Yesterday on the Blackhat webcast @johnrgrimm highlighted the disparity been the security controls people want in IoT and the risk that people perceive from them.

So.

What are the top 3 risks that IoT presents? Business, Consumer or Industrial.

What are the top 3 security controls that could be put in place to improve IoT?

Answers on a postcard.

Or just here might be better.

My top 3 risks:

1. Mass compromise of data that you agreed to be gathered by that system. Audio from home assistants, video from video confirmed alarm systems, position data from your tracker.

2. The use of IoT as a pivot onto other networks. This could be via the cloud or via port forwards. I've popped a chain of shops via their DVRs before. It's a real risk.

3. Mass bricking of connected devices. That might be our cars, our power systems, our air conditioning, our phones. But generally, stopping something working can have massive impact on us, especially if it's lots of us at the same time.

My top 3 controls:

1. Segregate IoT from everything else. Don't let it be part of your normal network.

Then at least as part of a cyberphysical system, it can only cause physical issues...

This isn't easy for most people, and it should be.

2. Minimise and understand your attack surface.

I don't want to say the "if you don't *need* it don't install it". But choose services and products that respect your privacy, and things will be better.

3. Understand your own threat model and only let things into your life that align with it.

If the conversations you have in your house can't be broadcast, do not have a home assistant.

If you don't want your bum on the Internet, don't put cameras in your home.

My three points suggest an amazing level of privilege: that you know what an attack model and threat model are.

We need to enable users - your dad, the manager of a care home, the owner of a small restaurant - to be able to grasp these concepts easily.

We're really bad at this

Those were user controls as well.

If you make this stuff.

1. Build in a cryptographically assured identity to your device. This is so, so important it stopping break-once run-everywhere attacks, and we see so much fail as a result.

2. Sign your firmware. If you use secure boot and signed firmware updates, it makes it much harder to make devices do what they shouldn't.

It's the difference between turning someone's heating on and off or having a Linux box on their network.

3. Secure remote firmware updates. You will have made a mistake. Plan to fix these mistakes!

I've pulled all top-3s out of thin air.

The point of a top-3 is that you need a top-10 to do these well.

So look at the replies to this thread because many well-informed people will have different top-3s.