Look Out! Risk Is on the Move, According to IoT Thought Leaders from Across the Globe

Deborah McLain, Director, Heathcare & Life Sciences, Coalfire

The IoT Security Summit 2017 in New York City in late October and the Security of Things World USA 2017 in San Diego last month were both packed with thought leaders from all parts of the IoT ecosystem – device manufacturers, telecom carriers, cloud providers, and early-adopter end users from vertical industries. They came, they saw, and they tried to conquer the many security challenges faced by organizations when implementing IoT initiatives . . . but came away with many unanswered questions.

One roundtable discussion at the San Diego event, “Risk and the IoT: How might IoT Shift the Liability Landscape?” led by Cherie Dawson, Global Cyber Product Leader at AIG Commercial Insurance, made it clear that few want to take on liability for ‘things’ that can happen in the new world of IoT. For example, we talked about what happens if a driverless car has an accident . . . who’s responsible? The auto manufacturer? The insurance companies? The software developer? These issues are still up in the air and in heavy discussion at many seminars where these organizations gather regularly to come up with answers. New regulation and frameworks for assessing risk and liability are likely solutions.

And the clock is ticking to create solutions to these potential problems as Spencer Brown, Information Security Specialist at General Motors, explained. They plan to offer five levels of driverless cars in the near future – from completely autonomous vehicles with interiors designed like your own living room with no steering wheels or front-facing seats, to options that allow the driver to take over operating the vehicle when needed. Driverless cars are coming soon to a street near you and as such, liability issues and more importantly, security issues, need to be locked down.

Energy, utilities, and local government sectors were heavily represented at both events with exciting IoT initiatives that will change the way consumers interact with these entities. Imagine being able to save money on your power bill by having sensors on your A/C unit that can automatically adjust to brown-out levels during peak usage, if you elect to do so. With data gathered from these sensors, utility companies will be able to offer consumers more cost-saving and time-saving services – all of which will require us to give up a bit of privacy with the collection of more data. These privacy concerns were discussed at both conferences in the General Data Protection Regulation (GDPR) sessions, where there was consensus that data privacy issues affecting EU citizens will spill over to the U.S. as many corporations have EU citizen data in their systems even if their headquarters are in the United States.

Michaela Iorga, Senior Security Technical Lead for Cloud Computing at the National Institute of Standards and Technology (NIST), gave us a glimpse of the future with her session on “The Yin-Yang of the IoT World: Security vs Privacy.” She provided the past, present, and future of intelligent virtual assistants – from Amazon’s Alexa to the Jibo robot and the brand new digital employee, Amelia. All will blur the lines of privacy and security, which must be addressed if these technologies are to deliver on the promise of convenience.

All this talk of new technology and new ways to digitally transform business was the central point of discussion at Coalfire’s icebreaker session moderated by Kennet Westby, Chief Security Strategist at Coalfire, on opening night in San Diego. A group of 25 attendees from all parts of the IoT ecosystem said it was clear that risk is on the move going back and forth and across all networks, applications, and environments – hence must be identified and secured. These are big challenges indeed, and it’s good news that constituents from the entire ecosystem are gathering at conferences like these where we can discuss how IoT is transforming the business world for the better, and how we can ensure that security is a foundational element in making that happen.

Deborah McLain


Deborah McLain — Director, Heathcare & Life Sciences, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS