Internet of Things (IoT)

Meeting Minutes - March 2022

  • 1.  Meeting Minutes - March 2022

    Posted Mar 31, 2022 11:06:00 AM

    CSA Announcement

    Discussion - Tesla Twitter Thread

      • Old twitter thread from 2018 talking about how they cobbled together solutions for the infotainment system
      • Telsa is aware that it was precarious, but employees are afraid of challenging the status quo

    IoT Matrix v3 -

    • Brian has added the guide and framework for v3 to GitHub
    • Aaron will be working on adding some pages to make it look nicer
    • Will require maintenance and folks interested in writing code - anyone interested can reach out to Brian or Hillary
    • Benefits
      • Users can file issues and we can track and fix
      • Add code to test the controls
    • Issue to address
      • This assumes all unique MAC addresses, what do you do if you have duplicates?
      • Namrata and Umesh to submit issue on GitHub
    • Brian to add slides to Circle for community use

    Plan for IoT Matrix v4 - Looking for volunteers!

    • Add domains - Supply chain
    • Add controls - Safety
    • IoT specific Shared Responsibility Matrix
    • Indicators of compromise
    • Mappings: ENISA, NIST CF & 800-53
    • A formal reference for NIST

    MITRE/Telesurgery Project

    • Also created a GitHub
    • Need someone with threat modeling experience and anyone interested is welcome to join

    Zero Trust -

    • Brian streamlined the document and updated certain sections
    • New volunteers will be stepping up to complete. They will be adding more requirements and data
    • Should be ready for publication in the next few months

    Volunteers wanted

    • Write code to test controls and maintain GitHub
    • Threat modeling for MITRE/telesurgery project

    Hillary Baron CCSK v4
    Program Manager, Research
    Seattle WA