CyberSecurity_for_the_IoT

Cybersecurity for the IoT

Dr Abdullahi Arabo Jr

Senior Lecturer in Computer Networks and Mobile

Technologies

Department of Computer Science and Creative Technologies

Faculty of Environment and Technology

UWE, Frenchay, Bristol, BS16 1QY, UK

Overview

• Brief recap on IoT

• Some examples

• Cybersecurity Issues of IoT

12 May 2015 IoT Submit 2

Today’s Cyber Situation

• Victims of our own success

• Opportunity expands the attack surface:

– Clouds linked to legacy systems

– IoT means more entry points

– Bring Your Own Devices (BYOD)

• We’re not doing all we can:

– Poor info sharing even at basic levels, not real-time

– Eliminating/upgrading legacy systems

– Government – no legislation since 2002, poor grades


Cyber is not a Normal Risk!

• Cyber defies conventional metrics

– Non-quantifiable

– Non-predictable

– Global, not local

– Can put the entire system at complete risk

• Examples of normal risks:

– Weather - business interruption

– Employee and customer lawsuits

– Theft of a trailer full of cell phones



Attacks will increase rapidly due to

• Hyper-growth

• Poor security hygiene

• High value of data on IoT devices

Thread Predictions 2015 – McAfee Labs

IoT Cybersecurity/Privacy Issues

• IoT provide an opportunity for enterprise

and PAN or Connect Home Ecosystems

• Downside – all that connectivity and

production of massive amount of data and

lack of standards

• Dramatically increase the potential of

cybersecurity intrusions and infringements

upon privacy



• As a starter, there are three areas that will

require some new or additional attention in

the IoT world

– Customer facing privacy policies

– Internal Infosec policies – BOYD and

DocRetention

– B2B commercial agreements – including

cloud storage agreements



Photo: Showtime

The scenario was explored in an

episode of Homeland

Terrorists could hack into electronic

implants like pacemakers to

kill targets,

Defibrillators, bedside intravenous

fluid pumps, scanners and

hospital networks.


• In short, IoT will alter the playing filed as

much if not more than PCs and mobile

devices have, combined

• Vast amounts of data, increasing security

concerns, rising privacy issues

• The IoT savvy leaders will see this coming

and help to lead their company with

confidence and vision


Key STANDARDS emerging for an Open Internet of Things

Lightweight protocols for devices to work together, communicate

OASIS MQTT, MQTT-SN

OASIS SmartGrid projects

Unique and extensible identifiers for all those billions of devices

Multiple new projects, XRI, UUIDs, etc.

Demand for API access and interoperability

SOA/Cloud orchestration and API standardization (AMQP, MQTT, OData)

Cybersecurity

KMIP, SAML, XACML/JSON, PKCS11, CloudAuthZ

Privacy and Policy

PMRM, PbDSE, and Personal Data Stores


IoT – Remarks • IoT is an exciting megatrend – it offer amazing

advancements in connected homes, health,

community, defense etc.

• It is likely to propel organization forward in ways

yet to be imagined

• However, for us whose job is to secure this service

it provides a shifting and uncertain landscape

• For the cyber criminals – it provides a honeypot of

opportunities

• For lay users – it provides a security nightmare

• For enterprise developing such solutions – it

provides huge opportunities for revenue


@AArabojr

[email protected]

mailto:[email protected]

CyberSecurity_for_the_IoT

Documents

Transcript of CyberSecurity_for_the_IoT