"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
CaribNOG 18 26 September 2019 Antigua & Barbuda “IoT-Security” Shernon Osepa, Manager Regional Affairs Latin America and Caribbean osepa@isoc.org @ShernonOsepa Internet Society © 1992–2016
Why does Internet Society care? “An Open, Globally-Connected, Trustworthy, and Secure Internet for Everyone” 4
Importance • More than 90% of global economy is conducted over the Internet • More than 2 millon USD generated every 30 seconds • It transforms and generates all kinds of new businesses • Social impact 5
Definitions •Internet Governance: (infrastructure, legal, economic, development, sociocultural, human rights, security) •“Cyber security refers to preventative methods to protect information from being stolen, compromised or attacked in some other way”; •For the purposes of this presentation, cyber security is defined as “anything that includes security problems specific to the Internet and their technical and non-technical solutions”; 7
Cybersecurity mapping issues can be classified according to three criteria: 1. Type of action (data interception/interference, illegal access, spyware, data corruption, sabotage, denial of service (DoS), identity theft). 2. Type of perpetrator (criminals, anarchists, hackers, revolutionaries, terrorists, secret services, defence/military units, Governments?). 3. Type of target (individuals, private companies, civil society organizations, media entities, public institutions, critical infrastructures etc. 8
Economic impact Jamaica pierde U$S 100 m en 2016 — Govt, Thursday, 12 Cibercrimen le cuesta a la economía global de octubre de 2017 US$450 billions, CEO, Hiscox Insurance, 7 de febrero de 2017 9
Cybersecurity Challenges 11
Cybersecurity threats Malicious software: (Malware)-viruses, spyware and other unwanted software) Botnets: networks or hijacked devices that perform remotely commanded tasks without the knowledge of their owners Denial of Service (DoS): flooding a computer or website with requests for information, preventing them functioning properly Phishing:a form of social engineering through which a person is tricked into doing something that they normally should not do E-scams: fraud schemes in which scammers use one or more online services- such as emails or websites to contact potential victims 12
What should we do about it? 13
Regarding the Internet of Things(IoT) 14
What is IoT really? • Despite the buzz, no single definition! refers to scenarios where network connectivity and computing capability extends to objects, sensors and everyday items not normally considered computers, allowing these devices to generate, exchange and consume data with minimal human intervention. • Functionally: The extension of network connectivity and computing capability to a variety of objects, devices, sensors and everyday items allowing them to generate/exchange data, often with remote data analytic/management capabilities. • As Value: Data & what can be done with it. • As a Vision: The realization of a “hyper-connected” world. 15
A Tree Ecosystem Leaves Trunk/branches Roots 16
Computers, Networks, and “Things” not new……. 17
If it’s not new, why now?: A Confluence of Market Trends UBIQUITOUS CONNECTIVITY COMPUTING ADVANCES IN DATA UBIQUITOUS COMPUTING ECONOMICS ANALYTICS ADVANCES IN DATA CONNECTIVITY ECONOMICS ANALYTICS WIDESPREAD MINIATURIZATION WIDESPREAD ADOPTION OF IP RISE OF CLOUD MINIATURIZATION ADOPTION OF IP COMPUTING 18
The IoT Ecosystem Applications Software (gateways/processors) Technology (sensors) 19
The IoT Ecosystem (Applications) 1. Smart home 2. Smart wearables 3. IoT Solutions For Smart City 4. Smart Grids 5. Industrial Internet 6. Smarter Automotive Industry 7. Smart Health Care Systems 8. Smart Retail 9. Smart Supply Chain 10. Agriculture 11. Many more 20
The IoT Ecosystem Software (gateways) Software (gateways/processors) Intel-Edison/Galileo Qualcomm-Snapdragon Raspberry Pi 3 Chip RB Marvell-MW302 Cypress-Bluetooth IoT kit Samsung ARTIK And many more…. 21
The IoT Ecosystem (technology) Technology (sensors) Honeywell Grayhill Intel Qualcomm Many more… 22
The challenges we face
The number of IoT devices and systems connected to the Internet will be more than 2.5x the global population by 2020 (Gartner). (Others, 30 - 50 Billion by 2025)
As more and more devices are connected, privacy and security risks increase. Used with permission. http://www.geekculture.com/joyoftech/joyarchives/2340.html
Key IoT Challenges • Security • Privacy • Interoperability and Standards • Legal, regulatory and rights • Emerging economies and development 26
Key Challenge: IoT Ecosystem Three Dimensions: • Combination of devices, apps, platforms & services • Data flows, touch points & disclosures • Lack of defined standards Impacts on Sustainability Issues: • Lifecycle supportability • Data retention / ownership 27
Interoperability and Standards 28
New devices, new vulnerabilities The attributes of many IoT devices present new and unique security challenges compared to traditional computing systems. • Device Cost/Size/Functionality • Limited user interfaces (UI) • Volume of identical devices (homogeneity) • Limited visibility into, or control over, internal workings • Long service life (often extending far beyond supported lifetime) • Embedded devices • Unintended uses • No or limited upgradability or patching • BYOIoT • Physical security vulnerabilities • Access 29
Legal, regulatory and rights 30
Emerging economies and development 31
Who is responsible? Developers and users of IoT devices and systems have a collective obligation to ensure they do not expose others and the Internet itself to potential harm To scale up we need a collective approach, addressing security challenges on all fronts. 32
What we’re doing about it
There are two ways to view IoT Security Inward Security Outward Security Focus on potential harms to the health, Focus on potential harms that compromised safety, and privacy of device users and devices and systems can inflict on the their property stemming from Internet and other users compromised IoT devices and systems 34
What is the Online Trust Alliance? •OTA was founded in 2004 • developed technical standards to fight spam; • advance Secure Sockets Layer (SSL) and email authentication best practices; • has introduced a foundation for a future IoT certification programme; • and has worked on measures to address online fraud. •An initiative of the Internet Society (ISOC), as of 5 April 2017! •will help improve security and data privacy for users (ISOC’s trust agenda) 35
Some OTA’s initiatives •Annual Online Trust Audit; • Cyber Incident Response Guide; • Internet of Things (IoT) Trust Framework. 36
Online Trust Alliance IoT Security & Privacy Trust Framework • Measureable principles vs. standards development • Consumer grade devices (home, office and wearables) • Address known vulnerabilities and IoT threats • Actionable and vendor neutral https://otalliance.org/iot/ 37
Online Trust Alliance IoT Security Resources 38
ISOC “IoT Trust by Design” Campaign 1 2 3 Work with manufacturers Mobilize consumers to Encourage policy and and suppliers to adopt and drive demand for security regulations to push for implement the OTA IoT and privacy capabilities as a better security and privacy Trust Framework market differentiator features in IoT 39
Activity highlights OTA IoT Trust Framework implementation Global, regional and local partnerships - Best practices and toolkits - Security-minded IoT alliances - Implementation guide - Certification organizations - Civil society organizations - Training for ISOC and community - Organizations that review consumer products - Internet Society community Research - Paper on IoT Security for Policymakers - Policy research: mapping the IoT policy/regulatory Outreach to policy makers landscape - Regional engagement in strategic countries - Economic study on IoT security externalities - Global and regional events - Study on “consumer grade” IoT markets, to better - Workshops and capacity building understand manufacturing trends and consumer behaviour- Thought pieces and articles 40
It’s All About Cooperation & Collaboration: “Collaborative Security” •Both cybersecurity problems specifically and other criminal activities carried out using the Internet are not going to be solved with technology alone! •Close cooperation and coordination by all stakeholders is key! •Governments; •Businesses; •Academia; •Organizational and individual users; •Law enforcement agencies; •Policy makers worldwide. 41
The time to act is NOW! 42
43
Thank you. Shernon Osepa Visit us at Galerie Jean-Malbuisson 15, 1775 Wiehle Avenue, www.internetsociety.org CH-1204 Geneva, Suite 201, Reston, VA Manager Regional Affairs LAC Follow us @internetsociety Switzerland. +41 22 807 1444 20190-5108 USA. +1 703 439 2120 osepa@isoc.org @ShernonOsepa 44
You can also read