Side-channel attacks and I am delighted to report than we had interest from some major global brands about collaboration moving forward. This can only be good news for UK (and wider afield) consumers.
Les Standards > Les Algorithms (ETSI & IoT)
Earlier this year, ETIS announced a new Technical Specification (TS) for Cyber Security in Consumer IoT – TS 103 645 to be precise, the first globally applicable industry standard for consumer IoT security. This industry standard builds on the Code of Practice from DCMS, but has been designed to work for European and wider global needs. The standard is set to inform, at home and abroad, the development of regulation and industry-led certification schemes. For businesses with an international supply chain and customer base, the standard provides an avenue to pursue a harmonised approach to implementing good security practice for their products. This TS will move to become a European Standard, telecommunications series (EN) and legislation is also looming on the horizon in the UK.
What does the ‘S’ stand for in IoT?
This is a good idea. I remember being at CES in 2014 & 2015. In 2014, IoT had just become mainstream, one of the new hype technologies at CES that year, but nobody was talking about security. Thankfully, 12 months later, industry was more aware of the threat landscape about ‘everything being connected’, therefore vulnerable to a range of cyber-attacks, not least botnets. However, industry wanted to promote self-regulation, which still made me concerned for the future of IoT and consumer adoption.
As consumers, we still have the choice to buy a smart gadget, or not. My preference is to avoid smart gadgets where possible. And it isn’t just the security aspects that concern me, privacy is another major aspect around the IoT, not to mention technological obsolescence.
Fast forward to 2019, here we are with international standards and legislation imminent in the UK around basic consumer IoT security measures. The community is working together to bring more secure IoT products and services to market, meaning the things we use and need, will be secure by design.
Good job ETSI and et al (DCMS, NCSC and the State of California).
Regards from the RISE (EDSI) Rookie