Huntsman - Internet of things (for IAP2015)
- 1. The Internet Enterprise Network
of Things
March 2015 – Piers Wilson
All images are the property of their respective owners
- 2. © 2015 Tier-3 Pty Limited. All rights reserved.
Agenda
What is the
“Internet of Things” ?
What are the
security issues ?
How can we solve
(or avoid) these ?
Images
from
Dr.
Seuss
- 3. © 2015 Tier-3 Pty Limited. All rights reserved.
What is the “Internet of Things”
Common characteristics
– Embedded/bespoke technologies
– Network connected (Intra & Internet)
– Cloud-connected applications, web control, data
tracking
– Mobile/App/Web control interfaces
– Massive volume/number/diversity of devices
The "Internet of Things” is the network of
physical objects that contains embedded
technology to communicate and sense or
interact with the objects' internal state or the
external environment
Gartner
Images
from
Dr.
Seuss
Images
from
Dr.
Seuss
- 4. © 2015 Tier-3 Pty Limited. All rights reserved.
What is the “Internet of Things”
Image
source:
Gartner,
2015
Images
from
Dr.
Seuss
- 5. © 2015 Tier-3 Pty Limited. All rights reserved.
Security issues will arise, and already are...
• Overall track record on IT security not perfect
– Workstations, web applications, enterprise networks, open
source code, centrifuges, operating systems, malware, mobile
devices... Still being breached
• Device manufacturers even less
experienced at defending systems
– Fridges, light bulbs, cars, HVAC systems, healthcare
devices, coffee machines
• Users generally don’t enable
security, or really care
– Especially at work
Images
from
Dr.
Seuss
- 6. Some figures
• By 2020 it is predicted there will be 200 billion smart
devices
– 26 for every human being
• 43% of US homes have connected TVs
• Today 7% of consumers own a “wearable”
– By the end of next year, that number will have jumped to
28%
• Dutch internet-connected cattle sensors tell farmers
when the animals are sick or pregnant
– Each cow sends about 200Mb of data per year
• General Electric believes “Industrial Internet” in oil/gas
exploration only has to make 1% more efficient to save
$90bn
Sources:
Intel,
IDC,
Business
Insider,
Motley
Fool
%
- 7. © 2015 Tier-3 Pty Limited. All rights reserved.
Predictions
IoT technologies (incl.
consumer) will be
connected to
enterprise networks
IoT failures will be
“real” - potentially
serious/damaging/life
affecting
IoT will involve mobile
and cloud for access,
control and storage
Devices will be vulnerable
Hoping for “Secure” IoT that
meets standards probably
unrealistic
Vulnerabilities will have
knock-on effects and
expose systems, networks,
data and users
Diversity/volumes
greater than traditional
IT
Business and user
communities will
drive IoT use – not
IT function
Images
from
Dr.
Seuss
- 8. © 2015 Tier-3 Pty Limited. All rights reserved.
Some stories so far...
http://contextis.com/resources/blog/
hacking-internet-connected-light-bulbs/
http://www.bbc.co.uk/news/
technology-29203776
http://reut.rs/1wjx19W
http://www.bbc.co.uk/news/
technology-30575104
Images
from
Dr.
Seuss
and
as
listed
- 9. © 2015 Tier-3 Pty Limited. All rights reserved.
1) Plan an IOT-aware enterprise network
• Proliferation of connected IoT devices will
increase
• New, Disruptive, Pervasive
– Many security approaches are accepted wisdom
• IoT will mean embracing cloud and wider
adoption of mobile and wireless technologies
• IoT, cloud and mobile connectivity will
become normal (if not already)
– Some security paradigms may become less effective
Images
from
Dr.
Seuss
- 10. © 2015 Tier-3 Pty Limited. All rights reserved.
2) Drive business engagement in IoT
• Develop security use cases for the business users
and jointly with security and business teams
– Leverage momentum as businesses seek to meet user,
consumer, operational demands
– Build security and risk reduction into wider IoT
interactions
– Inaction or poor planning may lead to IT security
becoming an impediment to future business activities
• Some connected devices/control systems are core
to business...
integrate specific security safeguards now, rather
than retrofitting
Images
from
Dr.
Seuss
- 11. © 2015 Tier-3 Pty Limited. All rights reserved.
3) Strive for IoT visibility
• IoT evolution well underway
– a growing range of
security risks
• Defining policies, patterns,
rules for “IoT Access Lists” or
“Device Vulnerability
Signatures” will be hard
• Segment networks to allow
adoption without subverting
existing controls / security
• Ensure visibility of IT
environment, streamline/
optimise/automate reporting
and compliance processes
• Build adequate systems and
processes to be able to detect:
– Connections and activity
– Failures and compromises
– Impacts on the operation of the IT
environment and the business
Images
from
Dr.
Seuss
- 12. © 2015 Tier-3 Pty Limited. All rights reserved.
Summary – 3 Goals
September 2015
1. A network architecture (segmentation) and intelligent
system monitoring capability that supports, detects and
manages IoT technologies when they are connected,
operating or failing
2. Ensure that when IoT technologies are attacked or
malfunction you can detect anomalies quickly, contain any
impact, investigate, understand and respond effectively
3. Anticipate and automate responses to predictable risk
scenarios - build timely fail-safe responses to foreseeable
threats
3
1
2
Images
from
Dr.
Seuss