"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA

Page created by Ross Mack
 
CONTINUE READING
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
CaribNOG 18
26 September 2019
Antigua & Barbuda

                            “IoT-Security”

 Shernon Osepa,
 Manager Regional Affairs Latin America and Caribbean
 osepa@isoc.org
 @ShernonOsepa
                                                        Internet Society © 1992–2016
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
Why are we talking about IoT?

                                2
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
What do you think when you hear Cybersecurity and IoT?

                                                         3
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
Why does Internet Society care?
“An Open, Globally-Connected, Trustworthy, and Secure Internet for Everyone”

                                                                         4
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
Importance
• More than 90% of global economy is conducted over the Internet
• More than 2 millon USD generated every 30 seconds
• It transforms and generates all kinds of new businesses
• Social impact

                                                                   5
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
Cybersecurity

                6
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
Definitions
•Internet Governance: (infrastructure, legal, economic, development,
sociocultural, human rights, security)

•“Cyber security refers to preventative methods to protect information
from being stolen, compromised or attacked in some other way”;

•For the purposes of this presentation, cyber security is defined as
“anything that includes security problems specific to the Internet and their
technical and non-technical solutions”;

                                                                               7
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
Cybersecurity mapping
       issues can be classified according to three criteria:

1. Type of action (data interception/interference, illegal access, spyware, data
corruption, sabotage, denial of service (DoS), identity theft).

2. Type of perpetrator (criminals, anarchists, hackers, revolutionaries, terrorists, secret
services, defence/military units, Governments?).

3. Type of target (individuals, private companies, civil society organizations, media
entities, public institutions, critical infrastructures etc.

                                                                                              8
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
Economic impact

Jamaica pierde U$S 100 m en 2016 — Govt, Thursday, 12            Cibercrimen le cuesta a la economía global
de octubre de 2017                                               US$450 billions, CEO, Hiscox Insurance, 7 de febrero de 2017

                                                                                                                        9
"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
Social impact

                10
Cybersecurity Challenges

                           11
Cybersecurity threats

Malicious software: (Malware)-viruses, spyware and other unwanted software)
Botnets: networks or hijacked devices that perform remotely commanded tasks without
the knowledge of their owners
Denial of Service (DoS): flooding a computer or website with requests for information,
preventing them functioning properly
Phishing:a form of social engineering through which a person is tricked into doing
something that they normally should not do
E-scams: fraud schemes in which scammers use one or more online services- such as
emails or websites to contact potential victims

                                                                                    12
What should we do about it?

                              13
Regarding the Internet of Things(IoT)

                                        14
What is IoT really?
• Despite the buzz, no single definition!
refers to scenarios where network connectivity and computing capability extends to
objects, sensors and everyday items not normally considered computers, allowing these
devices to generate, exchange and consume data with minimal human intervention.

• Functionally: The extension of network connectivity and computing capability
  to a variety of objects, devices, sensors and everyday items allowing them to
  generate/exchange data, often with remote data analytic/management
  capabilities.
• As Value: Data & what can be done with it.
• As a Vision: The realization of a “hyper-connected” world.

                                                                                   15
A Tree Ecosystem

                   Leaves

                   Trunk/branches

                   Roots

                                    16
Computers, Networks, and “Things” not new…….

                                               17
If it’s not new, why now?:
A Confluence of Market Trends

     UBIQUITOUS
     CONNECTIVITY               COMPUTING               ADVANCES IN DATA
           UBIQUITOUS                  COMPUTING
                                ECONOMICS               ANALYTICS ADVANCES IN DATA
          CONNECTIVITY                  ECONOMICS                     ANALYTICS

     WIDESPREAD                 MINIATURIZATION
          WIDESPREAD
     ADOPTION OF IP                                                 RISE OF CLOUD
                                      MINIATURIZATION
         ADOPTION OF IP                                              COMPUTING

                                                                                     18
The IoT Ecosystem

Applications

Software (gateways/processors)

Technology (sensors)

                                                     19
The IoT Ecosystem (Applications)
1.   Smart home
2.   Smart wearables
3.   IoT Solutions For Smart City
4.   Smart Grids
5.   Industrial Internet
6.   Smarter Automotive Industry
7.   Smart Health Care Systems
8.   Smart Retail
9.   Smart Supply Chain
10. Agriculture
11. Many more                                          20
The IoT Ecosystem Software (gateways)
    Software (gateways/processors)
    Intel-Edison/Galileo
    Qualcomm-Snapdragon
    Raspberry Pi 3
    Chip RB
    Marvell-MW302
    Cypress-Bluetooth IoT kit
    Samsung ARTIK
    And many more….

                                        21
The IoT Ecosystem (technology)
  Technology (sensors)

  Honeywell
  Grayhill
  Intel
  Qualcomm
  Many more…

                                 22
The challenges we face
The number of IoT devices and systems
connected to the Internet will be more than
2.5x the global population
by 2020 (Gartner).

(Others, 30 - 50 Billion by 2025)
As more and more
devices are connected,
privacy and security
risks increase.

                         Used with permission. http://www.geekculture.com/joyoftech/joyarchives/2340.html
Key IoT Challenges

• Security
• Privacy
• Interoperability and Standards
• Legal, regulatory and rights
• Emerging economies and development

                                       26
Key Challenge: IoT Ecosystem
Three Dimensions:
• Combination of devices, apps, platforms &
  services
• Data flows, touch points
  & disclosures
• Lack of defined standards

Impacts on Sustainability Issues:
• Lifecycle supportability
• Data retention / ownership

                                              27
Interoperability and Standards

                                 28
New devices, new vulnerabilities

The attributes of many IoT devices present new and unique security challenges compared to
traditional computing systems.

•   Device Cost/Size/Functionality              •   Limited user interfaces (UI)
•   Volume of identical devices (homogeneity)   •   Limited visibility into, or control over,
                                                    internal workings
•   Long service life (often extending far
    beyond supported lifetime)                  •   Embedded devices
                                                •   Unintended uses
•   No or limited upgradability or patching
                                                •   BYOIoT
•   Physical security vulnerabilities
•   Access

                                                                                                29
Legal, regulatory and rights

                               30
Emerging economies and development

                                     31
Who is responsible?

Developers and users of IoT
devices and systems have a
collective obligation to ensure
they do not expose others and
the Internet itself to potential
harm

To scale up we need a collective
approach, addressing security
challenges on all fronts.

                                   32
What we’re doing about it
There are two ways to view IoT Security

          Inward Security                            Outward Security
      Focus on potential harms to the health,    Focus on potential harms that compromised
       safety, and privacy of device users and      devices and systems can inflict on the
           their property stemming from                   Internet and other users
       compromised IoT devices and systems

                                                                                             34
What is the Online Trust Alliance?

•OTA was founded in 2004
•   developed technical standards to fight spam;
•   advance Secure Sockets Layer (SSL) and email authentication best
    practices;
•   has introduced a foundation for a future IoT certification programme;
•   and has worked on measures to address online fraud.

•An initiative of the Internet Society (ISOC), as of 5 April 2017!
•will help improve security and data privacy for users (ISOC’s trust agenda)

                                                                               35
Some OTA’s initiatives

•Annual Online Trust Audit;
• Cyber Incident Response Guide;
• Internet of Things (IoT) Trust Framework.

                                              36
Online Trust Alliance IoT Security & Privacy Trust Framework

•   Measureable principles vs. standards
    development
•   Consumer grade devices (home, office and
    wearables)
•   Address known vulnerabilities and IoT threats
•   Actionable and vendor neutral

                                                    https://otalliance.org/iot/
                                                                                  37
Online Trust Alliance IoT Security Resources

                                               38
ISOC “IoT Trust by Design” Campaign

                  1                              2                              3
        Work with manufacturers       Mobilize consumers to            Encourage policy and
       and suppliers to adopt and    drive demand for security        regulations to push for
        implement the OTA IoT       and privacy capabilities as a   better security and privacy
            Trust Framework             market differentiator             features in IoT

                                                                                                  39
Activity highlights

 OTA IoT Trust Framework implementation                   Global, regional and local partnerships
 - Best practices and toolkits                            - Security-minded IoT alliances
 - Implementation guide                                   - Certification organizations
                                                          - Civil society organizations
 - Training for ISOC and community
                                                          - Organizations that review consumer products
                                                          - Internet Society community

Research
- Paper on IoT Security for Policymakers
- Policy research: mapping the IoT policy/regulatory     Outreach to policy makers
   landscape                                             - Regional engagement in strategic countries
- Economic study on IoT security externalities           - Global and regional events
- Study on “consumer grade” IoT markets, to better       - Workshops and capacity building
   understand manufacturing trends and consumer behaviour- Thought pieces and articles

                                                                                                          40
It’s All About Cooperation & Collaboration: “Collaborative Security”

   •Both cybersecurity problems specifically and other criminal activities
   carried out using the Internet are not going to be solved with technology
   alone!

   •Close cooperation and coordination by all stakeholders is key!
   •Governments;
   •Businesses;
   •Academia;
   •Organizational and individual users;
   •Law enforcement agencies;
   •Policy makers worldwide.
                                                                               41
The time to act is NOW!

                          42
43
Thank you.
Shernon Osepa
                               Visit us at               Galerie Jean-Malbuisson 15,   1775 Wiehle Avenue,
                               www.internetsociety.org   CH-1204 Geneva,               Suite 201, Reston, VA
Manager Regional Affairs LAC   Follow us
                               @internetsociety
                                                         Switzerland.
                                                         +41 22 807 1444
                                                                                       20190-5108 USA.
                                                                                       +1 703 439 2120
osepa@isoc.org
@ShernonOsepa

                                                                                                               44
You can also read