organizational leadership: building a sustainable cyber-physical security competency
TRANSCRIPT
Mark BensonCTO, Exosite
• 18 years of experience building embedded systems and high availability enterprise software platforms
• 45 publications on how the Internet of Things is changing the way organizations do business
• Author of The Art of Software Thermal Management for Embedded Systems. Springer (2014)
https://twitter.com/markbenson
https://www.linkedin.com/in/markbenson
http://markbenson.io
The world is
turning digital• 30 billion IoT devices in service by 2020
- IDC, 2015
• 50 percent of new business products and services with IoT elements by 2020- Gartner, 2016
• $11 trillion of economic impact via IoT technologies by 2025- McKinsey, 2015
Anticipated impact on the rise
2015
23%
2016
18%
2017
17%
Low or no impact
* Source: Smart Industry 2017 State of Initiative Report
2015
32%
2016
22%
2017
14%
Neutral impact
2015
45%
2016
59%
2017
69%
High or critical impact
Digital strategies are maturing
‘15
45%
‘16
28%
‘17
19%
’15
30%
‘16
32%
‘17
33%
‘15
13%
‘16
20%
‘17
21%
‘15
12%
‘16
19%
‘17
27%
No strategy Informal strategy 1-2 year horizon 3+ year horizon
None or informal strategy Formal strategy with timeline
76%
(2015)
61%
(2016)
52%
(2017)
24%
(2015)
39%
(2016)
48%
(2017)
* Source: Smart Industry 2017 State of Initiative Report
Here Be(IoT) Dragons• Attack surfaces are expanding• Physical access to systems is becoming easier• Consumer privacy concerns are rising• Consequences of a breach are becoming more severe• Product companies are out of their comfort zone
Organizational barriers to building a
sustainable digital competency:
1. Lack of executive sponsorship
2. Organizational misalignment
3. Low cross-departmental collaboration
4. Culture that is slow to adopt change
5. Inconsistent market feedback
* Benson, Mark D. “Five Avoidable Complications Of Corporate IoT Innovation
Programs.” Forbes (December 2016).
And change for people is hard
REQUIRESPEOPLE
HAS LOTS OFDISCONNECTED
PIECES
DOESN’T INCLUDE
DIRECTIONS
IoT security initiatives are similar to
assembling a complex puzzle
Conscious Competence Learning Model
UNCONSCIOUS INCOMPETENCE
UNCONSCIOUS COMPETENCE
CONSCIOUS INCOMPETENCE
CONSCIOUSCOMPETENCE
Generally unaware and blissfully naive
Mastery as second nature
Acknowledgement of competency deficit
Success via concerted effort
The Trickiest Parts Are The Transitions
UNCONSCIOUS INCOMPETENCE
UNCONSCIOUS COMPETENCE
CONSCIOUS INCOMPETENCE
CONSCIOUSCOMPETENCE
Generally unaware and blissfully naive
Mastery as second nature
Acknowledgement of competency deficit
Success via concerted effort
* Benson, Mark D. “Building An Organizational IoT Competency: What You Need To Know.” Forbes
(April 2017).
Secure processes => secure products => secure brands
Foundations of a secure brand
* Benson, Mark D, Viren, Robert. “I Best Practices to Build a Pragmatic Security Strategy for
Industrial IoT.” Exosite Whitepaper (April 2017).
1. Everyone is personally responsible for IoT security
2. Leaders demonstrate commitment to IoT security
3. Decision-making reflects IoT security first
4. IoT is recognized as special and unique
5. A questioning attitude is cultivated
6. Organizational learning is embraced
7. IoT security undergoes constant examination