organizational leadership: building a sustainable cyber-physical security competency
TRANSCRIPT
Organizational LeadershipBuilding a Sustainable Cyber-Physical Security Competency
Mark BensonCTO, Exosite
• 18 years of experience building embedded systems and high availability enterprise software platforms
• 45 publications on how the Internet of Things is changing the way organizations do business
• Author of The Art of Software Thermal Management for Embedded Systems. Springer (2014)
https://twitter.com/markbenson
https://www.linkedin.com/in/markbenson
http://markbenson.io
The world is
turning digital• 30 billion IoT devices in service by 2020
- IDC, 2015
• 50 percent of new business products and services with IoT elements by 2020- Gartner, 2016
• $11 trillion of economic impact via IoT technologies by 2025- McKinsey, 2015
Anticipated impact on the rise
2015
23%
2016
18%
2017
17%
Low or no impact
* Source: Smart Industry 2017 State of Initiative Report
2015
32%
2016
22%
2017
14%
Neutral impact
2015
45%
2016
59%
2017
69%
High or critical impact
Digital strategies are maturing
‘15
45%
‘16
28%
‘17
19%
’15
30%
‘16
32%
‘17
33%
‘15
13%
‘16
20%
‘17
21%
‘15
12%
‘16
19%
‘17
27%
No strategy Informal strategy 1-2 year horizon 3+ year horizon
None or informal strategy Formal strategy with timeline
76%
(2015)
61%
(2016)
52%
(2017)
24%
(2015)
39%
(2016)
48%
(2017)
* Source: Smart Industry 2017 State of Initiative Report
But security is a major concern
* Source: Smart Industry 2017 Q1 State of Initiative Report
Here Be(IoT) Dragons• Attack surfaces are expanding• Physical access to systems is becoming easier• Consumer privacy concerns are rising• Consequences of a breach are becoming more severe• Product companies are out of their comfort zone
Organizational barriers to building a
sustainable digital competency:
1. Lack of executive sponsorship
2. Organizational misalignment
3. Low cross-departmental collaboration
4. Culture that is slow to adopt change
5. Inconsistent market feedback
* Benson, Mark D. “Five Avoidable Complications Of Corporate IoT Innovation
Programs.” Forbes (December 2016).
And change for people is hard
IoT for organizations (behind the scenes)
REQUIRESPEOPLE
HAS LOTS OFDISCONNECTED
PIECES
DOESN’T INCLUDE
DIRECTIONS
IoT security initiatives are similar to
assembling a complex puzzle
When solving a puzzle,
you have two typical strategies
INSIDE OUT OUTSIDE IN
IoT initiatives fail because they typically
invite misalignment from the start.
A cohesive cyber-physical security
strategy ensures everyone is working
toward the same outcome.
Successful organizations view IoT as a strategic decision
But building a new organizational competency takes time
Conscious Competence Learning Model
UNCONSCIOUS INCOMPETENCE
UNCONSCIOUS COMPETENCE
CONSCIOUS INCOMPETENCE
CONSCIOUSCOMPETENCE
Generally unaware and blissfully naive
Mastery as second nature
Acknowledgement of competency deficit
Success via concerted effort
The Trickiest Parts Are The Transitions
UNCONSCIOUS INCOMPETENCE
UNCONSCIOUS COMPETENCE
CONSCIOUS INCOMPETENCE
CONSCIOUSCOMPETENCE
Generally unaware and blissfully naive
Mastery as second nature
Acknowledgement of competency deficit
Success via concerted effort
* Benson, Mark D. “Building An Organizational IoT Competency: What You Need To Know.” Forbes
(April 2017).
Secure processes => secure products => secure brands
Foundations of a secure brand
* Benson, Mark D, Viren, Robert. “I Best Practices to Build a Pragmatic Security Strategy for
Industrial IoT.” Exosite Whitepaper (April 2017).
1. Everyone is personally responsible for IoT security
2. Leaders demonstrate commitment to IoT security
3. Decision-making reflects IoT security first
4. IoT is recognized as special and unique
5. A questioning attitude is cultivated
6. Organizational learning is embraced
7. IoT security undergoes constant examination
The way organizations respond to the IoT will define their success for the coming decade
Thank You.
Mark Benson
https://twitter.com/markbenson
https://www.linkedin.com/in/markbenson
http://exosite.com http://markbenson.io
https://twitter.com/exosite
https://www.linkedin.com/company/exosite