SlideShare ist ein Scribd-Unternehmen logo

IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] IoT Security

CableLabs
CableLabs

As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry? Gerald Faulhaber Professor Emeritus, Business Economics & Public Policy, Wharton School https://www.cablelabs.com/informed/

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
IoT and Cybersecurity: What Can Be Done? Gerald R. Faulhaber Professor Emeritus, Wharton School “IoT Security – Risks, Solutions and Ramifications” New York, NY April 12, 2017 4/12/2017 IoT: What Can Be Done? 1
• Threats to customers and others: Outdated software, insecure communications (authentication, encryption), malware threats, botnets. • Fixes: – Devices ship with current software – Secure auto updates – Strong authentication, restrictive communication – Best security & cryptography practices – Security support for device lifespan Reference: “Internet of Things (IoT) Security and Privacy Recommendations”, BITAG 11/16 4/12/2017 IoT: What Can Be Done? 2 What’s the Problem?
Another Take on Fixes – Incorporate Security at the Design Phase – Advance Security Updates and Vulnerability Management – Build on Proven Security Practices – Prioritize Security Measures According to Potential Impact – Promote Transparency across IoT – Connect Carefully and Deliberately Reference: Homeland Security “Strategic Principles for Securing the IoT” 11/16 4/12/2017 IoT: What Can Be Done? 3
Are Fixes Happening? • NO – no standards for devices and software – no requirements to upgrade security – only earliest efforts to establish standards • Field day for hackers: turn off alarms, disrupt HH, easy prey to set up botnets, etc. – Most retail consumers not even aware their Smart TV can be hacked, so see no need for protection – Third parties may suffer the most, via botnet attacks, etc. Externality 4/12/2017 IoT: What Can Be Done? 4
Making Fixes Happen: Institutions • Institutions must yield: – Establishing security standards for all • Standards should change as technology evolves – Enforcing standards throughout vertical chain • Voluntary compliance • Private enforcement/product liability • Regulatory enforcement – Inform/involve customers (commercial/retail) 4/12/2017 IoT: What Can Be Done? 5
Institutions: What Works, When • Industry voluntary – Potentially responsive to technology change – More industry- rather than customer-focused – “Good Housekeeping Seal of Approval” – Works well when: • Industry and vertical chain have small number of firms • Standards enforcement easy • Customers value good product information – Problematic for IoT cybersecurity 4/12/2017 IoT: What Can Be Done? 6
What Works, When II • Voluntary standard-setting, legal implementation – Agreed standards enforced via product liability – Less responsive to technical change (requires law change) – Enforcement via customer liability suits – Works well when • Technical change relatively slow • Few, easily identifiable firms • Product important to customers; enforcement costly; no externalties – Problematic for IoT cybersecurity 4/12/2017 IoT: What Can Be Done? 7
What Works, When III • Regulatory/Industry Joint Effort – EPA/Industry Energy Star, SEC securities regulation – Responsive to technical change – Enforcement via regulatory monitoring/legal action – Potential for publicly visible regulatory capture • SEC record of ongoing enforcement failures – Works well when • Lots of firms, technical change fairly rapid • Customers (such as retail) not involved in problems – Could work well for IoT cybersecurity 4/12/2017 IoT: What Can Be Done? 8
What Works, When IV • Regulatory – EPA auto fuel standards – Less responsive to technical change • Standards set by bureaucrats – Enforcement stringent, credible – Works well when • Lots of firms, technical change fairly slow • Customers (retail) not involved in problems – May work OK for IoT cybersecurity 4/12/2017 IoT: What Can Be Done? 9
So What To Do? • It appears Regulatory/Industry joint effort is likely the preferred option, but not perfect – All options will be slow to implement • Not clear who should be the regulator; FTC is privacy regulator, but this job probably more than they can handle – Their regulatory record is good but not great • Need to coordinate with government efforts for cybersecurity (e.g., Homeland Security, NTIA) – Use common principles, different implementation 4/12/2017 IoT: What Can Be Done? 10

Empfohlen

Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
Hildebrand Technology
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
automatskicorporation
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
Exosite
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot device
Mayank Pandey
 

Empfohlen

Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
Hildebrand Technology
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
automatskicorporation
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
Exosite
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot device
Mayank Pandey
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
Usman Anjum
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
Daniel Miessler
 
Contextual Cyber Security for IoT
Contextual Cyber Security for IoTContextual Cyber Security for IoT
Contextual Cyber Security for IoT
MONICA-Project
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
amarprusty
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
Forest Interactive
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
European Union Agency for Network and Information Security (ENISA)
 
Internet of things
Internet of thingsInternet of things
Internet of things
varungoyal98
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
sajid mehmood
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT security
IoT613
 
IoT security compliance checklist
IoT security compliance checklist IoT security compliance checklist
IoT security compliance checklist
PriyaNemade
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challenges
Hadi Fadlallah
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
CableLabs
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List Conference
Cigdem Sengul
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of Things
Paul Hastings
 
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
William Tanenbaum
 

Weitere ähnliche Inhalte

Was ist angesagt?

Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 

Was ist angesagt? (20)

Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
 
Contextual Cyber Security for IoT
Contextual Cyber Security for IoTContextual Cyber Security for IoT
Contextual Cyber Security for IoT
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT security
 
IoT security compliance checklist
IoT security compliance checklist IoT security compliance checklist
IoT security compliance checklist
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challenges
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List Conference
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 

Ähnlich wie IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] IoT Security

William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
William Tanenbaum
 
Views and myths of IoT
Views and myths of IoTViews and myths of IoT
Views and myths of IoT
Ahmed Banafa
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Internet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for valueInternet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for value
Deloitte United States
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdf
Surendhar57
 

Ähnlich wie IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] IoT Security (20)

Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of Things
 
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
 
Compliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centersCompliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centers
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
Top 10 Challenges in IoT App Development.pdf
Top 10 Challenges in IoT App Development.pdfTop 10 Challenges in IoT App Development.pdf
Top 10 Challenges in IoT App Development.pdf
 
BYOD: D for Device or D for Disaster?
BYOD: D for Device or D for Disaster?BYOD: D for Device or D for Disaster?
BYOD: D for Device or D for Disaster?
 
IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT Deck
 
The fourth industrial revolution
The fourth industrial revolutionThe fourth industrial revolution
The fourth industrial revolution
 
Views and myths of IoT
Views and myths of IoTViews and myths of IoT
Views and myths of IoT
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Internet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for valueInternet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for value
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Internet of Things: Trends and challenges for future
Internet of Things: Trends and challenges for futureInternet of Things: Trends and challenges for future
Internet of Things: Trends and challenges for future
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
ISOC-PolicyBrief-Slides-IoT-20161115.pptx
ISOC-PolicyBrief-Slides-IoT-20161115.pptxISOC-PolicyBrief-Slides-IoT-20161115.pptx
ISOC-PolicyBrief-Slides-IoT-20161115.pptx
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdf
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Kürzlich hochgeladen (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] IoT Security

  • 1. IoT and Cybersecurity: What Can Be Done? Gerald R. Faulhaber Professor Emeritus, Wharton School “IoT Security – Risks, Solutions and Ramifications” New York, NY April 12, 2017 4/12/2017 IoT: What Can Be Done? 1
  • 2. • Threats to customers and others: Outdated software, insecure communications (authentication, encryption), malware threats, botnets. • Fixes: – Devices ship with current software – Secure auto updates – Strong authentication, restrictive communication – Best security & cryptography practices – Security support for device lifespan Reference: “Internet of Things (IoT) Security and Privacy Recommendations”, BITAG 11/16 4/12/2017 IoT: What Can Be Done? 2 What’s the Problem?
  • 3. Another Take on Fixes – Incorporate Security at the Design Phase – Advance Security Updates and Vulnerability Management – Build on Proven Security Practices – Prioritize Security Measures According to Potential Impact – Promote Transparency across IoT – Connect Carefully and Deliberately Reference: Homeland Security “Strategic Principles for Securing the IoT” 11/16 4/12/2017 IoT: What Can Be Done? 3
  • 4. Are Fixes Happening? • NO – no standards for devices and software – no requirements to upgrade security – only earliest efforts to establish standards • Field day for hackers: turn off alarms, disrupt HH, easy prey to set up botnets, etc. – Most retail consumers not even aware their Smart TV can be hacked, so see no need for protection – Third parties may suffer the most, via botnet attacks, etc. Externality 4/12/2017 IoT: What Can Be Done? 4
  • 5. Making Fixes Happen: Institutions • Institutions must yield: – Establishing security standards for all • Standards should change as technology evolves – Enforcing standards throughout vertical chain • Voluntary compliance • Private enforcement/product liability • Regulatory enforcement – Inform/involve customers (commercial/retail) 4/12/2017 IoT: What Can Be Done? 5
  • 6. Institutions: What Works, When • Industry voluntary – Potentially responsive to technology change – More industry- rather than customer-focused – “Good Housekeeping Seal of Approval” – Works well when: • Industry and vertical chain have small number of firms • Standards enforcement easy • Customers value good product information – Problematic for IoT cybersecurity 4/12/2017 IoT: What Can Be Done? 6
  • 7. What Works, When II • Voluntary standard-setting, legal implementation – Agreed standards enforced via product liability – Less responsive to technical change (requires law change) – Enforcement via customer liability suits – Works well when • Technical change relatively slow • Few, easily identifiable firms • Product important to customers; enforcement costly; no externalties – Problematic for IoT cybersecurity 4/12/2017 IoT: What Can Be Done? 7
  • 8. What Works, When III • Regulatory/Industry Joint Effort – EPA/Industry Energy Star, SEC securities regulation – Responsive to technical change – Enforcement via regulatory monitoring/legal action – Potential for publicly visible regulatory capture • SEC record of ongoing enforcement failures – Works well when • Lots of firms, technical change fairly rapid • Customers (such as retail) not involved in problems – Could work well for IoT cybersecurity 4/12/2017 IoT: What Can Be Done? 8
  • 9. What Works, When IV • Regulatory – EPA auto fuel standards – Less responsive to technical change • Standards set by bureaucrats – Enforcement stringent, credible – Works well when • Lots of firms, technical change fairly slow • Customers (retail) not involved in problems – May work OK for IoT cybersecurity 4/12/2017 IoT: What Can Be Done? 9
  • 10. So What To Do? • It appears Regulatory/Industry joint effort is likely the preferred option, but not perfect – All options will be slow to implement • Not clear who should be the regulator; FTC is privacy regulator, but this job probably more than they can handle – Their regulatory record is good but not great • Need to coordinate with government efforts for cybersecurity (e.g., Homeland Security, NTIA) – Use common principles, different implementation 4/12/2017 IoT: What Can Be Done? 10