The Internet Enterprise Network of Things  

 March 2015 – Piers Wilson      All images are the property of their respective owners

© 2015 Tier-3 Pty Limited. All rights reserved.

Agenda What is the

“Internet of Things” ?

What are the security issues ?

How can we solve (or avoid) these ?

Images  from    Dr.  Seuss  

© 2015 Tier-3 Pty Limited. All rights reserved.

What is the “Internet of Things”

Common characteristics –  Embedded/bespoke technologies –  Network connected (Intra & Internet) –  Cloud-connected applications, web control, data

tracking –  Mobile/App/Web control interfaces –  Massive volume/number/diversity of devices

The "Internet of Things” is the network of physical objects that contains embedded technology to communicate and sense or interact with the objects' internal state or the external environment

Gartner

Imag

es  from

   Dr.  Seuss  

Images  from    Dr.  Seuss  

© 2015 Tier-3 Pty Limited. All rights reserved.

What is the “Internet of Things”

Imag

e  source:  G

artner,  2015  

Images  from    Dr.  Seuss  

© 2015 Tier-3 Pty Limited. All rights reserved.

Security issues will arise, and already are... •  Overall track record on IT security not perfect

–  Workstations, web applications, enterprise networks, open source code, centrifuges, operating systems, malware, mobile devices... Still being breached

•  Device manufacturers even less experienced at defending systems –  Fridges, light bulbs, cars, HVAC systems, healthcare

devices, coffee machines

•  Users generally don’t enable security, or really care –  Especially at work

Images  from    Dr.  Seuss  

Some figures •  By 2020 it is predicted there will be 200 billion smart

devices –  26 for every human being

•  43% of US homes have connected TVs

•  Today 7% of consumers own a “wearable” –  By the end of next year, that number will have jumped to

28%

•  Dutch internet-connected cattle sensors tell farmers when the animals are sick or pregnant –  Each cow sends about 200Mb of data per year

•  General Electric believes “Industrial Internet” in oil/gas exploration only has to make 1% more efficient to save $90bn

Sources:  Intel,  IDC,  Business  Insider,  Motley  Fool  

%  

© 2015 Tier-3 Pty Limited. All rights reserved.

Predictions IoT technologies (incl.

consumer) will be connected to

enterprise networks

IoT failures will be “real” - potentially

serious/damaging/life affecting

IoT will involve mobile and cloud for access, control and storage

Devices will be vulnerable Hoping for “Secure” IoT that meets standards probably

unrealistic

Vulnerabilities will have knock-on effects and

expose systems, networks, data and users

Diversity/volumes greater than traditional

IT

Business and user communities will

drive IoT use – not IT function

Images  from    Dr.  Seuss  

© 2015 Tier-3 Pty Limited. All rights reserved.

Some stories so far...

http://contextis.com/resources/blog/hacking-internet-connected-light-bulbs/

http://www.bbc.co.uk/news/technology-29203776

http://reut.rs/1wjx19W

http://www.bbc.co.uk/news/technology-30575104

Images  from    Dr.  Seuss  and  as  listed  

© 2015 Tier-3 Pty Limited. All rights reserved.

1) Plan an IOT-aware enterprise network •  Proliferation of connected IoT devices will

increase

•  New, Disruptive, Pervasive –  Many security approaches are accepted wisdom

•  IoT will mean embracing cloud and wider adoption of mobile and wireless technologies

•  IoT, cloud and mobile connectivity will become normal (if not already) –  Some security paradigms may become less effective

Images  from    Dr.  Seuss  

© 2015 Tier-3 Pty Limited. All rights reserved.

2) Drive business engagement in IoT •  Develop security use cases for the business users

and jointly with security and business teams –  Leverage momentum as businesses seek to meet user,

consumer, operational demands –  Build security and risk reduction into wider IoT

interactions –  Inaction or poor planning may lead to IT security

becoming an impediment to future business activities

•  Some connected devices/control systems are core to business... integrate specific security safeguards now, rather than retrofitting

Images  from    Dr.  Seuss  

© 2015 Tier-3 Pty Limited. All rights reserved.

3) Strive for IoT visibility •  IoT evolution well underway

– a growing range of security risks

•  Defining policies, patterns, rules for “IoT Access Lists” or “Device Vulnerability Signatures” will be hard

•  Segment networks to allow adoption without subverting existing controls / security

•  Ensure visibility of IT environment, streamline/optimise/automate reporting and compliance processes

•  Build adequate systems and processes to be able to detect: –  Connections and activity –  Failures and compromises

–  Impacts on the operation of the IT environment and the business

Images  from    Dr.  Seuss  

© 2015 Tier-3 Pty Limited. All rights reserved.

Summary – 3 Goals

September 2015

1.  A network architecture (segmentation) and intelligent system monitoring capability that supports, detects and manages IoT technologies when they are connected, operating or failing

2.  Ensure that when IoT technologies are attacked or malfunction you can detect anomalies quickly, contain any impact, investigate, understand and respond effectively

3.  Anticipate and automate responses to predictable risk scenarios - build timely fail-safe responses to foreseeable threats

3  1  2  Im

ages  from

   Dr.  Seuss  

piers.wilson@huntsmansecurity.com

+44 (0) 7800 508517

www.huntsmansecurity.com www.tier-3.com

@tier3huntsman

Questions

Images  from    Dr.  Seuss  

:60 seconds The new way to deal with cyber threats www.huntsmansecurity.com