From Zero Trust to Full Trust

Session Abstract:

The IoT has been under attack since its inception. This trend has accelerated recently with Russia’s invasion of Ukraine, with Russian backed attackers targeting German wind farms in a bid to increase that nation’s reliance on Russian oil and gas [1].

The critical weakness of the IoT security, even when it is implemented, has been its network-centric focus. This historical focus on communications worked well enough when end points could be trusted. And for a long time, they have been to a degree. Computers and smartphones are typically in the possession of their owner. They’re protected by buildings and data centers and sometimes even dedicated cages within data centers.

This model breaks down in the highly distributed environment of the IoT. Wind farms are far off shore; actuators on pipelines can be similarly remote and smart grid equipment is often itself exposed. To meet this threat model equipment must be protected and the trust in the network forsaken.  It’s the opposite of IoT network topologies today. Worst of all, as Pegasus spyware has proven to us, receiving any kind of communications from an unknown entity is fundamentally insecure[2].

This talk will focus on 4 key areas of innovation we have developed in the intertrust labs:

  1. Persistent Data Protection: at rest, and in transit, from creation to consumption
  2. Ensuring trust in an end point prior to processing communications from it
  3. Providing enhanced trusted logging and auditing functions
  4. Providing all the above for devices and networks that do not have intrinsic security hardware to protect themselves.

Sources

  1. European Wind-Energy Sector Hit in Wave of Hacks
    https://www.wsj.com/articles/european-wind-energy-sector-hit-in-wave-of-hacks-11650879000?st=x6zx1ygbxv9p236&reflink=desktopwebshare_permalink
  2. https://en.wikipedia.org/wiki/Pegasus_(spyware)

 

Speaker:

Julian Durand is Intertrust’s vice president of product management and chief information security officer where he is responsible for owning the IoT product leading the PKI team and overseeing security practices for the company. He brings over 30 years of experience in bringing breakthrough products to market at a massive scale and is a named inventor in Digital Rights Management (DRM), Internet of Things (IoT) and virtual SIM technologies. Before joining Intertrust, Julian brought SaaS and PaaS products to market for construction telematics and real time cyber risk analysis at TeMeDa and CyberLucent respectively, taking both companies to profitability from initial seed funding startups. At Qualcomm Julian led product security; virtual SIM development; child tracking sold as Best Buy’s “Little Buddy”; and the company’s first efforts in IoT doubling revenue year on year for the first three years and catalyzing what is now a billion-dollar business. Prior to that, he was the technical lead for Nokia’s first music phone. Julian holds a B.Eng from Carleton University in Ottawa, Canada, an MBA from the University of Southern California (USC) and is a Certified Information System Security Professional (CISSP).