11 things IT leaders need to know about the internet of things
CyberSecurity_for_the_IoT
1. Cybersecurity for the IoT
Dr Abdullahi Arabo Jr
Senior Lecturer in Computer Networks and Mobile
Technologies
Department of Computer Science and Creative Technologies
Faculty of Environment and Technology
UWE, Frenchay, Bristol, BS16 1QY, UK
2. Overview
• Brief recap on IoT
• Some examples
• Cybersecurity Issues of IoT
12 May 2015 IoT Submit 2
6. Today’s Cyber Situation
• Victims of our own success
• Opportunity expands the attack surface:
– Clouds linked to legacy systems
– IoT means more entry points
– Bring Your Own Devices (BYOD)
• We’re not doing all we can:
– Poor info sharing even at basic levels, not real-
time
– Eliminating/upgrading legacy systems
– Government – no legislation since 2002, poor
grades
12 May 2015 IoT Submit 6
7. Cyber is not a Normal Risk!
• Cyber defies conventional metrics
– Non-quantifiable
– Non-predictable
– Global, not local
– Can put the entire system at complete risk
• Examples of normal risks:
– Weather - business interruption
– Employee and customer lawsuits
– Theft of a trailer full of cell phones
12 May 2015 IoT Submit 7
8. 12 May 2015 IoT Submit 8
Attacks will increase rapidly due to
• Hyper-growth
• Poor security hygiene
• High value of data on IoT devices
Thread Predictions 2015 – McAfee Labs
15. IoT Cybersecurity/Privacy Issues
• IoT provide an opportunity for enterprise
and PAN or Connect Home Ecosystems
• Downside – all that connectivity and
production of massive amount of data and
lack of standards
• Dramatically increase the potential of
cybersecurity intrusions and infringements
upon privacy
12 May 2015 IoT Submit 15
16. IoT Cybersecurity/Privacy Issues
• As a starter, there are three areas that will
require some new or additional attention in
the IoT world
– Customer facing privacy policies
– Internal Infosec policies – BOYD and
DocRetention
– B2B commercial agreements – including
cloud storage agreements
12 May 2015 IoT Submit 16
21. 12 May 2015 IoT Submit 21
Photo: Showtime
The scenario was explored in an
episode of Homeland
Terrorists could
hack into
electronic
implants like
pacemakers to
kill targets,
Defibrillators,
bedside intravenous
fluid pumps,
scanners and
hospital networks.
27. IoT Cybersecurity/Privacy Issues
• In short, IoT will alter the playing filed as
much if not more than PCs and mobile
devices have, combined
• Vast amounts of data, increasing security
concerns, rising privacy issues
• The IoT savvy leaders will see this coming
and help to lead their company with
confidence and vision
12 May 2015 IoT Submit 27
28. Key STANDARDS emerging
for an Open Internet of Things
Lightweight protocols
for devices to work
together, communicate
OASIS MQTT, MQTT-SN
OASIS SmartGrid projects
Unique and extensible
identifiers for all those
billions of devices
Multiple new projects, XRI,
UUIDs, etc.
Demand for API access
and interoperability
SOA/Cloud orchestration
and API standardization
(AMQP, MQTT, OData)
Cybersecurity KMIP, SAML, XACML/JSON,
PKCS11, CloudAuthZ
Privacy and Policy PMRM, PbDSE, and Personal
Data Stores
12 May 2015 IoT Submit 28
29. IoT – Remarks
• IoT is an exciting megatrend – it offer amazing
advancements in connected homes, health,
community, defense etc.
• It is likely to propel organization forward in ways
yet to be imagined
• However, for us whose job is to secure this service
it provides a shifting and uncertain landscape
• For the cyber criminals – it provides a honeypot of
opportunities
• For lay users – it provides a security nightmare
• For enterprise developing such solutions – it
provides huge opportunities for revenue
12 May 2015 IoT Submit 29