Hackers of India

IoT Supply Chain Blues and the way forward

By  Aseem Jakhar   Kedar Sovani   Anantharaman Iyer   Suvabrata Sinha   Sudarshan Rajagopal  , Sachin Jain  on 06 Sep 2022 @ Nullcon

Presentation Material

AI Generated Summarymay contain errors

Here is a summarized version of the content:

The discussion revolves around the challenges of securing IoT devices and networks. The expert highlights the complexities of hacking and compromising these systems, citing examples such as WannaCry malware and CCTV networks. They emphasize that defense alone is not enough and that threat actors can be anyone.

The conversation touches on the importance of collaboration between organizations, sharing intelligence, and converging OT (Operational Technology) and IT expertise to combat threats. The expert notes that there are many organizations and consortia working together to address these challenges.

Privacy is also discussed, with the expert stating that it’s a myth in today’s connected world. They reference an incident where Garmin accidentally shared US military personnel locations.

The discussion concludes by highlighting the need for:

  1. Specialized skill sets around IoT and embedded systems.
  2. Collaboration with third-party vendors on standards.
  3. Establishing a responsibility chain for attacks or incidents.
  4. Building trust from the ground up.
  5. Basic cryptography practices.

Overall, the conversation emphasizes the complexities and challenges of securing IoT devices and networks, and the need for collaborative efforts to address these issues.