SCRATCh partners participated at the ETSI IoT week from 22 till 25 Oktober.
Every Year ETSI organizes a week of seminars and knowledge sharing on the topic of IoT. The week included life demos of companies and research institutes. Security and Privacy where a main topic beside the regular topics of interoperability and standards. Echoing through the discussion was the phrase to many standards to choose from. ETSI has a focus towards Mobile operators and tries to make the standards list smaller and choice easier. An Eu funded project standICT made an overview of applicable standards, https://www.standict.eu/standards-watch
During the week standards work and project using the standards where presented. ETSI advocates the oneM2M standard and published several reports and specification in line with this standard. It was clear from the presentations that security and privacy are no longer optional in the IoT development. Within ETSI Task Force 547 investigated Security/ Privacy and interoperability in regards to ioT.
Another big item was ontology or sometimes referred to as semantics, A European funded initiative called SAREF researched the topic and the result of this work is now under the umbrella of ETSI (https://saref.etsi.org/). Although the ontology was used in some large-scale pilots and smart city initiatives, there seems not to be a wide scale adoption yet of the SAREF ontology.
Back to Security or the lack of security professional’s, the question was how can security become a more integral part of the design process, ETSI, the GSMA and others published several guidelines to aid ICT professionals, obvious remark from the public was that reading all those guidelines or just one might be a bridge to far, all being lengthy reports. Developers tend to design and make stuff, security experts are trying to brake stuff, the mindset of those groups are fundamentally different. Feedback given from the SCRATCh project: approach security from a developer standpoint and develop tools that make it easier to incorporate at least the basics security measurements. As an example, develop a kind of knowledge system that ties the regulation, security measurements and best practices to the IoT device/ system that is being developed. A task not easy in a scattered standards landscape.