"IOT-SECURITY" CARIBNOG 18 26 SEPTEMBER 2019 ANTIGUA & BARBUDA
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
CaribNOG 18
26 September 2019
Antigua & Barbuda
“IoT-Security”
Shernon Osepa,
Manager Regional Affairs Latin America and Caribbean
osepa@isoc.org
@ShernonOsepa
Internet Society © 1992–2016
Why are we talking about IoT?
2
What do you think when you hear Cybersecurity and IoT?
3
Why does Internet Society care?
“An Open, Globally-Connected, Trustworthy, and Secure Internet for Everyone”
4
Importance
• More than 90% of global economy is conducted over the Internet
• More than 2 millon USD generated every 30 seconds
• It transforms and generates all kinds of new businesses
• Social impact
5
Cybersecurity
6
Definitions
•Internet Governance: (infrastructure, legal, economic, development,
sociocultural, human rights, security)
•“Cyber security refers to preventative methods to protect information
from being stolen, compromised or attacked in some other way”;
•For the purposes of this presentation, cyber security is defined as
“anything that includes security problems specific to the Internet and their
technical and non-technical solutions”;
7
Cybersecurity mapping
issues can be classified according to three criteria:
1. Type of action (data interception/interference, illegal access, spyware, data
corruption, sabotage, denial of service (DoS), identity theft).
2. Type of perpetrator (criminals, anarchists, hackers, revolutionaries, terrorists, secret
services, defence/military units, Governments?).
3. Type of target (individuals, private companies, civil society organizations, media
entities, public institutions, critical infrastructures etc.
8
Economic impact
Jamaica pierde U$S 100 m en 2016 — Govt, Thursday, 12 Cibercrimen le cuesta a la economía global
de octubre de 2017 US$450 billions, CEO, Hiscox Insurance, 7 de febrero de 2017
9
Social impact
10Cybersecurity Challenges
11Cybersecurity threats
Malicious software: (Malware)-viruses, spyware and other unwanted software)
Botnets: networks or hijacked devices that perform remotely commanded tasks without
the knowledge of their owners
Denial of Service (DoS): flooding a computer or website with requests for information,
preventing them functioning properly
Phishing:a form of social engineering through which a person is tricked into doing
something that they normally should not do
E-scams: fraud schemes in which scammers use one or more online services- such as
emails or websites to contact potential victims
12What should we do about it?
13Regarding the Internet of Things(IoT)
14What is IoT really?
• Despite the buzz, no single definition!
refers to scenarios where network connectivity and computing capability extends to
objects, sensors and everyday items not normally considered computers, allowing these
devices to generate, exchange and consume data with minimal human intervention.
• Functionally: The extension of network connectivity and computing capability
to a variety of objects, devices, sensors and everyday items allowing them to
generate/exchange data, often with remote data analytic/management
capabilities.
• As Value: Data & what can be done with it.
• As a Vision: The realization of a “hyper-connected” world.
15A Tree Ecosystem
Leaves
Trunk/branches
Roots
16Computers, Networks, and “Things” not new…….
17If it’s not new, why now?:
A Confluence of Market Trends
UBIQUITOUS
CONNECTIVITY COMPUTING ADVANCES IN DATA
UBIQUITOUS COMPUTING
ECONOMICS ANALYTICS ADVANCES IN DATA
CONNECTIVITY ECONOMICS ANALYTICS
WIDESPREAD MINIATURIZATION
WIDESPREAD
ADOPTION OF IP RISE OF CLOUD
MINIATURIZATION
ADOPTION OF IP COMPUTING
18The IoT Ecosystem
Applications
Software (gateways/processors)
Technology (sensors)
19The IoT Ecosystem (Applications) 1. Smart home 2. Smart wearables 3. IoT Solutions For Smart City 4. Smart Grids 5. Industrial Internet 6. Smarter Automotive Industry 7. Smart Health Care Systems 8. Smart Retail 9. Smart Supply Chain 10. Agriculture 11. Many more 20
The IoT Ecosystem Software (gateways)
Software (gateways/processors)
Intel-Edison/Galileo
Qualcomm-Snapdragon
Raspberry Pi 3
Chip RB
Marvell-MW302
Cypress-Bluetooth IoT kit
Samsung ARTIK
And many more….
21The IoT Ecosystem (technology)
Technology (sensors)
Honeywell
Grayhill
Intel
Qualcomm
Many more…
22The challenges we face
The number of IoT devices and systems connected to the Internet will be more than 2.5x the global population by 2020 (Gartner). (Others, 30 - 50 Billion by 2025)
As more and more
devices are connected,
privacy and security
risks increase.
Used with permission. http://www.geekculture.com/joyoftech/joyarchives/2340.htmlKey IoT Challenges
• Security
• Privacy
• Interoperability and Standards
• Legal, regulatory and rights
• Emerging economies and development
26Key Challenge: IoT Ecosystem
Three Dimensions:
• Combination of devices, apps, platforms &
services
• Data flows, touch points
& disclosures
• Lack of defined standards
Impacts on Sustainability Issues:
• Lifecycle supportability
• Data retention / ownership
27Interoperability and Standards
28New devices, new vulnerabilities
The attributes of many IoT devices present new and unique security challenges compared to
traditional computing systems.
• Device Cost/Size/Functionality • Limited user interfaces (UI)
• Volume of identical devices (homogeneity) • Limited visibility into, or control over,
internal workings
• Long service life (often extending far
beyond supported lifetime) • Embedded devices
• Unintended uses
• No or limited upgradability or patching
• BYOIoT
• Physical security vulnerabilities
• Access
29Legal, regulatory and rights
30Emerging economies and development
31Who is responsible?
Developers and users of IoT
devices and systems have a
collective obligation to ensure
they do not expose others and
the Internet itself to potential
harm
To scale up we need a collective
approach, addressing security
challenges on all fronts.
32What we’re doing about it
There are two ways to view IoT Security
Inward Security Outward Security
Focus on potential harms to the health, Focus on potential harms that compromised
safety, and privacy of device users and devices and systems can inflict on the
their property stemming from Internet and other users
compromised IoT devices and systems
34What is the Online Trust Alliance?
•OTA was founded in 2004
• developed technical standards to fight spam;
• advance Secure Sockets Layer (SSL) and email authentication best
practices;
• has introduced a foundation for a future IoT certification programme;
• and has worked on measures to address online fraud.
•An initiative of the Internet Society (ISOC), as of 5 April 2017!
•will help improve security and data privacy for users (ISOC’s trust agenda)
35Some OTA’s initiatives
•Annual Online Trust Audit;
• Cyber Incident Response Guide;
• Internet of Things (IoT) Trust Framework.
36Online Trust Alliance IoT Security & Privacy Trust Framework
• Measureable principles vs. standards
development
• Consumer grade devices (home, office and
wearables)
• Address known vulnerabilities and IoT threats
• Actionable and vendor neutral
https://otalliance.org/iot/
37Online Trust Alliance IoT Security Resources
38ISOC “IoT Trust by Design” Campaign
1 2 3
Work with manufacturers Mobilize consumers to Encourage policy and
and suppliers to adopt and drive demand for security regulations to push for
implement the OTA IoT and privacy capabilities as a better security and privacy
Trust Framework market differentiator features in IoT
39Activity highlights
OTA IoT Trust Framework implementation Global, regional and local partnerships
- Best practices and toolkits - Security-minded IoT alliances
- Implementation guide - Certification organizations
- Civil society organizations
- Training for ISOC and community
- Organizations that review consumer products
- Internet Society community
Research
- Paper on IoT Security for Policymakers
- Policy research: mapping the IoT policy/regulatory Outreach to policy makers
landscape - Regional engagement in strategic countries
- Economic study on IoT security externalities - Global and regional events
- Study on “consumer grade” IoT markets, to better - Workshops and capacity building
understand manufacturing trends and consumer behaviour- Thought pieces and articles
40It’s All About Cooperation & Collaboration: “Collaborative Security”
•Both cybersecurity problems specifically and other criminal activities
carried out using the Internet are not going to be solved with technology
alone!
•Close cooperation and coordination by all stakeholders is key!
•Governments;
•Businesses;
•Academia;
•Organizational and individual users;
•Law enforcement agencies;
•Policy makers worldwide.
41The time to act is NOW!
4243
Thank you.
Shernon Osepa
Visit us at Galerie Jean-Malbuisson 15, 1775 Wiehle Avenue,
www.internetsociety.org CH-1204 Geneva, Suite 201, Reston, VA
Manager Regional Affairs LAC Follow us
@internetsociety
Switzerland.
+41 22 807 1444
20190-5108 USA.
+1 703 439 2120
osepa@isoc.org
@ShernonOsepa
44You can also read
