View
21
Download
0
Tags:
Embed Size (px)
Citation preview
Cybersecurity for the IoT
Dr Abdullahi Arabo Jr
Senior Lecturer in Computer Networks and Mobile
Technologies
Department of Computer Science and Creative Technologies
Faculty of Environment and Technology
UWE, Frenchay, Bristol, BS16 1QY, UK
Overview
• Brief recap on IoT
• Some examples
• Cybersecurity Issues of IoT
12 May 2015 IoT Submit 2
12 May 2015 IoT Submit 3
12 May 2015 IoT Submit 4
12 May 2015 IoT Submit 5
Today’s Cyber Situation
• Victims of our own success
• Opportunity expands the attack surface:
– Clouds linked to legacy systems
– IoT means more entry points
– Bring Your Own Devices (BYOD)
• We’re not doing all we can:
– Poor info sharing even at basic levels, not real-time
– Eliminating/upgrading legacy systems
– Government – no legislation since 2002, poor grades
12 May 2015 IoT Submit 6
Cyber is not a Normal Risk!
• Cyber defies conventional metrics
– Non-quantifiable
– Non-predictable
– Global, not local
– Can put the entire system at complete risk
• Examples of normal risks:
– Weather - business interruption
– Employee and customer lawsuits
– Theft of a trailer full of cell phones
12 May 2015 IoT Submit 7
12 May 2015 IoT Submit 8
Attacks will increase rapidly due to
• Hyper-growth
• Poor security hygiene
• High value of data on IoT devices
Thread Predictions 2015 – McAfee Labs
12 May 2015 IoT Submit 9
12 May 2015 IoT Submit 10
12 May 2015 IoT Submit 11
12 May 2015 IoT Submit 12
12 May 2015 IoT Submit 13
12 May 2015 IoT Submit 14
IoT Cybersecurity/Privacy Issues
• IoT provide an opportunity for enterprise
and PAN or Connect Home Ecosystems
• Downside – all that connectivity and
production of massive amount of data and
lack of standards
• Dramatically increase the potential of
cybersecurity intrusions and infringements
upon privacy
12 May 2015 IoT Submit 15
IoT Cybersecurity/Privacy Issues
• As a starter, there are three areas that will
require some new or additional attention in
the IoT world
– Customer facing privacy policies
– Internal Infosec policies – BOYD and
DocRetention
– B2B commercial agreements – including
cloud storage agreements
12 May 2015 IoT Submit 16
12 May 2015 IoT Submit 17
Thread Predictions 2015 – McAfee Labs
12 May 2015 IoT Submit 18
Thread Predictions 2015 – McAfee Labs
12 May 2015 IoT Submit 19
Thread Predictions 2015 – McAfee Labs
12 May 2015 IoT Submit 20
12 May 2015 IoT Submit 21
Photo: Showtime
The scenario was explored in an
episode of Homeland
Terrorists could hack into electronic
implants like pacemakers to
kill targets,
Defibrillators, bedside intravenous
fluid pumps, scanners and
hospital networks.
12 May 2015 IoT Submit 22
12 May 2015 IoT Submit 23
IoT Cybersecurity/Privacy Issues
12 May 2015 IoT Submit 24
12 May 2015 IoT Submit 25
12 May 2015 IoT Submit 26
IoT Cybersecurity/Privacy Issues
• In short, IoT will alter the playing filed as
much if not more than PCs and mobile
devices have, combined
• Vast amounts of data, increasing security
concerns, rising privacy issues
• The IoT savvy leaders will see this coming
and help to lead their company with
confidence and vision
12 May 2015 IoT Submit 27
Key STANDARDS emerging for an Open Internet of Things
Lightweight protocols for devices to work together, communicate
OASIS MQTT, MQTT-SN
OASIS SmartGrid projects
Unique and extensible identifiers for all those billions of devices
Multiple new projects, XRI, UUIDs, etc.
Demand for API access and interoperability
SOA/Cloud orchestration and API standardization (AMQP, MQTT, OData)
Cybersecurity
KMIP, SAML, XACML/JSON, PKCS11, CloudAuthZ
Privacy and Policy
PMRM, PbDSE, and Personal Data Stores
12 May 2015 IoT Submit 28
IoT – Remarks • IoT is an exciting megatrend – it offer amazing
advancements in connected homes, health,
community, defense etc.
• It is likely to propel organization forward in ways
yet to be imagined
• However, for us whose job is to secure this service
it provides a shifting and uncertain landscape
• For the cyber criminals – it provides a honeypot of
opportunities
• For lay users – it provides a security nightmare
• For enterprise developing such solutions – it
provides huge opportunities for revenue
12 May 2015 IoT Submit 29