Geneva, Switzerland, 15-16 September 2014

IoT (Internet of Things) and Security

Mikhail Kader,DSE, Cisco

mkader@cisco.com

ITU Workshop on “ICT Security Standardizationfor Developing Countries”

(Geneva, Switzerland, 15-16 September 2014)

Geneva, Switzerland, 15-16 September 2014 2

Abstract

More things are being connected to address a growing range of business needs. In fact, by 2020, more than 50 billion things will connect to the Internet—seven times our human population. Examples are wearable health and performance monitors, connected vehicles, smart grids, connected oilrigs, and connected manufacturing. This Internet of Things (IoT) will revolutionize the way we work, live, play, and learn.Inadequate security will be a critical barrier to large-scale deployment of IoT systems and broad customer adoption of IoT applications. Simply extending existing IT security architectures to the IoT will not be sufficient. The IoT world requires new security approaches, creating fertile ground for innovative and disruptive thinking and solutions.

Agenda

IntroductionExtraordinary BenefitsMajor Security ChallengesDelivering Security Across the Extended Network

3

What Is the Internet of Things?

The Internet of Things is the intelligent connectivity of physical devices driving massive gains in efficiency, business growth, and quality of life”

4

Relationship to the Internet of Everything (IoE)

Networked Connection of People, Process, Data, Things

PeopleConnecting People in

More Relevant, Valuable Ways

ProcessDelivering the Right Informationto the Right Person (or Machine) at the Right Time

DataLeveraging Data into

More Useful Information for Decision Making

ThingsPhysical Devices and Objects Connected to the Internet andEach Other for IntelligentDecision Making

IoEIoE

7.27.26.8 7.67.6

IoT Is Here Now – and Growing!

Rapid Rapid Adoption Adoption Rate of Digital Rate of Digital Infrastructure:Infrastructure:5X Faster Than 5X Faster Than Electricity and Electricity and TelephonyTelephony

50 BillionBillion

““Smart Objects”Smart Objects”

5050

20102010 20152015 20202020

00

4040

3030

2020

1010

BIL

LIO

NS

OF D

EV

ICES

B

ILLIO

NS

OF D

EV

ICES

25

12.5

InflectionPoint

TIMELINTIMELINEE

Source: Cisco IBSG, 2011

World Population

IoT Delivers Extraordinary Benefits

Cost savings, improved safety, superior service

Connected Rail Operations

PASSENGER SECURITY In-station and onboard safety Visibility into key events

ROUTE OPTIMIZATION Enhanced Customer Service Increased efficiency Collision avoidance Fuel savings

CRITICAL SENSING Transform “data” to “actionable intelligence” Proactive maintenance Accident avoidance

Smart City

Safety, financial, and environmental benefits

CONNECTED TRAFFIC SIGNALS Reduced congestion Improved emergency services response times Lower fuel usage

PARKING AND LIGHTING Increased efficiency Power and cost savings New revenue opportunities

CITY SERVICES Efficient service delivery Increased revenues Enhanced environmental monitoring

capabilities

The Connected Car

Actionable intelligence, enhanced comfort, unprecedented convenience

WIRELESS ROUTER Online entertainment Mapping, dynamic re-routing, safety and

security

CONNECTED SENSORS Transform “data” to “actionable intelligence” Enable proactive maintenance Collision avoidance Fuel efficiency

URBAN CONNECTIVITY Reduced congestion Increased efficiency Safety (hazard avoidance)

… But It Also Adds Complexity

Application InterfacesApplication Interfaces

Infrastructure InterfacesInfrastructure Interfaces

New Business Models Partner Ecosystem

ApplicationsApplications

Unified PlatformUnified Platform

InfrastructureInfrastructure

APPLICATION ENABLEMENT PLATFORMAPPLICATION ENABLEMENT PLATFORM

APPLICATION CENTRIC INFRASTRUCTUREAPPLICATION CENTRIC INFRASTRUCTURE

Data Integration

Big Data AnalyticsControl Systems

Application Integration

What Comprises IoT Networks?

The Flip Side: Major Security Challenges

IoT Expands Security Needs

Converged, Managed Network

Resilience at Scale Security

Security Application Enablement

Distributed Intelligence

Increased Attack Surface

Threat Diversity

Impact and Risk

Remediation

Protocols

Compliance and Regulation

What Can Breach IoT Networks?

What can’t?

Billions of connected devicesSecure and insecure locationsSecurity may or may not be built inNot owned or controlled by IT … but data flows through the network

Any node on your network can potentially provide access to the core

Smart City

Potential impact to services and public safety

REMOTE ACCESS Increased traffic congestion Creation of unsafe conditions

SYSTEM CONTROL Device manipulation Remote monitoring Creation of unsafe conditions

SERVICE MANIPULATION Environmental degradation System shutdown Lost revenue

IT Breach via OT Network

Breached via Stolen Credentials from HVAC Vendor40 Million Credit And Debit Cards StolenPII Stolen From 70 Million CustomersReputation Damage*

46% drop in year-over-year profit5.3% drop in year-over-year revenue2.5% drop in stock price

CEO Fired

* Source: KrebsonSecurity, May 2014

Unintended Security Exposures*

Farm Feeding System in the U.S.

Mine Ventilation System in Romania

Hydroelectric Plant in the U.S.

* Source: Wired, November 2013

Delivering Security Across the Extended Network

The Secure IoT Architecture – IT Plus OT!

Services

Application InterfacesApplication Interfaces

Infrastructure InterfacesInfrastructure Interfaces

New Business Models Partner Ecosystem

ApplicationsApplications

Application Enablement PlatformApplication Enablement Platform

Application Centric InfrastructureApplication Centric Infrastructure

SecuritySecurity

Data Integrati

on

Data Integrati

onBig DataBig Data AnalyticsAnalytics Control

Systems

Control Systems

Application

Integration

Application

Integration Network and

Perimeter Security

Physical Security

Device-level Security /

Anti-tampering

Cloud-based Threat Analysis

/ Protection

End-to-End Data

Encryption

Services

IT and OT are Inherently Different

IT OT• Connectivity: “Any-to-Any”

• Network Posture: Confidentiality, Integrity, Availability (CIA)

• Security Solutions: Cybersecurity; Data Protection

• Response to Attacks: Quarantine/Shutdown to Mitigate

• Connectivity: Hierarchical

• Network Posture: Availability, Integrity, Confidentiality (AIC)

• Security Solutions: Physical Access Control; Safety

• Response to Attacks: Non-stop Operations/Mission Critical – Never Stop, Even if Breached

IT/OT Converged Security Model

IT

DMZ

OT

Enterprise Network

Supervisory

Demilitarized Zone

Automation & Control

Iden

tity

Serv

ices

Clo

ud

Netw

ork

Secu

rity

Secu

re A

ccess

Ap

plicati

on

Con

trol

Con

fig

M

gm

t

Conclusion: Securely Embrace IoT!

New challenges require new thinking!avoid operational siloesnetworking and convergence are keya sound security solution is integrated throughoutbuild for the future

Security must be pervasiveinside and outside the networkdevice- and data-agnosticproactive and intelligent

Intelligence, not dataconvergence, plus analyticsspeed is essential for real-time decisions

Geneva, Switzerland, 15-16 September 2014

Mikhail Kader,DSE, Cisco

mkader@cisco.com