Attending PETRAS Living in the IoT

On the 1st and 2nd of May this year we attended PETRAS’s ‘Living in the IoT’ conference, hosted at the ever impressive Savoy Place in London.

PETRAS is an IoT research hub jointly operated by 11 research universities, with funding provide by both the Engineering and Physical Sciences Research Council and private companies.

This not only explains the breath of academic interest and participation in the conference but also the presence of a large private sector contingent. The conference programme also reflected this, with the opening keynote presented by Dr Kevin Jones, Head of Cyber Security Architecture, Innovation and Scouting at Airbus. Predictably, this keynote set a very high bar for the conference, not only in terms of interesting content but also in engaging delivery.

Following the keynote, the conference split into three tracks with joint sessions reserved for further keynotes and main panels. This formula was followed over both days, with breaks for lunch, poster sessions and networking sessions. One notable deviation in this programme was the ministerial launch of the UK’s consultation on, and guidelines for, consumer IoT.

Margot James, minister for Digital and Culture personally made the announcement and took questions afterwards. Key elements of which included the ongoing consultation process and also the Code of Practice for Consumer IoT Security.

The code can be downloaded here. In brief though, the code introduces 13 guidelines of which the first three are prioritised. These are:

• No default passwords.
• Implementation of a vulnerability disclosure policy.
• Software updates.

The papers and posters presented all fell into the general grouping of IoT security, privacy and ongoing development.

The Southampton Cybersecurity contingent also covered these topics with a paper and a poster presented. The paper presented a new approach to analysing cyber-physical threats for IOT using provenance modelling. The threat analysis case study focused on BlockIT, a blend of IOT and Blockchain technologies which provides electricity trading in small communities. Our results included new attack vectors not previously exploited.

The poster we presented focused on the need for an integrated approach to engineering privacy by design in IoT. By integrated in this context, we mean both industry best practice (a moving target) and regulatory compliance (a mostly fixed point). Since work in both these fields tend to take a risk based approach, we see ample common ground for the building of an integrated framework.

Notable in the discussions around the work we presented, was not just the high level of synergy with the work of other presenters, but also the degree to which these academic presentations resonated with attendees from the private sector. Although the former can be expected from a highly focused conference, the latter is indicative of the IoT’s ever increasing economic prominence. As such, we can only assume that future conferences will garner even more attention from academia and the private sector alike.