Retrofitting IoT Security

Pitch before I did the idea that for a while be with us will Legacy IoT be, here. But what about stubbing around it? Developing cheap and easy (necessary since/for backwards compatible, by definition) security solutions that can be plugged onto old IoT stuff. What ya’reckon, are we too far gone with old IoT and … Continue reading “Retrofitting IoT Security”

One IoTA FYI

To close off [almost, since @KPN fraud themselves away from bankruptcy by series of outright lies to customers and tort] the year with a wild shot, ahead: There is value in the information analysis in IoT, as described in Gelernter and many since, of the two-way flow of information. One, flowing up are information in … Continue reading “One IoTA FYI”

IoThreat level rising

Oh the waxing and waning of the security (or not) that we understand and can see. In, traditional, actual security versus stupid’s attacks with AK-47s. Oh the failure to see that the vulnerability surface grows much quicker, unseen, out of sight; and only partially, backlogging style, being managed somewhat. This surface expansion being in IoT, … Continue reading “IoThreat level rising”

Waves of IoT

Tinkering with the great many (unknown) unknowns of the IoTsphere, it occurred to me that there are various intermediate phases to deal with before we can consider ourselves comprehensively outdone after the Singularity (dystopian with P(X)=1). By which I mean the following ‘growth’ model: Current-day operations: Factory ‘robots’ or process plants being (factory-)centrally controlled from … Continue reading “Waves of IoT”

IoTA mutiplication; old style, is the new new

Apart from the previously established focus on Integrity, in particular to have Data plane integrity from which actual Information could be derived, through integrity in the Control plane, there’s of course a need for other aspects as well, like Confidentiality, Availability, and Effectiveness and Efficiency. [Oh that previous Integrity signal is here.] Though the latter … Continue reading “IoTA mutiplication; old style, is the new new”

SwDIoT

Recently, there was yet another exepelainificationing of ‘software defined networking’, along the lines of separation of the control plane from the data/content plane (here). Which ties into a core problem, with IoT the subject of this post: Integrity. Yes, confidentiality may be an issue, but singular raw data points themselves often are too granular to … Continue reading “SwDIoT”

Better IoT privacy

Oh, I’ve been outdone again, in some ways. Which isn’t a big deal; ’twill happen to you, often, too. This time, it’s about the IAM in IoT that I signalled here and here, here, and here as a generic problem. Correct: Challenge. Which all was readable. Hopefully. For all dealing with the stuff on a … Continue reading “Better IoT privacy”

IoTOSI+

In order to get proper information risk management and audit in place for IoT, on top of IoTsec, the frames of mind should be grown and extended so at least they touch, if not overlap in a coherent way. Where IoTsec-and-IRM-and-audit is about the I and C of All Of ICT, we could do worse … Continue reading “IoTOSI+”

Hiding or in plain sight (IoT dev’t)

In IoT development, there seems to be a disconnect between the hype and the underlying developments. By which I mean that of course, the hype will not play out according to itself, but according “We overestimate short-term impacts and underestimate the longer-term ones”. But moreover, I also mean that there’s a variety of development speeds … Continue reading “Hiding or in plain sight (IoT dev’t)”

Flavours of IoT

In my on-going attempts to get a grip on IoT, I recently developed a first, for me … Being a broadest of classification of IoT deployment, with characteristics yet to work on: B-internal; the ever more intelligent, ever more (visually) surroundings-aware robots in factories, replacing extorted laborers thus taking away the last options to life … Continue reading “Flavours of IoT”

Maverisk / Étoiles du Nord