Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety,...

Safety,Security,andPrivacyThreatsPosedbyAcceleratingTrendsintheInternetofThings

KevinFu,TadayoshiKohno,DanielLopresti,ElizabethMynatt,KlaraNahrstedt,ShwetakPatel,

DebraRichardson,BenZorn

Abstract:TheInternetofThings(IoT)isalreadytransformingindustries,cities,andhomes.Theeconomicvalueofthistransformationacrossallindustriesisestimatedtobetrillionsofdollarsandthesocietalimpactonenergyefficiency,health,andproductivityareenormous.Alongsidepotentialbenefitsofinterconnectedsmartdevicescomesincreasedriskandpotentialforabusewhenembeddingsensingandintelligenceintoeverydevice.OneofthecoreproblemswiththeincreasingnumberofIoTdevicesistheincreasedcomplexitythatisrequiredtooperatethemsafelyandsecurely.Thisincreasedcomplexitycreatesnewsafety,security,privacy,andusabilitychallengesfarbeyondthedifficultchallengesindividualsfacejustsecuringasingledevice.Wehighlightsomeofthenegativetrendsthatsmartdevicesandcollectionsofdevicescauseandwearguethatissuesrelatedtosecurity,physicalsafety,privacy,andusabilityaretightlyinterconnectedandsolutionsthataddressallfoursimultaneouslyareneeded.Tightsafetyandsecuritystandardsforindividualdevicesbasedonexistingtechnologyareneeded.Likewiseresearchthatdeterminesthebestwayforindividualstoconfidentlymanagecollectionsofdevicesmustguidethefuturedeploymentsofsuchsystems.

IntroductionIncreasinglyweliveinaworldofconnectedsmartdevices.This“InternetofThings”(IoT)combinesdeviceswithsensorcapabilitiesandconnectivitytothecloudandallowsthemtoleverageartificialintelligence,machinelearning,andbigdataanalytics,sometimesdramaticallyincreasingtheircapabilities.Everydayusershaveprogressedfromhavingasinglehomecomputertoavarietyofdevicesthatareeachindividuallymanaged,whichcanbedifficult.Forexample,duetoconsumersfailingtochangethedefaultpassword,manybabymonitorsallowarbitrarystrangersonthewebtoviewunsuspectingpeople’shomes.Buttheproliferation,capabilities,andinterconnectednessofsmartdevicespresentdramaticnewopportunitiesandchallengesthatrequirenewresearchandindustryapproachestomakesuchsystemssafe,secure,effective,andusable.TheproblemissoacutethattheFBIrecentlyissuedapublicserviceannouncementsuggestingconsumersshould“IsolateIoTdevicesontheirownprotectednetworks”and“...beawareofthecapabilitiesofthedevices…”whichareexpectationshighlyunlikelytobefollowedinpractice.Inthispaper,wearguethatcollectionsofsmartdevicespresentnewchallengesthatrequireagreaterunderstandingofhowpeoplecaneffectivelyusesuchsystemsandadeeperinvestmentinpoliciesandtoolsthatgiveusersconfidenceinthem.Inparticular,issuesrelatedtosecurity,physicalsafety,privacy,andusabilityaretightlyinterconnectedandsolutionsthataddressallfoursimultaneouslyareneeded.TherehavebeennumerousestimatesoftheimpactoftheInternetofThingsontheeconomy,withestimatesthatthenumberofdeployeddeviceswillbe50billionbytheyear2020andthatthetotaleconomicimpactmaybeupto10trilliondollarsby2025.Wealreadyliveinaworldofinterconnecteddevices,withnumerouscompaniesofferingsmartdevicessuchassmartthermostats,smartdoorbells,etc.Intheso-calledIndustrialInternetofThingsandSmartCitiesinitiatives,factoriesandcitieswillbecomeinfiltratedwithinterconnectedsmartdevices,withlarge

projectedimprovementsinefficiencyandreliability.Forexample,hospitalshavebenefittedfromaproliferationofinterconnectedsensordevices,resultinginimprovedhealthoutcomesandlowercosts.Unfortunately,asthenumberandconnectivityofsuchdevicesincreases,thechallengeofmanagingthesecollectionsofdevicesbecomesexponentiallymoredifficult.Ifmanagingasinglehomecomputerisdifficultforanon-technicalperson,imaginewhatisneededtounderstandandcorrectlymanageanetworkofmanyinteractingdevices?Forexample,considerahypotheticalscenariowhereanAppleiPhone,aRingdoorbell,anAmazonEchoandanXboxworktogether.TheiPhoneisusedtheconfigurethemandtheEchoisusedtotoimplementvoicecommandssothat,forexample,ausercouldtellEchotoshowthevideofeedfromtheRingontheTVusingtheXbox.Anotherexamplecouldfocusonenergyusageandhomemonitoring.Smartwaterandelectricitymeterscouldcoordinatetomonitorandadjustwaterandpowerwhiledeterminingwhatpatternsofhomeactivitycorrelatetohighusage.Makingasingledevicesecureandsafeisalreadyadifficultproblem.Safetyissues,inparticular,areincreasinglyimportantforIoTsystemsastheyareusedtophysicallycontrolelectricaldeviceslikelightbulbsandheatingsystemsinbothhomesandinbusinesses.ThesafetyproblemsdiscoveredwiththeSamsungGalaxyNotesmartphonescatchingfireillustratethechallengesmakingdevicessafeevenwithoutanattackertryingtocauseharm.Makingthemsafeinthepresenceofanattackerisevenmoredifficultandrequiresrethinkinghowsuchdevicesaredesignedandtestedforsafety.TheconsequencesofhavingmanyinsecureindividualdevicesattachedtotheinternetwashighlightedrecentlywhentheMaraimalwarewasusedtocreatea380,000IoT-basedbotnetusedinamassivedistributeddenialofservice(DDOS)attack.Onlyamonthlater,amajorcyberattackharnessedtensofmillionsofmachines,includingalargenumberofIoTdevices,aimedattheInternet’sdomainnameserver(DNS)infrastructure,disruptinganumberofmajorserviceprovidersincludingTwitter,Netflix,Spotify,Airbnb,Reddit,Etsy,SoundCloudandTheNewYorkTimes.Asmoreinsecurenodesareattached,theleverageanattackergetsinusingthemincreases.Beyondtheexistingchallengesofsecuringindividualdevices,weneedtosimplifyhowpeopleinteractwithacollectionofdevicessothattheydon’thavetothinkabouteachdeviceandhowtheymightinteract.Forexample,withaniPhone,Echo,Ring,andXbox,whatinformationisbeingsharedbetweenthedevicesandwhataretheprivacypoliciesinplaceregardingwhatinformationfromaprivatehomecanbesenttothedifferentcompaniesandhowcanthisinformationbeused?Beyondprivacy,whatsecurityvulnerabilitiesdoesthisparticularcollectionofdevicescreateandwhatentityisresponsibleforinformingownersthatsuchvulnerabilitiesexist?Inmuchthesamewaythatoperatingsystemshaveevolvedtoallowindividualuserstoconfigureandmanagethem,newtechnologyisneededforuserstomoreeasilyunderstand,configure,andmanagetheircollectionsofdevices.Inthispaper,weconsidertwoscenarioswherecollectionsofdevicescreateopportunitiesandchallenges:interconnecteddevicesinasmarthomeanddevicecollectionsinhospitals.Bylookingatbothaconsumer-orientedscenarioandsafety-criticalcommercialapplications,wecanobservesimilaritiesanddifferencesintherequirementsforsuchsystems.

TheInternetcartoonJoyofTech'sinterpretationofthefutureofIoT

SmartDevicesinHomesDespitetheavailabilityofmanyconnectedsolutionsforthehome,therapidgrowthofthisspacehasoutpacedsecurityandprivacyresearch,regulatoryguidelines,discussionsonlongevityandsafety,andageneralunderstandingofhowsuchsystemsreflecthumanunderstandingandmentalmodels.However,theemergenceofscalablesmarthomesystemshasthepotentialtodirectlyimpactourdailylives.Thus,wepresentasetofopportunitiesandchallengesforcomputingresearchforsmarthometechnology.Withmoreandmoreconnectedappliancesappearingonthemarket—suchasJarden’sMr.Coffee™andCrock-Pot™—newphysicalsafetyhazardsemergeduetotheabilityforsoftwaretocontrolthesehigh-poweredloads.RecentworkhasshownthesafetyhazardsofsimpleWiFi-enabledappliancemodulesandlightbulbs.Analogoustomandatedsafetymeasuressuchaselectricalcircuitbreakers,GFCIswitches,andfire-ratedwallsthatprotectconsumersfromfaultsinhomeinfrastructure,smarthometechnologiesneedasimilarlayerofprotection.JustasNationalElectric

Codes(NEC)andNationalElectricalManufacturersAssociation(NEMA)existtoprovidesafetyguidelines,similarsafetyenforcementprocessesneedtoevolveforIoTappliancesinthehome.Buildingcodeswillalsoneedtoevolvetosupportemergingsmarthometechnologies.AddressingsafetyhazardsforhomeIoTdeviceswillrequireacoordinatedeffortbetweenthecomputingcommunityandtheDepartmentofHousing,FederalCommunicationsCommision(FCC),UnderwritersLaboratories(UL),andNationalInstitutesofStandardsandTechnology(NIST).Smarthometechnologies,andtheIoTingeneral,poseanewchallengeinabandonmentbymanufacturers,especiallyIoTstartupsthatmayintroduceaproductinthemarketandquicklygooutofbusinessorcompletelyabandonsupport.Thesesocalled“zombie”devicesremainonahomenetworkwithoutfuturesupportforsecurityandsafetypatches.Theserisksareproblematicfortechnologiesthatareintegratedintothehome’sinfrastructureorappliancesthatmayresideinthehomeformanyyears,creatingbothapolicyandatechnologychallenge.Thereisaneedforapproachestoeffectivelydetecttheseabandonedsystemsandmonitortheinteractionofthesedeviceswithotherplatforms.Theotherextremewouldbetorequiremanufacturerstoremotelydisablelegacydeviceswhensupportceases.SmartDevicesinHospitalsHospitals–andhealthcareingeneral–benefitgreatlyfromcomputation.Computationcanenablemoreaccurate,moreinformedpatientcareintheformofelectronicmedicalrecords.Computationenablesincreasedefficiencywithinhospitals,allowingasinglenursingstationtowirelesslymonitormanypatientsatonce.Forexample,anursingstationcouldremotely–andwirelessly–monitorthedrugpumpsdispensingdrugstoallthepatientswithintheircare.Computationevenoccursinsidepatients’bodiesintheformofwirelessimplantablemedicaldevices,likepacemakersandimplantablecardiacdefibrillators.Unfortunately,ithaslongbeenknownthatwiththeincreasedbenefitsofcomputationinhospitalsalsocomesthepotentialforpatientharmiftherearedefectsinthesystems’software.AcanonicalexampleisthatoftheTherac-25,aradiationtherapydevicefromthe1980sthatwasfoundtohaveasoftwaredefectthatcouldcausepatientstoreceiveapproximately100timestheradiationtherapythattheyweresupposedtoreceive.Thissoftwaredefect,humanfactors,andprojectmismanagementresultedinharmtopatients,andatleastseveraldeaths.Theseharmswerecausedbyaccident.Inthecybersecurityarena,wemustask:whatmightanintelligent,creativeadversarybeabletoaccomplish,andhowcanweprovideresiliencyagainstsuchanadversary.Thatadversarycanclearlycauseatleastasmuchharmasmightoccurbyaccident,andlikelymore,becausethatadversarycanforcethesystemsintotheirworst-possibleconfigurations.Moreover,duetotheincreasedpervasivenessofcomputationwithinthehealthcareenvironment,thepotentialattacksurfacetocyberadversariesisevengreatertodaythanitwasthe1980s.Acomprehensiveapproachtocybersecurityinhospitalsmustconsidereachofthecomputationaldeviceswithinthehospitals,aswellaswhatthosedevicesdependon.Forexample,cyberattacksagainstthehospital’spowerinfrastructurecouldsignificantlyimpactpatientcare.Cyberattacksagainstthehospital’swatersupplycouldalsosignificantlyimpactpatientcare.Therehavebeencaseswherehospitalservershavebeenshutdownbyransomware,therebyrequiringhealthcareproviderstoreverttopaper-basedrecords–somethingthatmanyyoungerhospitalstaffmightnotbetrainedtoworkwith.Buildingontheransomwarescenario,imaginetheimpactofevenmoremaliciousmalware,suchasmalwarethatintentionallymodifiespatientelectronicprescriptionsordosagesrecords,topossiblydangerousdrugsordruglevels.Onecansimilarlyimaginethepotentialimpactofcompromisinghospitaldevicesthatdirectlyimpactpatientcare,rangingfromcomputerizedradiationtherapydevicestothedevicesthatdoctorsusetowirelesslychangethe

settingsonimplantablemedicaldevices,likepacemakersandimplantabledrugpumps.Westressthatcybersecurityisaboutriskmanagement,andthatthesetofharmsthatmightbepossibleisoftengreaterthanthesetofharmsthatarelikelytooccurinpractice.Hospitals–andhealthcareingeneral–needtobevigilantinassessingthespectrumofpotentialharmssothattheyarenotsurprisedbyunexpectedimpacts,andthenrealisticaboutassessingtheactualriskoftheseharms.Securitybestpracticesshouldbeusedwheneverpossible.Forexample,devicesshouldnotusedefaultpasswords.And,whenpossible,ifadeviceisknowntohaveacybervulnerability,thenthatdeviceshouldreceiveasoftwareupdate.

SmartHealthintheHomeTheprevioustwoscenarioscombineininterestingwayswhenoneconsiderstheincreasinguseofhealthcaretechnologiesinthehome.Whethermotivatedbysustainingolderadultswishingto“ageinplace,”theincreasinguseofwearablesensors(nowoftenwornbeforeandaftersurgicaltreatment),ortheincreasinginterestinaccountablecareandtheneedtomonitorpatients“inthewild”tohelpensuretreatmentsuccess,digitaltechnologiesareseepingoutoftraditionalhealthcareenvironmentsandfindingtheirwaytotypicalhomes.Inthisperfectstorm,wenowhavethesafetyandsecurityvulnerabilitiescombinedastwosystems(homeandhealthcare)attempttoresideinthesamephysicalsettingandlikelyonthesamewirelessnetwork.Thehomebecomesabackdoorvulnerabilitytothehospitalandvisaversa.Whatisatstake,beyondsecurity,isthedesiredrelianceondatageneratedinthehometoinformhealthcaredecisionmaking.Thisdatacouldbeparamountinhelpingolderadultsavoidthecostsofinstitutionalcare,inhelpingpatientsundergoingtreatmenttostayoutofemergencyroomswhennotneeded,andgettingtothemwhencritical,andhelpingpatientswhoseillnessincludesenvironmentaltriggers(e.g.asthma)managetheirtreatmentandbehavioronadaytodaybasis.

ImplicationsoftheScenarios

SecurityandPhysicalSafetyThemostimportantrequirementforcollectionsofdevicesisthattheyguaranteephysicalsafetyandpersonalsecurity.Whiletherehasbeenagreatdealofresearchandcommercialinvestmentinpreventingcyberattacks,protectingcollectionsofdevicespresentsnewchallengesthathavenotbeenaddressed.Inparticular,theabilityofsmartdevicestocontrolphysicalaspectsoftheenvironment(suchasthehousetemperatureorwhetheradoorislocked)createspotentialattacksonanindividual’sphysicalsafetythatrequiresevenhigherlevelsofassurancethanexistingcyberattackcountermeasures.Thedistributedandinterconnectednatureofmultiplesystemspresentindevicecollectionsalsorequiresrethinkingofthebasicconceptofsecurityandsystemmanagement.Withouttakingamulti-systemview,securitytechniqueswillbeunabletoanticipateandcountervulnerabilitiesthatarisefromincorrectconfigurationsorattacksthatexploitvulnerabilitiesinthewaythatdevicesinteractwitheachotherandwithcomputinginthecloud.Becauseinteractingdeviceshavebeenpresentinhospitalsforsometime,andbecausehospitalsaresubjecttoregulatoryframeworksthatrequirehigherlevelsofcompliance,thehospitalscenarioformanagingcollectionsofsmartdevicesisbetterunderstood.Insightsbasedonthisexperienceinclude:(a)thelife-cycleofthedevice,includinghowsoftwareisupgraded,mustbetakenintoconsideration,(b)physicalaccessibilityofdevices,includingtheabilityforanintrudertoaccessinterfacessuchasUSBportsorWifinetworks,mustbecarefullycontrolled,and(c)theregulatory

frameworkaroundprivacymakesreasoningaboutwheredataiscollected,howitisshared,andwhereitisstoredverychallenging.Contrastingthetwoscenariosofdevicesinthehomeversusdevicesinahospital,wedrawseveralconclusions.First,differentdegreesofsecurityvettingandanalysisarerequiredforeachscenario.Therearealreadyregulatoryconstraintsonmedicaldevicesbuttheexplodingcomplexityandincreasingpotentialvulnerabilitiesrequirethoughtfulrevisitingofwhatlevelofcertificationisrequiredtoprovideappropriatelevelsofsecurityandsafetyassuranceforsuchapplications.TherecentnewsofsecurityvulnerabilitiesinSt.Judepacemakerdeviceshighlightsthechallengesindeterminingtherightlevelofcybersecurityassuranceneededforindividualdevicesandalsotheoverallcollectionofdevices.Likewise,hospitalswouldbemoreattractivetargetsforcoordinatedattacksakintocurrent“ransomware”attackscurrentlybeingconductedonhospitalelectronichealthrecord(EHR)systems.Second,whilehospitalsemployITprofessionalstomanagetheircollectionsofdevices,consumershavenosuchsupportbutaresubjectedtosimilarchallengingsystemcomplexity.TherecentreportfromtheCommissiononEnhancingNationalCybersecurityhighlightssimilarriskstosmallbusinessesthatcannotaffordanITstaff.Anyimprovementsinallowingindividualstounderstandandmanagesuchacollectionofdeviceswillbenefitbothscenariosbuttheconsumerscenariorequiresrethinkinghowsuchsystemscanbeexplainedintermsaccessibletoeverydayusers.

PrivacyPrivacyischallengingtounderstandandguaranteeinaworldwheremoreandmoresmartdevicescollectdata,shareit,andmonetizeit.Themodelthatsoftwareismonetizedbyadvertisingisbeingappliedatthedevicelevel.Manyfreesmartphoneappsalreadycollectdataattheuser’sexpenseandsellitinwaysthatarenotobviousorexplicittotheconsumer.Algorithmictechniquessuchasdifferentialprivacyprovidetheoreticalassurancestolimitingthepotentialimpactofdatasharing,butsuchtechniquesarerarelyusedinpracticeandasaresulttheprivacyimplicationsofincreasinglyintrusivesmartdevicesandsensorsareunknown.Thecomplexityofunderstandingtheprivacypolicyofasingleapplication,likeFacebook,canoverwhelmindividualusersandtheburdenofunderstandingsuchpoliciesforeverydeviceandapplicationbeingusedrequiresattentionandcomplexitybeyondmostpeople.Consider,then,thechallengeofunderstandingnotjustonedevicebutmanythatinteractincomplexways.Withoutnewmechanismsforexplainingwhatinformationisbeingcollectedandshared,notbyeachindividualdevice,butinaggregate,userswillbeunabletounderstandwhattheprivacyimplicationsoftheirchoicesare.Consider,forexample,buyingasmartfork(arealdevice).Howdoesaconsumerknowwhatinformationtheforkiscollecting(beyondcountingtheindividualforklifts,forexample)?Whatiftheconsumerthenbuysasmartplate?Cantheforkandplateexchangeinformation?Andifso,whatcanbeinferredfromthecombinationoftheinformationthatcan’tbedeterminedfromeitherdatasource?ConsiderforexampleanInternetTVserviceandasmartthermostat.Theuseofsmartphonestocontrolthesedevicescreatesdatatoidentifyindividualsinthehome.Thethermostatcanthenpinpointwhoiswhereinthehomeandwhen.AfewIoTdevicesinthehomecanlayoutaprettydetailedmapandtimelineofhomeactivities.InthehospitalsettingregulatorycompliancewithHIPPAandotherregulationsdetermineswhatislegalregardingdatacollectionandsharing.ThecomplexitiesofunderstandingwhetheraparticulardeviceconfigurationiscompliantreliesonthewisdomandunderstandingofITprofessionals.Asthecomplexityofdatabeingcollectedincreasesandthewaysitisusedbecomemorediverse,really

understandingtheprivacyimplicationsofaparticularconfigurationislikelytochallengeeventhebest-informedITprofessionals.Beyondunderstandingprivacyimplicationsofconnecteddevicesactingastheyareintended,theimplicationsofdatabreachesonprivacyduetosecurityvulnerabilitiesincreasesthecomplexityandriskinprovidingadequateprivacyguarantees.Fortunately,advancesinstoringandoperatingonencrypteddatawilllikelyprovidetechnicalsolutionstosomeofthechallengesofpreventingdatabreaches.Nevertheless,thepresenceofmaliciousstate-sponsoredactorsattackingtheprivacyofhigh-profileindividualsgreatlyincreasesthelevelofprotectionneededtoprovideoverallconfidenceinsuchsystems.Ultimately,socialengineeringattacksandattacksbasedoninadequatehumanunderstandingofthesesystemsremainsperhapsthegreatestchallengetoovercome.

UsabilityandtheUserExperienceWehavealreadymadethecasethattheabilityforprofessionalsorconsumerstounderstandandmanagecomplexsystemscreatessignificantvulnerabilitiestosecurity,safety,andprivacy.Toattackthisproblemtherearetwoapproaches:eithersimplifythesystemssufficientlythattheycanthenbeunderstood,orbuildbetterconceptualmodelsforusersandtoolstoreducetheburden.Duetothewidespreaduseofopen-sourcesoftwareincludingLinuxincreatingmanysmartdevices,theconfigurationofmanysmartdevicesisarcaneandassumessignificantexpertisetounderstandandmanage.Simplificationscanbemadebyreducingthenumberofchoicesandexposingtheconfigurationasa“wizard”buttherearelimitstowhatcanbeeliminated.Anothersimplificationistoexplicitlydisallowdevicesfrominteractingwitheachother.Whilethisschemereducesthemanagementburdenoftheuser,italsosignificantlyreducesthepotentialvalueofthesystem.Forexample,adevicethatdeterminesthatthereisnoonepresentinahousemightwanttocommunicatewiththedevicecontrollingagaragedoortocloseit,buttheirinteractionwouldbeprevented.Asanalternative,newapproachestohelpingindividualsseethebiggerpictureoftheirentiredevicecollectionispossible.Inparticular,a“devicedashboard”mightpresentaviewofallthedevices,howeachisconfigured,andhowtheyrelate.Suchaviewcanextendfamiliarconceptsthatusershaveinmanagingindividualcomputers,suchassecurityandprivacysettings,tounderstandingtheirentirenetwork.Withsuchanaggregateview,toolsthathelpuserstracktheconfiguration,suchasindividualsoftwareupdates,andguaranteethecurrentconfigurationissecurecanbedevelopedandmarketed.Understandinghowpeoplethinkabouttechnology,theirwillingnesstoadoptit,andtheirchallengesinmaintainingitneedstobeacriticalpartofsmartdeviceresearchandpolicygoingforward.Nolevelofsoftwaresecurityissufficientifthepersonconfiguringthesystemfailstoprovideadequatepasswordsorunderstandthatthesystemismisconfigured.HistoricallythehumandimensionofdesigncouldbeoffloadedtoexpertITprofessionalsbutincreasinglythesehardusabilityproblemsneedtobehandleddirectlybyconsumers.

RecommendationsBasedonthisdiscussion,werecommendthefollowingapproachtoexpandingtheresearchagendaandpolicyagendabasedonadvancesintheInternetofThingsandadhoccollectionsofsmartdevices.Broadconclusions

• Problemsofsecurity,privacyandusabilitycannotbeconsideredseparately-theyneedtobeconsideredtogetherandfederalinvestmentsshouldprioritizesolutionsthatfocusonaugmentingaperson’sabilitytounderstandandmanagecomplexsystems.

• Thepotentialforriskstophysicalsafetyrequiresthatminimumlevelsofcybersecurityassurancebedefinedandrequiredforwidespreaddevicedeployment.

• Milestonesmustbeestablishedfordeterminingthelevelofanalysisandtestingrequiredforsmartdeviceproducts(akintotargetedEPAemissionrequirements).Specificallyimprove:

• Thetransparencyofthesoftwarethedevicesarerunningforinspectionandanalysis

• Theleveloftestingandanalysisrequiredforcertification• Thelevelofhardeningofthecriticalcomponents(crypto,securecommunication,

secureupdatechannels)SecureandmanageindividualdevicesExistingeffortssuchastheCybersecurityAssuranceProgramandtheReportoftheCommissiononEnhancingNationalCybersecurityprovideguidelinesandrequirementstohelpensurethatindividualdevicesaresufficientlysecured.Beyondthecurrentinvestmentswerecommend:

• Revisingsafetyrequirementsforinternet-connectedelectricaldeviceswithanemphasisonadversarialthinking,inordertolimitthedamagethataremoteattackerwithharmfulintentisabletodo.

• Increasingtheemphasisonbuildingsoftwareandhardwarebasedonverifiedcomponents.Programverificationtechnologyisadvancingrapidlyandincreasinglycomplexsubsystems,suchascryptographicimplementationsshouldbedevelopedusingstateoftheartverificationtools.

• Increasingrequirementsforprogramanalysisandtestingtoolstocertifysoftwaredeploymentsinsmartdevices,withdifferentlevelsofanalysisrequireddependingonthedegreetowhichphysicalsafetymightbethreatenedbythedevice.

• Improvingsoftwareupdaterequirementsfordevicesthataredeployedtoallowsoftwaretobepatchedasnewvulnerabilitiesarediscovered.

• Updatingmechanismsthatareresistanttoexploitationusingstate-of-the-artencryption.• Creatingcradle-to-graverequirementsthatspecifywhathappenswhendevicesareno

longerbeingupdated,forexample,becausetothecompanyproducingthemwentoutofbusiness.

• Supportingresearchtohelpuserscorrectlymaintaintheirdevicesandsoftware.ManagingcollectionsofdevicesVerylittlehasbeenspecifiedregardingmanagingcollectionsofdevicesdespitethefactthattheyareincreasinglypresent.Asastartingpoint,werecommendthecreationof:

• Explicitsoftwarethatconsidersallthedevicesinacollectionandpresentsanoverviewofthemtoauser(devicedashboard).

• Managementtoolsthatallowtheusertounderstandandchangetheconfigurationsothatitremainssecureovertime.

• Simplificationsinthecomplexityofconfigurationmanagementthatpreventusersfromcommonerrorsthatcreatesecurityorprivacyerrors.

• Auserexperiencethatleveragesconceptsthatusersarealreadyfamiliarwithinmanagingindividualdevices.

Summary

Technologyisrapidlyevolvingandhavingagreaterimpactonsocietythanithaseverhadwithsensingandintelligencestartingtobeembeddedineverydevice.Theadvancesbringsignificantbenefitstopeople,companies,andorganizations,butuntilthetechnologyisbetterunderstood,therearealsoassociatedrisks.Wehaveoutlinedsomeoftheimplicationsofthesechangesthroughadiscussionofuse-casescenariosandthedimensionsofsafety,security,andprivacy.Webelievethatchangesarehappeningwithsuchspeedandthelevelofriskanduncertaintyissufficientlyhighthatinvestmentinresearchthathelpsmitigatepotentialproblemsshouldbeprioritized.Thepotentialbenefittohumanlives,ournationalinterests,andtheeconomyissufficienttowarrantsubstantialresearchinvestmentsinmakingthetechnologyasbeneficialaspossible.Forcitationuse:FuK.,KohnoT.,LoprestiD.,MynattE.,NahrstedtK.,PatelS.,RichardsonD.,&ZornB.,(2017).Safety,Security,andPrivacyThreatsPosedbyAcceleratingTrendsintheInternetofThings.http://cra.org/ccc/resources/ccc-led-whitepapers/ThismaterialisbaseduponworksupportedbytheNationalScienceFoundationunderGrantNo.1136993.Anyopinions,findings,andconclusionsorrecommendationsexpressedinthismaterialarethoseoftheauthorsanddonotnecessarilyreflecttheviewsoftheNationalScienceFoundation.

Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety,...

Documents

IoT Security & Privacy - SentryBay - Security that works security and privacy_040715.pdfPage 3: © 2015 SentryBay Corporation / IoT Security & Privacy!!! IoT Security & Privacy The

Windows desktop: Security and privacy€¦ · Windows desktop: Security and privacy Staying safe and secure when using Windows 10. Windows 10 has very powerful safety and security

Safety, security and privacy?

A holistic approach to industrial data security privacy and safety - … · 2019-10-24 · A holistic approach to industrial data security privacy and safety - The CHARIOT Project

PGP & IP Security Pretty Good Privacy – PGP Pretty Good Privacy IP Security. IP Security

Federal: Privacy and Security - SCPMCS Privacy & Security 031914… · security so that patient privacy is protected. Following good privacy and security practices is also good sense

1999 Cabletron Systems. Wireless Networking RoamAbout Security, FCC Regulations, and Safety 802.11 inherent security Wired Equivalent Privacy (WEP) FCC

29- Usable Privacy and Security for Safety-Critical Devicescups.cs.cmu.edu/courses/ups-sp15/Lecture29.pdf · Meta-issues with car privacy/security • Why are our cars run by computers?

The Microsoft Computing Safety Index 1. Background Microsoft’s objective: Quantify consumer perceptions of Internet safety, security and privacy Construct

CH. 5 Computer Security and Safety, Ethics and Privacy

1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety

the usable security & privacy group · the usable security & privacy group. overview • framing privacy and security decisions • privacy and IoT • privacy on mobile devices

On the Privacy, Security and Safety of Blood Pressure and ... · whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We

Computer Security and Safety, Ethics & Privacy

Privacy - Introductie Beware of privacy – security fallacies ! Privacy

Personal Security and Privacy inPersonal Security and Privacy

1 Chapter 10 Security, Safety, Ethics, & Privacy

Data security, privacy and patient safety in the 21st century

TRUST, IDENTITY, PRIVACY, PROTECTION, SAFETY & SECURITY ... · TRUST, IDENTITY, PRIVACY, PROTECTION, SAFETY & SECURITY (TIPPSS) ... •A Layered View of IoT ... –Campus IT –Purchasing

MC-Quiz: Chapter 11 – Computer Security and Safety, Ethics, and Privacy Discovering Computers 2010