AusCERT2015

Connect with us   ​  

Andrew Jamieson

Andrew Jamieson has been working in the security of embedded systems for over 20 years, spending half of his time making devices and the other half breaking devices. During this time he has worked with many different security evaluation methods, such as Common Criteria, FIPS140-2, ISO13491, and PCI PTS. Andrew regularly interfaces and works with device manufacturers from around the world, and provides input to new security evaluation methodologies.

Andrew works in the ‘Innovation’ team of Underwriters Laboratories Transaction Security division, having previously managed the Device, Audit and Standards area. He holds a bachelors degree in Electrical Engineering, and a Masters Degree in Information Security.

Twitter: @AndrewRJamieson

Presentation Title
IOT Security: It's in the Stars!
Abstract

The Internet of Things promises to allow for connections between everything from cars and televisions to kitty litter trays and nappies – but so far little attention appears to be placed on the security of these devices. As computing becomes ubiquitous, how do we avoid an IOT apocalypse?

In this presentation we shall outline the reasons why security is often not addressed in these types of devices, and why current security evaluation methodologies and standards are not a good fit for the IOT. The speaker will detail both technical and economic challenges faced during product development, testing, and deployment, drawing on real-world experience with manufacturers around the world. 

Comparison between subjective and objective testing methodologies will be made, with discussion focusing comparisons between ‘informal’ penetration testing and formal evaluation methods such as Common Criteria and FIPS140-2. The talk will not dwell on specific types of attacks, but on the reason why these types of vulnerabilities exist and why ‘security is hard’ is often not as valid as ‘security is costly’.

Finally, the author will present a new type of logical evaluation methodology and how this can change the economics of IOT security. The talk will outline how this methodology allows for the subjective comparison of disparate devices, and how it can be applied to IOT devices to provide a ‘Security Star’ rating with comparisons made to how devices are assessed for energy or water efficiency today. Assessment of real-world systems against this methodology will be provided, showing how this can change the economy of security for the IOT.

REGISTER HERE!

Conference Highlights

New Venue
Don't miss the best cyber security conference in Australia at the Surfers Paradise Marriott, only 150 m from Surfers Paradise beach

Conference MC
Comedian and Mathematician Adam Spencer will host the conference, Gala Dinner and Speed Debate

Career Café
Retreat to the back of the exhibition away from the noise for a real coffee at the AusCERT2016 Career Café and chat with specialist Infosec recruiters