SlideShare a Scribd company logo

Huntsman - Internet of things (for IAP2015)

Huntsman Security
Huntsman Security

The document discusses the Internet of Things (IoT) and related security issues. It notes that as more physical objects become connected to networks and the internet, they will introduce new security risks. By 2020, it is predicted there will be over 200 billion connected devices worldwide. The document outlines three goals for enterprises to help secure their networks and systems as IoT proliferation increases: 1) Develop a segmented network architecture and monitoring system to support and manage connected IoT devices; 2) Ensure the ability to quickly detect anomalies, contain impacts, and respond to attacks or failures of IoT technologies; 3) Anticipate predictable risk scenarios and automate timely fail-safe responses.

Related slideshows

Information security
Information securityInformation security
Information security
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
 
1 of 14
Download to read offline
The Internet Enterprise Network of Things     March 2015 – Piers Wilson       All images are the property of their respective owners
© 2015 Tier-3 Pty Limited. All rights reserved. Agenda What is the “Internet of Things” ? What are the security issues ? How can we solve (or avoid) these ? Images  from    Dr.  Seuss  
© 2015 Tier-3 Pty Limited. All rights reserved. What is the “Internet of Things” Common characteristics –  Embedded/bespoke technologies –  Network connected (Intra & Internet) –  Cloud-connected applications, web control, data tracking –  Mobile/App/Web control interfaces –  Massive volume/number/diversity of devices The "Internet of Things” is the network of physical objects that contains embedded technology to communicate and sense or interact with the objects' internal state or the external environment Gartner Images  from    Dr.  Seuss   Images  from    Dr.  Seuss  
© 2015 Tier-3 Pty Limited. All rights reserved. What is the “Internet of Things” Image  source:  Gartner,  2015   Images  from    Dr.  Seuss  
© 2015 Tier-3 Pty Limited. All rights reserved. Security issues will arise, and already are... •  Overall track record on IT security not perfect –  Workstations, web applications, enterprise networks, open source code, centrifuges, operating systems, malware, mobile devices... Still being breached •  Device manufacturers even less experienced at defending systems –  Fridges, light bulbs, cars, HVAC systems, healthcare devices, coffee machines •  Users generally don’t enable security, or really care –  Especially at work Images  from    Dr.  Seuss  
Some figures •  By 2020 it is predicted there will be 200 billion smart devices –  26 for every human being •  43% of US homes have connected TVs •  Today 7% of consumers own a “wearable” –  By the end of next year, that number will have jumped to 28% •  Dutch internet-connected cattle sensors tell farmers when the animals are sick or pregnant –  Each cow sends about 200Mb of data per year •  General Electric believes “Industrial Internet” in oil/gas exploration only has to make 1% more efficient to save $90bn Sources:  Intel,  IDC,  Business  Insider,  Motley  Fool   %  
© 2015 Tier-3 Pty Limited. All rights reserved. Predictions IoT technologies (incl. consumer) will be connected to enterprise networks IoT failures will be “real” - potentially serious/damaging/life affecting IoT will involve mobile and cloud for access, control and storage Devices will be vulnerable Hoping for “Secure” IoT that meets standards probably unrealistic Vulnerabilities will have knock-on effects and expose systems, networks, data and users Diversity/volumes greater than traditional IT Business and user communities will drive IoT use – not IT function Images  from    Dr.  Seuss  
© 2015 Tier-3 Pty Limited. All rights reserved. Some stories so far... http://contextis.com/resources/blog/ hacking-internet-connected-light-bulbs/ http://www.bbc.co.uk/news/ technology-29203776 http://reut.rs/1wjx19W http://www.bbc.co.uk/news/ technology-30575104 Images  from    Dr.  Seuss  and  as  listed  
© 2015 Tier-3 Pty Limited. All rights reserved. 1) Plan an IOT-aware enterprise network •  Proliferation of connected IoT devices will increase •  New, Disruptive, Pervasive –  Many security approaches are accepted wisdom •  IoT will mean embracing cloud and wider adoption of mobile and wireless technologies •  IoT, cloud and mobile connectivity will become normal (if not already) –  Some security paradigms may become less effective Images  from    Dr.  Seuss  
© 2015 Tier-3 Pty Limited. All rights reserved. 2) Drive business engagement in IoT •  Develop security use cases for the business users and jointly with security and business teams –  Leverage momentum as businesses seek to meet user, consumer, operational demands –  Build security and risk reduction into wider IoT interactions –  Inaction or poor planning may lead to IT security becoming an impediment to future business activities •  Some connected devices/control systems are core to business... integrate specific security safeguards now, rather than retrofitting Images  from    Dr.  Seuss  
© 2015 Tier-3 Pty Limited. All rights reserved. 3) Strive for IoT visibility •  IoT evolution well underway – a growing range of security risks •  Defining policies, patterns, rules for “IoT Access Lists” or “Device Vulnerability Signatures” will be hard •  Segment networks to allow adoption without subverting existing controls / security •  Ensure visibility of IT environment, streamline/ optimise/automate reporting and compliance processes •  Build adequate systems and processes to be able to detect: –  Connections and activity –  Failures and compromises –  Impacts on the operation of the IT environment and the business Images  from    Dr.  Seuss  
© 2015 Tier-3 Pty Limited. All rights reserved. Summary – 3 Goals September 2015 1.  A network architecture (segmentation) and intelligent system monitoring capability that supports, detects and manages IoT technologies when they are connected, operating or failing 2.  Ensure that when IoT technologies are attacked or malfunction you can detect anomalies quickly, contain any impact, investigate, understand and respond effectively 3.  Anticipate and automate responses to predictable risk scenarios - build timely fail-safe responses to foreseeable threats 3  1  2   Images  from    Dr.  Seuss  
piers.wilson@huntsmansecurity.com +44 (0) 7800 508517 www.huntsmansecurity.com www.tier-3.com @tier3huntsman Questions Images  from    Dr.  Seuss  
:60 seconds The new way to deal with cyber threats www.huntsmansecurity.com

More Related Content

Huntsman - Internet of things (for IAP2015)

  • 1. The Internet Enterprise Network of Things     March 2015 – Piers Wilson       All images are the property of their respective owners
  • 2. © 2015 Tier-3 Pty Limited. All rights reserved. Agenda What is the “Internet of Things” ? What are the security issues ? How can we solve (or avoid) these ? Images  from    Dr.  Seuss  
  • 3. © 2015 Tier-3 Pty Limited. All rights reserved. What is the “Internet of Things” Common characteristics –  Embedded/bespoke technologies –  Network connected (Intra & Internet) –  Cloud-connected applications, web control, data tracking –  Mobile/App/Web control interfaces –  Massive volume/number/diversity of devices The "Internet of Things” is the network of physical objects that contains embedded technology to communicate and sense or interact with the objects' internal state or the external environment Gartner Images  from    Dr.  Seuss   Images  from    Dr.  Seuss  
  • 4. © 2015 Tier-3 Pty Limited. All rights reserved. What is the “Internet of Things” Image  source:  Gartner,  2015   Images  from    Dr.  Seuss  
  • 5. © 2015 Tier-3 Pty Limited. All rights reserved. Security issues will arise, and already are... •  Overall track record on IT security not perfect –  Workstations, web applications, enterprise networks, open source code, centrifuges, operating systems, malware, mobile devices... Still being breached •  Device manufacturers even less experienced at defending systems –  Fridges, light bulbs, cars, HVAC systems, healthcare devices, coffee machines •  Users generally don’t enable security, or really care –  Especially at work Images  from    Dr.  Seuss  
  • 6. Some figures •  By 2020 it is predicted there will be 200 billion smart devices –  26 for every human being •  43% of US homes have connected TVs •  Today 7% of consumers own a “wearable” –  By the end of next year, that number will have jumped to 28% •  Dutch internet-connected cattle sensors tell farmers when the animals are sick or pregnant –  Each cow sends about 200Mb of data per year •  General Electric believes “Industrial Internet” in oil/gas exploration only has to make 1% more efficient to save $90bn Sources:  Intel,  IDC,  Business  Insider,  Motley  Fool   %  
  • 7. © 2015 Tier-3 Pty Limited. All rights reserved. Predictions IoT technologies (incl. consumer) will be connected to enterprise networks IoT failures will be “real” - potentially serious/damaging/life affecting IoT will involve mobile and cloud for access, control and storage Devices will be vulnerable Hoping for “Secure” IoT that meets standards probably unrealistic Vulnerabilities will have knock-on effects and expose systems, networks, data and users Diversity/volumes greater than traditional IT Business and user communities will drive IoT use – not IT function Images  from    Dr.  Seuss  
  • 8. © 2015 Tier-3 Pty Limited. All rights reserved. Some stories so far... http://contextis.com/resources/blog/ hacking-internet-connected-light-bulbs/ http://www.bbc.co.uk/news/ technology-29203776 http://reut.rs/1wjx19W http://www.bbc.co.uk/news/ technology-30575104 Images  from    Dr.  Seuss  and  as  listed  
  • 9. © 2015 Tier-3 Pty Limited. All rights reserved. 1) Plan an IOT-aware enterprise network •  Proliferation of connected IoT devices will increase •  New, Disruptive, Pervasive –  Many security approaches are accepted wisdom •  IoT will mean embracing cloud and wider adoption of mobile and wireless technologies •  IoT, cloud and mobile connectivity will become normal (if not already) –  Some security paradigms may become less effective Images  from    Dr.  Seuss  
  • 10. © 2015 Tier-3 Pty Limited. All rights reserved. 2) Drive business engagement in IoT •  Develop security use cases for the business users and jointly with security and business teams –  Leverage momentum as businesses seek to meet user, consumer, operational demands –  Build security and risk reduction into wider IoT interactions –  Inaction or poor planning may lead to IT security becoming an impediment to future business activities •  Some connected devices/control systems are core to business... integrate specific security safeguards now, rather than retrofitting Images  from    Dr.  Seuss  
  • 11. © 2015 Tier-3 Pty Limited. All rights reserved. 3) Strive for IoT visibility •  IoT evolution well underway – a growing range of security risks •  Defining policies, patterns, rules for “IoT Access Lists” or “Device Vulnerability Signatures” will be hard •  Segment networks to allow adoption without subverting existing controls / security •  Ensure visibility of IT environment, streamline/ optimise/automate reporting and compliance processes •  Build adequate systems and processes to be able to detect: –  Connections and activity –  Failures and compromises –  Impacts on the operation of the IT environment and the business Images  from    Dr.  Seuss  
  • 12. © 2015 Tier-3 Pty Limited. All rights reserved. Summary – 3 Goals September 2015 1.  A network architecture (segmentation) and intelligent system monitoring capability that supports, detects and manages IoT technologies when they are connected, operating or failing 2.  Ensure that when IoT technologies are attacked or malfunction you can detect anomalies quickly, contain any impact, investigate, understand and respond effectively 3.  Anticipate and automate responses to predictable risk scenarios - build timely fail-safe responses to foreseeable threats 3  1  2   Images  from    Dr.  Seuss  
  • 13. piers.wilson@huntsmansecurity.com +44 (0) 7800 508517 www.huntsmansecurity.com www.tier-3.com @tier3huntsman Questions Images  from    Dr.  Seuss  
  • 14. :60 seconds The new way to deal with cyber threats www.huntsmansecurity.com