IoT Working Group Minutes - RIPE 80

Thursday, 14 May 14:00 – 14:30 2020
WG co-Chairs: Jim Reid, Sandoche Balakrichenan
Scribe: Pedro Vaz
Status: DRAFT

1) Administrivia

This presentation is available here:
https://ripe80.ripe.net/presentations/34-RIPE-80-IoT-WG.pdf

There were no changes to the agenda.

The minutes from RIPE 79 were approved.

It was noted that at RIPE 79, a group of volunteers had formed to develop on an outline document on a RIPE scope for proactively mitigating IoT attacks. They were currently working on a draft and would share this on the mailing list.

2) WG Co-chair Appointment

Jim Reid

The presentation is available here:
https://ripe80.ripe.net/archives/video/367/

Jim said his term as WG co-chair was ending and there were two excellent candidates to replace him. However, as they had both received equal support, there was no clear consensus on who should be chosen. According to the WG’s selection process, if consensus was not able to be reached, the RIPE Chair would make this decision.

Hans Petter Holen, RIPE Chair, said he would review the mailing list and announce his decision in the closing plenary.

Jim thanked both candidates for standing and said he was sure either of them would do a great job.

Benedikt Stockebrand, Stepladder IT, suggested they consider having three chairs.

Jim said the view of both Sandoche and himself was that the workload was not enough to justify this. However, if the WG wanted to have three chairs, it could update the selection process to allow for a third chair.

3) RIPE NCC IoT Update

Marco Hogewoning, RIPE NCC

This presentation is available here:
https://ripe80.ripe.net/presentations/23-RIPE80-IoT-WG_comms.pdf

Luna, no affiliation, asked if one’s voice used for Google Assistant, Siri and Alexa was searchable and whether this would be considered Personal Identifying Information (PII) in the future.

Marco said this was still uncertain.

Jim added that “PII” was an American legal term; the official term used in the European region was “Personal Data”.

Jim asked what had been happening at the ITU regarding IoT.

Marco Hogewoning said there were several topics under discussion: the New IP proposal (which might have its own component in IoT), some attempts at standardising incident and accident reporting, and some developments in authorisation and authentication methodology based on blockchain.

4) Preparing SMEs for IoT Security Standards and Regulation

Stacie Hoffman, Oxford Information Labs

This presentation is available here:
https://ripe80.ripe.net/presentations/44-RIPE80_Hoffmann.pdf

Paul Rendek, DSTREAM GROUP, asked how they were planning to reach out to small and medium enterprises.

Stacie said they would carry out a marketing campaign and they were working with a company to build a strategy for this. They were also using their own network of contacts in the IoT Security Foundation and innovation centers.

Stacie said if anyone in the audience knew of networks that would like to contribute, they would be open to this.

Blake Willis, iBrowse, asked if they were planning to use conformity logos and stamps.

Stacie replied that they were not working on this specifically, but there was another workstream that was developing an IoT security compliance framework.

Paul asked if links to this material could be sent to the IoT Working Group when it was available.

Paul Steinhäuser, embeDD GmbH, asked how the vulnerability information would be used.

Stacie said the platform was meant to be a way to report vulnerabilities to a company and for the company to communicate with the reporter to solve it. For now, there were no plans to use this information beyond the platform.

5) AOB

There were no AOBs.

End of session.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum