https://www.iotsecurityfoundation.org
Our Mission: Make it Safe to Connect
Our mission is to help secure the Internet of Things, in order to aid its adoption and maximise its benefits. To do this we will promote knowledge and clear best practice in appropriate security to those who specify, make and use IoT products and systems.
Build Secure, Buy Secure, Be Secure
About Us
The IoT Security Foundation was established to respond to the myriad of challenges and concerns over security:
It is a non-profit organisation dedicated to driving security excellence.
It is a collaborative, vendor-neutral, international initiative aspiring to be the expert resource for sharing knowledge, best practice and advice.
It is a member-driven, interactive resource led by an executive steering board.
It has an on-going programme designed to propagate good security practice, increase adopter knowledge and raise user confidence.
Along with the opportunity comes the security challenge: With more and more devices becoming connected, the attack surface for adversaries is target-rich. What is considered secure today may not be tomorrow. A typical IoT system will rely on data and networks of variable provenance, Cloud_pngdevices may be expected to run on batteries for many years and new vulnerabilities are likely to be required to be patched in the field and at scale. Whilst we can learn lessons from the pc and mobile era’s, IoT systems are breaking new ground and so are the security challenges.
IoT security is top concern for executives. Along with the technical challenges, IoT security is on the board room agenda. With more than just reputations at stake, it is imperative that technology providers, system adopters and users work together to ensure security is fit-for-purpose. It is fundamental to the adoption of systems and reaping the social and business benefits.
Ukratko, neprofitabilna organizacija koja se bavi preporukama, best practice i temeljnom studio svih aspekta sigurnosti nekog IoT uredjaja ili sistema.
Kao sto trenutno postoje razni standardi i sertifikati vezani za "struju", EMI testovi i slicno, generalno na primer jedna CE sertifikacija uredjaja, tako ce vrlo vrlo brzo poceti da se primenjuje klasifikacija i sertifikacija IoT uredjaja vezane za razne aspekte "digitalne sigurnosti", postojace na primer Class 0 koji ce da bude "generalna", dakle uredjaj nema nikakve "probleme niti posledice" u vezi sigurnosti (total offline), dalje na primer Class 1 ce biti uredjaji koji su online ali bez nekih vecih sigurnostnih rizika, pa Class 2 za uredjaje vezane na struju ili gas i tako dalje i tako dalje.
Tema je veoma obimna i vrlo je nezgodna posto se provlaci kroz KOMLETAN biznis model i nacin poslovanja pa tek na kraju dolazi neka tehnicka implementacija prakticnih resenja.
Ne moze nista da se resi nekakvom "bibliotekom", stvar je drasticno slozenija i podrazumeva da se neke stvari i pristupi fundamentalno promene ili u suprotnom produkt ili sistem nece moci da prodje buducu sertifikaciju za odredjenu oblast primene!
Nece moci vise da se pustaju u rad i eksploataciju uredjaji koje ne zadovoljavaju makar OSNOVNE zahteve digitalne sigurnosti, tacno ce da se zna sta mora da se ispuni.
Na primer pogledajte ovaj template-upitnik koji je u prilogu. Tu je spakovano nekih 15-ak stranica, svaka stranica sa 10 do 40 stavki tj pitanja na koja mora da se upise odgovor i da se predoci dokaz za to (evidence) kako je tacno ta stvaka resena.
Na firmi tj direktorima i developerima je da se "snadju kako znaju", nema vise opravdanja "nisam znao da treba da zastitim program", nema vise nikakvih predpostavki da li ce nesto desiti ili nece (nekakva zloupotreba/hack itd), jednostavno ce morati da se sve te situacije propisno "izhendluju" ukljucujuci biznis model i sve SW i HW komponente u okviru njega.
http://yu3ma.net/
https://github.com/yu3ma
On-line LM317 kalkulator