Oliver Pfaff gives a keynote on “Security for IoT and OT – An Industrial Perspective”

We are excited to host Oliver Pfaff from Siemens Corporate Technology at our 3rd Future-IoT Summer School “IoT meets AI”.

Oliver Pfaff will give a keynote on “Security for IoT and OT – An Industrial Perspective“. Register for the free live stream of his talk on Oct 5, 2020 here: https://school.future-iot.org/ -> register.

IoT (Internet-of-Things) as well as OT (Operational Technology) provide distributed cyber-physical systems: they are characterized by network components (sensors/actuators) that interact with real world resources.
Protecting the communications between system components in IoT/OT is fundamental for cybersecurity. Historically, OT relied on physical protection utilizing network segregation/isolation. This approach provides blocking points for new use cases in Digitalization and I4.0. To overcome them, OT protocol stacks e.g. PROFINET need to be enhanced to support information security based on cryptographic techniques. This is different in IoT: the IoT protocol stacks e.g. CoAP-over-UDP emerge in an ecosystem that supports security using cryptographic means since decades.
But security for the IP stack and IP-based applications e.g. TLS and OAuth for securing Web applications was designed for the needs of IT (Information Technology). Ideas such as “just use TLS or DTLS” might be false friends in IoT/OT security. This presentation determines whether and to which extent well known IT-security solutions match IoT/OT needs and identifies the state-of-the-art in security-enabling IoT/OT protocol stacks. There also is no ‘out-of-nothing’ security: preparatory steps are needed to use cryptography in distributed systems. One example is the supply of initial credentials/keys to system components. IoT/OT has specific challenges with respect to setting-up information security:

  • There are components (e.g. field devices) that do not provide side-channel options for provisioning information to them – such means are often used in IT to setup security.
  • Users expect a uniform way of security setup when an IoT/OT component uses multiple stacks in parallel – setting-up for security is a cross-cutting concern, silo solutions must be avoided.

This presentation sketches blueprints for a uniform handling of preparatory steps for security and considers IoT/OT security initiatives with respect to their potential to avoid or overcome security silos.

Oliver Pfaff is a Principal for cybersecurity at Siemens, Corporate Technology. His current projects bring information security to the field-level in IoT/OT. Oliver also represents Siemens in corresponding initiatives in standardization bodies including PROFIBUS&PROFINET International (PI), the OPC Foundation and the World-Wide-Web Consortium (W3C). Throughout his professional life, he was working in information security for distributed systems (IT/IoT/OT), especially Web-based applications. Oliver studied mathematics and computer science.

Looking forward to your talk Oliver!



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.