CyberSecurity_for_the_IoT
-
Upload
abdullahi-arabo-jr-meng-mbcs-phd -
Category
Documents
-
view
21 -
download
0
Transcript of CyberSecurity_for_the_IoT
![Page 1: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/1.jpg)
Cybersecurity for the IoT
Dr Abdullahi Arabo Jr
Senior Lecturer in Computer Networks and Mobile
Technologies
Department of Computer Science and Creative Technologies
Faculty of Environment and Technology
UWE, Frenchay, Bristol, BS16 1QY, UK
![Page 2: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/2.jpg)
Overview
• Brief recap on IoT
• Some examples
• Cybersecurity Issues of IoT
12 May 2015 IoT Submit 2
![Page 3: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/3.jpg)
12 May 2015 IoT Submit 3
![Page 4: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/4.jpg)
12 May 2015 IoT Submit 4
![Page 5: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/5.jpg)
12 May 2015 IoT Submit 5
![Page 6: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/6.jpg)
Today’s Cyber Situation
• Victims of our own success
• Opportunity expands the attack surface:
– Clouds linked to legacy systems
– IoT means more entry points
– Bring Your Own Devices (BYOD)
• We’re not doing all we can:
– Poor info sharing even at basic levels, not real-time
– Eliminating/upgrading legacy systems
– Government – no legislation since 2002, poor grades
12 May 2015 IoT Submit 6
![Page 7: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/7.jpg)
Cyber is not a Normal Risk!
• Cyber defies conventional metrics
– Non-quantifiable
– Non-predictable
– Global, not local
– Can put the entire system at complete risk
• Examples of normal risks:
– Weather - business interruption
– Employee and customer lawsuits
– Theft of a trailer full of cell phones
12 May 2015 IoT Submit 7
![Page 8: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/8.jpg)
12 May 2015 IoT Submit 8
Attacks will increase rapidly due to
• Hyper-growth
• Poor security hygiene
• High value of data on IoT devices
Thread Predictions 2015 – McAfee Labs
![Page 9: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/9.jpg)
12 May 2015 IoT Submit 9
![Page 10: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/10.jpg)
12 May 2015 IoT Submit 10
![Page 11: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/11.jpg)
12 May 2015 IoT Submit 11
![Page 12: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/12.jpg)
12 May 2015 IoT Submit 12
![Page 13: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/13.jpg)
12 May 2015 IoT Submit 13
![Page 14: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/14.jpg)
12 May 2015 IoT Submit 14
![Page 15: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/15.jpg)
IoT Cybersecurity/Privacy Issues
• IoT provide an opportunity for enterprise
and PAN or Connect Home Ecosystems
• Downside – all that connectivity and
production of massive amount of data and
lack of standards
• Dramatically increase the potential of
cybersecurity intrusions and infringements
upon privacy
12 May 2015 IoT Submit 15
![Page 16: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/16.jpg)
IoT Cybersecurity/Privacy Issues
• As a starter, there are three areas that will
require some new or additional attention in
the IoT world
– Customer facing privacy policies
– Internal Infosec policies – BOYD and
DocRetention
– B2B commercial agreements – including
cloud storage agreements
12 May 2015 IoT Submit 16
![Page 17: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/17.jpg)
12 May 2015 IoT Submit 17
Thread Predictions 2015 – McAfee Labs
![Page 18: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/18.jpg)
12 May 2015 IoT Submit 18
Thread Predictions 2015 – McAfee Labs
![Page 19: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/19.jpg)
12 May 2015 IoT Submit 19
Thread Predictions 2015 – McAfee Labs
![Page 20: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/20.jpg)
12 May 2015 IoT Submit 20
![Page 21: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/21.jpg)
12 May 2015 IoT Submit 21
Photo: Showtime
The scenario was explored in an
episode of Homeland
Terrorists could hack into electronic
implants like pacemakers to
kill targets,
Defibrillators, bedside intravenous
fluid pumps, scanners and
hospital networks.
![Page 22: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/22.jpg)
12 May 2015 IoT Submit 22
![Page 23: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/23.jpg)
12 May 2015 IoT Submit 23
![Page 24: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/24.jpg)
IoT Cybersecurity/Privacy Issues
12 May 2015 IoT Submit 24
![Page 25: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/25.jpg)
12 May 2015 IoT Submit 25
![Page 26: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/26.jpg)
12 May 2015 IoT Submit 26
![Page 27: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/27.jpg)
IoT Cybersecurity/Privacy Issues
• In short, IoT will alter the playing filed as
much if not more than PCs and mobile
devices have, combined
• Vast amounts of data, increasing security
concerns, rising privacy issues
• The IoT savvy leaders will see this coming
and help to lead their company with
confidence and vision
12 May 2015 IoT Submit 27
![Page 28: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/28.jpg)
Key STANDARDS emerging for an Open Internet of Things
Lightweight protocols for devices to work together, communicate
OASIS MQTT, MQTT-SN
OASIS SmartGrid projects
Unique and extensible identifiers for all those billions of devices
Multiple new projects, XRI, UUIDs, etc.
Demand for API access and interoperability
SOA/Cloud orchestration and API standardization (AMQP, MQTT, OData)
Cybersecurity
KMIP, SAML, XACML/JSON, PKCS11, CloudAuthZ
Privacy and Policy
PMRM, PbDSE, and Personal Data Stores
12 May 2015 IoT Submit 28
![Page 29: CyberSecurity_for_the_IoT](https://reader033.fdocuments.net/reader033/viewer/2022042819/55ca4559bb61eb47408b476c/html5/thumbnails/29.jpg)
IoT – Remarks • IoT is an exciting megatrend – it offer amazing
advancements in connected homes, health,
community, defense etc.
• It is likely to propel organization forward in ways
yet to be imagined
• However, for us whose job is to secure this service
it provides a shifting and uncertain landscape
• For the cyber criminals – it provides a honeypot of
opportunities
• For lay users – it provides a security nightmare
• For enterprise developing such solutions – it
provides huge opportunities for revenue
12 May 2015 IoT Submit 29