the internet of things – good, bad or just plain ugly?
Post on 21-Feb-2017
75 Views
Preview:
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved.
The Internet of Things – Good, Bad or Just Plain Ugly?
Patrick Grillo, Senior Director, Security Strategy
2
IoT – What is it?
The Internet of Things (IoT) is the
network of physical objects—devices,
vehicles, buildings and other items—
embedded with electronics, software,
sensors, and network connectivity that
enables these objects to collect and
exchange data.* *Internet of Things Global Standards Initiative
4
Trash bin posts to Facebook
Connected egg tray
ICPooch - Dog treat dispenser
with video chat
Dog fitness tracker
Connected “doggie” door
WiFi connected beer home
brewing kit
Spectator worn sports jersey
that vibrates
Connected “piggy” bank with
mobile app
Would You Believe?
Just Because They Can
5
Nuclear Facilities (US) » More than 150 successful cyber
attacks between 2010 & 2014
Steel Mills (Germany) » Uncontrollable blast furnace
Energy Grid (US) » More than 150 successful cyber
attacks between 2010 & 2014
Water Supply
Hospital » Remotely hack drug pumps
Building Infrastructure » Temperature and fire control systems
Oil Rigs » Hacker induced instability
Firearms » Smart weapons with WiFi
Airplanes » Access flight control via entertainment
system
Kitchen » Toaster refusing to toast white break
Did You Know?
Top 10 Scariest IoT Data Breaches
6
Trend: Device Growth Continues
33 Billion endpoints projected to
be connected by 2020 – Gartner
New device types entering the
network
» ‘headless’ IoT, wireless sensor
nodes, beacons, wearables
More devices and newer device types are entering the network
9
“CEO’s Guide to IoT Security” – AT&T, March 2016
of global organizations are
considering, exploring, or
implementing an IoT
strategy
85%
IoT deployments are on the rise How many connected devices do you
have in your organization?
of organizations are fully
confident that their
connected devices are
secure
10% 1%
8% 20%
35% 32%
5%
None Fewer than 100
100-999 1,000-4,999
5,000+ Don't know
Source: AT&T, March 2016
10
“CEO’s Guide to IoT Security” – AT&T, March 2016
Source: AT&T, March 2016
44%
32%
14%
4% 6%
IoT share of IT Security Budget
0 - 25% 26-50% 51-75% 76% Not sure
11
Threat Agents in the IoT
Criminals Hackivists Industrial Spies Nation States
Terrorists Insiders Chaotic Actors & Vigilantes
Regulators
12
IoT Use-case Examples: Consumer and Enterprise
Automated
prescription
ordering
Micro-payments
for ad hoc
home heating
P2P lending
– through
the TV
Re-fill the
fridge
13
IoT Use-case Examples: Consumer and Enterprise
Automated
prescription
ordering
Micro-payments
for ad hoc
home heating
P2P lending
– through
the TV
Re-fill the
fridge
Stored value
and loyalty
Energy
Spot-market
settlement
Pay as you go feed
stock by inventory
managers
Fuel currencies
(block chains)
14
Big Threat #1 – Device to Device Attacks
Infected device enters the home and attacks
adjacent devices – which in turn launch attacks
Infected/ compromised devices attack
internally and externally
15
Big Threat #1 – Device to Device Attacks
Infected device enters the home and attacks
adjacent devices – which in turn launch attacks
Infected/ compromised devices attack
internally and externally
16
Big Threat #2 – IoT as the Weakest Link
Personally
Identifiable
Info
Sabotage or
privacy invasions
Attack on
information-rich
devices
IoT Cloud services
Compromise of one device leads to
all adjacent systems
Social engineering in the IoT
17
Big Threat #2 – IoT as the Weakest Link
Personally
Identifiable
Info
Sabotage or
privacy invasions
Attack on
information-rich
devices
IoT Cloud services
Man-in-the-Middle or
compromise Cloud
Messages pushed to device manager
“Upgrade now for your own safety”
Fetch “patches” = malware
Malware
Drop
Compromise of one device leads to
all adjacent systems
Social engineering in the IoT
18
Big Threat #3 – Interdependency and Complexity
IoT ecosystem has many stakeholders and
service providers at each point in the
architecture
Cascading impacts almost impossible to project or monitor
Assumptions will fail
End point
Device user(s)
Device owner
Device manager
Device maker
Supply chain
19
Big Threat #3 – Interdependency and Complexity
IoT ecosystem has many stakeholders and
service providers at each point in the
architecture
Cascading impacts almost impossible to project or monitor
Assumptions will fail
1
Gateway
Service function owner
Gateway owner
Gateway manager
Gateway maker
Supply chain
End point
Device user(s)
Device owner
Device manager
Device maker
Supply chain
20
Big Threat #3 – Interdependency and Complexity
IoT ecosystem has many stakeholders and
service providers at each point in the
architecture
Cascading impacts almost impossible to project or monitor
Assumptions will fail
1 2
Gateway
Service function owner
Gateway owner
Gateway manager
Gateway maker
Supply chain
Network
Network provider Equipment maker
Network owner Supply chain
Network manager
End point
Device user(s)
Device owner
Device manager
Device maker
Supply chain
21
3
Big Threat #3 – Interdependency and Complexity
IoT ecosystem has many stakeholders and
service providers at each point in the
architecture
Cascading impacts almost impossible to project or monitor
Assumptions will fail
1 2
Gateway
Service function owner
Gateway owner
Gateway manager
Gateway maker
Supply chain Cloud / DC
Service tenant Platform vendor
Software owner Infrastructure
owner
Software manager Infrastructure
manage
Software vendor Infrastructure
vendors
Platform owner Supply chain
Platform manager
Network
Network provider Equipment maker
Network owner Supply chain
Network manager
End point
Device user(s)
Device owner
Device manager
Device maker
Supply chain
22
3
Big Threat #3 – Interdependency and Complexity
IoT ecosystem has many stakeholders and
service providers at each point in the
architecture
Cascading impacts almost impossible to project or monitor
Assumptions will fail
1 2
Gateway
Service function owner
Gateway owner
Gateway manager
Gateway maker
Supply chain Cloud / DC
Service tenant Platform vendor
Software owner Infrastructure
owner
Software manager Infrastructure
manage
Software vendor Infrastructure
vendors
Platform owner Supply chain
Platform manager
Network
Network provider Equipment maker
Network owner Supply chain
Network manager
End point
Device user(s)
Device owner
Device manager
Device maker
Supply chain
4
25
WHERE DO THE IOT SECURITY ANSWERS LIE?
PARTIALLY WITH THE IOT DEVICES THEMSELVES.
BUT MOSTLY WITH THE NETWORK.
26
End-to-End: IoT Security Reference Model
End point Gateways Network Data Center and Cloud
Control & Visibility
Security Services & Framework
END POINTS
(Wireless/Fixed)
NETWORK
DATA CENTER
& CLOUD
(Smart)
GATEWAYS
30
Thumbs Up or Thumps Down?
IoT is here to stay
Understand its advantages and liabilities
Put security in the forefront when considering IoT
top related