Business-Critical Devices and the Constraints of Regulation

Session Abstract:

All industries have their business-critical functions, but as we see a shift of operations from traditional methods to the Internet of Things on a massive scale, the opportunities for terrorism, espionage, ransom, and other high-profile devastating attack scenarios are chilling. We can all imagine a doomsday-style attack that threatens the national power grid, exposes millions of medical records or holds a city hostage with a keystroke, but one step below these dramatic and unlikely scenarios, lie real threats to individual enterprises, and the customers they serve. These scenarios may not be the plot of a Hollywood thriller, but can have devastating consequences for businesses of all sizes.

Security is multi-faceted, however for nearly any attack, access to the network over which the devices transmit data is necessary. Much is said about data security, encryption, and tunneling, however these are not effective measures against denial of service attacks, SIM theft fraud, and location tracking to name just a few network-level vulnerabilities. For a great many possible attack scenarios, access to the network is enough for hackers and bad actors to wreak havoc on an enterprise and their end customers.

When it comes to the security of wireless networks, cybersecurity experts and regulatory agencies tend to look the other way. Cellular networks and local networks like LoRa have significant, albeit different, vulnerabilities. Poor regulations often allow these well-documented weaknesses to go unchecked. To further complicate matters, while local networks can be regulated by local authorities, connectivity must, in many instances, be global.

Cellular is regulated on a country-by country basis, LoRa and SigFox are self-governing, and WiFi is perhaps the most worrying with a hack-a-minute, easy access, and anything but comprehensive regulation. What does this mean for critical devices that rely on these networks to transmit data? The ever-present risk of data breaches, service disruption, and fraud.

In this presentation, we will discuss the vulnerabilities of these various network types, potential attack types and documented examples, current regulations (and lack thereof) and why regulators are so powerless to act. We will examine what kind of devices may need guaranteed connectivity, what uptime means to business-critical devices, and examples of individual business-critical devices fleets. Finally we will address what should be done at a regulatory level as well as at an enterprise level to secure critical IoT and M2M devices.


Stuart Mitchell
Chief Evangelist and Head of Product at ZARIOT

Stuart Mitchell is the Chief Evangelist and Head of Product at ZARIOT and is driven by a desire to safely connect the world’s devices. Having held a senior management position at VeriSign, Stuart moved into strategic roles in mobile telecom service providers and, just before
joining the ZARIOT team, bootstrapped and successfully exited an internal IoT startup venture. A strong advocate of customer-first, Lean
startup methodology, Stuart brings an entrepreneurial and characteristically lateral approach to every project he undertakes.

Session Tags

End-User, Government, Enterprise, Small / Medium Enterprise, OEM

standards, regulation, signalling, cellular, mobile, networks, security, mission-critical, business-critical,

CxO, VP / Director, Technical, Operations

Intermediate, Beginner

Retail, Telecom, Banking, Financial Services, Insurance, Healthcare, Government / Public Sector, Pharmaceutical / BioTech, Automotive

Join our IoT Community at

IoT Slam Virtual Internet of Things Conference

IoT Community Logo 2019 Small Trans