Independent IoT Consultant and Security Scientist, Ambotec Ltd.
Amyas Phillips is an independent IoT consultant and security scientist at Ambotec Ltd. He chairs the IoTSF’s Supply Chain Integrity project group, whose aim is to help the IoT industry secure its supply chains so that users of connected devices can safely trust their equipment. Previously he has led research and development projects at Secure Thingz and before that Arm, where his teams’ work can now be found in TLS 1.3 and the Pelion device management service. His first job after graduating was “employee number 2” doing a bit of everything at Alertme.com, now Centrica’s Hive smart homes product. He subscribes to the view that nothing is more practical than a good theory.
“Supply Chain Integrity”
Most ICT security frameworks now recognise that ICT users need to extend protection of their trusted assets into upstream suppliers. They give a variety of advice on how to do this. Implementing this advice for IoT devices is especially difficult due to the complexity of IoT supply chains. To resolve this problem the IoTSF’s Supply Chain Integrity project has published a white paper describing IoT supply chains. The white paper facilitates efforts to harden IoT deployments against supply chain attacks by identifying trusted assets including hardware, software and assurances, their sources, chains of custody, key operations and suppliers. The paper is available now for feedback by attendees and Foundation members. The project’s next goal is to develop a set of accessible, practical, prioritised recommendations for hardening supply chains.