24
Thomas Mosel, Principal Product
and Solution Security Officer Smart
Infrastructure, Siemens
Thomas Mosel holds a Master of
Advanced Studies in Information
Security from the HSLU in Lucerne.
Thomas's goal is to support Siemens
Smart Infrastructure to continually
improve the maturity of Product and
Solution Security through appropriate
risk management and compliance
to international standards and best
practices.
Thomas Mosel, Principle Product and Solution Security Officer for smart
infrastructure at Siemens, says that the risk that compromised Internet of Things
(IoT) devices pose depends on the type of product and how it is used. That risk is
one of the first security considerations when designing an IoT device.
"It's important to consider the infrastructure. If you talk about access control
systems for buildings or digital grid products, you must think about security," he
says. "If somebody compromises an office building climate system to change
the temperature, that is inconvenient. If someone increases temperatures in a
hospital, that could kill people."
Mosel suggests four pillars of IoT security that span the entire device life cycle:
Develop secure products. Developing secure products means ensuring product
designs conform to standard practices for unique identity, secure credentials
and access controls, and secure communications. "Follow standards for
architecture and design as well as secure coding. Conduct threat assessments
and penetration testing. Plan for data protection from the very beginning,"
"If somebody compromises an office building climate system
to change the temperature, that is inconvenient. If someone
increases temperatures in a hospital, that could kill people."
IoT Solution Security Must Be a Product
Life-Cycle Consideration
