what do you mean, “patch”? - omg...what do you mean, “patch”? a shared vision of iot...

What do you mean, “Patch”?

A shared vision of IoT Security Updates

1

Allan Friedman, PhD Director of Cybersecurity Initiatives, National Telecommunications

and Information Administration, US Department of Commerce

tl;dr

The Department of Commerce is convening an open and consensus-driven multistakeholder process to develop a shared vision of security updates for consumer IoT. We need your help.

2

4

7

8

9

10

Vulnerability Disclosure

13

14

“Just build things securely!”

15

16

17

Why Patching?

18

19

20

21

22

23

“Consumer”

24

Capabilities

Technical Capabilities

Patching Expectati

ons

Patching Potential

Minimum Technical

Capabilities

For given technical capabilities, what type of patching/updating is

possible?

For given aspects of the patching process, what technical features

are necessary?

Standards

26

Communication & Transparency

27

Incentives and Barriers

28

Bullets!

• Goal: shared vision of patching, and a plan to promote this vision.

• Voluntary, community-driven, international. • Cross-sector and inter-disciplinary. • Both technical and policy aspects. • We need your help!

29

How you can help

• Talk to me - afriedman@ntia.doc.gov – What are we doing wrong? – How can we do things better?

• Tell your colleagues. • Join the mailing lists and

working groups. Next meeting: April 26

30