25
I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?

The cavalry is us i tdays-luxembourg 2014.11.20 v1.0

Embed Size (px)

Citation preview

I AM THE CAVALRYhttp://iamthecavalry.org

@iamthecavalry

SHOULDN’T YOU BE ALSO?

CLAUS CRAMON HOUMANN

Head of IT & Infosec Consultant

The Analogies contributor

Twitter: @claushoumann

I CARE

Therefore I joined the Cavalry

AGENDA

•Vulnerabilities in connected devices (that

matter)

• Someone will fix it for us

• Or not. Maybe we should be the Cavalry?

• What are we doing

• What you can do

VULNERABILITIES IN CONNECTED DEVICES

(THAT MATTER)

Chapter 1

SECURE?Automobiles

SECURE?Medical Devices^

SECURE?HOW THEN ABOUT CRIT ICAL NATIONAL

INFRASTRUCTURE?

Home Devices^

OUCH!

Stating the obvious:

Everything connected is vulnerable and

can/will be hacked

SOMEONE WILL FIX IT FOR US

Chapter 2

OR NOT……..

Chapter 3

S L I D E O F S O M E R E C E N T O N E S

- T H E Z U B I E : H T T P : / / W W W . A U T O B L O G . C O M / 2 0 1 4 / 1 1 / 0 8 / C A R -R E M O T E D L Y - H A C K E D - I S R A E L - C Y B E R - S E C U R I T Y /

- M E D I C A L D E V I C E S

Computers have security issues

Cars have computers

Security issues in cars are safety issues

IT’S UP TO US

TO MOUNT UP AND BE THE CAVALRY

WHAT WE ARE DOING

Chapter 4

HUMAN LIFE VS. DIGITAL LIFE

http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/

Human Life

IntellectualProperty

PII PHI PCIMobile

Malware

Moving researchers left

Connections and Ongoing Collaborations

5-Star Framework5-Star Capabilities

Safety by Design – Anticipate failure and plan mitigation

Third-Party Collaboration – Engage willing allies

Evidence Capture – Observe and learn from failure

Security Updates – Respond quickly to issues discovered

Segmentation & Isolation – Prevent cascading failure

Addressing Automotive Cyber Systems

AutomotiveEngineers

SecurityResearchers

PolicyMakers

InsuranceAnalysts

AccidentInvestigators

StandardsOrganizations

https://www.iamthecavalry.org/auto/5star/

AND MORE IN OTHER AREAS COMING

We try to connect researchers to

1. Lawmakers to inform of meaningful changes to laws to

enforce secure by default

2. Vendors/producers to inform of secure ways to build

securely by design and of identified vulnerabilities

3. Purchasers of devices (example: Pacemakers, car

distributors) to explain to them why they need to contractually

demand security – if there is demand vendors will supply

WHAT YOU CAN DO

Chapter 5

CONNECTIONS/CONNECTORS WANTED

Breakers and Builders

Legal and Policy

Citizens, Connectors

Parents/Guardians

Community Leaders/Bloggers/Podcasters/etc.

MOUNT UP AND BE THE CAVALRY

YOU DON’T ACTUALY NEED A HORSE

NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED

CITIZENS CAN CHANGE THE WORLD; IT ’S THE ONLY THING

THAT EVER HAS.

- M A R G A R E T M E A D( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )

SECURITY OF CONSEQUENCE

http://iamthecavalry.org

@iamthecavalry