huntsman - internet of things (for iap2015)
Post on 19-Jul-2015
87 Views
Preview:
TRANSCRIPT
The Internet Enterprise Network of Things
March 2015 – Piers Wilson All images are the property of their respective owners
© 2015 Tier-3 Pty Limited. All rights reserved.
Agenda What is the
“Internet of Things” ?
What are the security issues ?
How can we solve (or avoid) these ?
Images from Dr. Seuss
© 2015 Tier-3 Pty Limited. All rights reserved.
What is the “Internet of Things”
Common characteristics – Embedded/bespoke technologies – Network connected (Intra & Internet) – Cloud-connected applications, web control, data
tracking – Mobile/App/Web control interfaces – Massive volume/number/diversity of devices
The "Internet of Things” is the network of physical objects that contains embedded technology to communicate and sense or interact with the objects' internal state or the external environment
Gartner
Imag
es from
Dr. Seuss
Images from Dr. Seuss
© 2015 Tier-3 Pty Limited. All rights reserved.
What is the “Internet of Things”
Imag
e source: G
artner, 2015
Images from Dr. Seuss
© 2015 Tier-3 Pty Limited. All rights reserved.
Security issues will arise, and already are... • Overall track record on IT security not perfect
– Workstations, web applications, enterprise networks, open source code, centrifuges, operating systems, malware, mobile devices... Still being breached
• Device manufacturers even less experienced at defending systems – Fridges, light bulbs, cars, HVAC systems, healthcare
devices, coffee machines
• Users generally don’t enable security, or really care – Especially at work
Images from Dr. Seuss
Some figures • By 2020 it is predicted there will be 200 billion smart
devices – 26 for every human being
• 43% of US homes have connected TVs
• Today 7% of consumers own a “wearable” – By the end of next year, that number will have jumped to
28%
• Dutch internet-connected cattle sensors tell farmers when the animals are sick or pregnant – Each cow sends about 200Mb of data per year
• General Electric believes “Industrial Internet” in oil/gas exploration only has to make 1% more efficient to save $90bn
Sources: Intel, IDC, Business Insider, Motley Fool
%
© 2015 Tier-3 Pty Limited. All rights reserved.
Predictions IoT technologies (incl.
consumer) will be connected to
enterprise networks
IoT failures will be “real” - potentially
serious/damaging/life affecting
IoT will involve mobile and cloud for access, control and storage
Devices will be vulnerable Hoping for “Secure” IoT that meets standards probably
unrealistic
Vulnerabilities will have knock-on effects and
expose systems, networks, data and users
Diversity/volumes greater than traditional
IT
Business and user communities will
drive IoT use – not IT function
Images from Dr. Seuss
© 2015 Tier-3 Pty Limited. All rights reserved.
Some stories so far...
http://contextis.com/resources/blog/hacking-internet-connected-light-bulbs/
http://www.bbc.co.uk/news/technology-29203776
http://reut.rs/1wjx19W
http://www.bbc.co.uk/news/technology-30575104
Images from Dr. Seuss and as listed
© 2015 Tier-3 Pty Limited. All rights reserved.
1) Plan an IOT-aware enterprise network • Proliferation of connected IoT devices will
increase
• New, Disruptive, Pervasive – Many security approaches are accepted wisdom
• IoT will mean embracing cloud and wider adoption of mobile and wireless technologies
• IoT, cloud and mobile connectivity will become normal (if not already) – Some security paradigms may become less effective
Images from Dr. Seuss
© 2015 Tier-3 Pty Limited. All rights reserved.
2) Drive business engagement in IoT • Develop security use cases for the business users
and jointly with security and business teams – Leverage momentum as businesses seek to meet user,
consumer, operational demands – Build security and risk reduction into wider IoT
interactions – Inaction or poor planning may lead to IT security
becoming an impediment to future business activities
• Some connected devices/control systems are core to business... integrate specific security safeguards now, rather than retrofitting
Images from Dr. Seuss
© 2015 Tier-3 Pty Limited. All rights reserved.
3) Strive for IoT visibility • IoT evolution well underway
– a growing range of security risks
• Defining policies, patterns, rules for “IoT Access Lists” or “Device Vulnerability Signatures” will be hard
• Segment networks to allow adoption without subverting existing controls / security
• Ensure visibility of IT environment, streamline/optimise/automate reporting and compliance processes
• Build adequate systems and processes to be able to detect: – Connections and activity – Failures and compromises
– Impacts on the operation of the IT environment and the business
Images from Dr. Seuss
© 2015 Tier-3 Pty Limited. All rights reserved.
Summary – 3 Goals
September 2015
1. A network architecture (segmentation) and intelligent system monitoring capability that supports, detects and manages IoT technologies when they are connected, operating or failing
2. Ensure that when IoT technologies are attacked or malfunction you can detect anomalies quickly, contain any impact, investigate, understand and respond effectively
3. Anticipate and automate responses to predictable risk scenarios - build timely fail-safe responses to foreseeable threats
3 1 2 Im
ages from
Dr. Seuss
piers.wilson@huntsmansecurity.com
+44 (0) 7800 508517
www.huntsmansecurity.com www.tier-3.com
@tier3huntsman
Questions
Images from Dr. Seuss
top related