2016 ELPP – IoT Security

This work was created in an open classroom environment as part of a program within the Sutardja Center for Entrepreneurship & Technology and led by Prof. Ikhlaq Sidhu at UC Berkeley. There should be no proprietary information contained in this paper. No information contained in this paper is intended to affect or influence public relations with any firm affiliated with any of the authors. The views represented are those of the authors alone and do not reflect those of the University of California Berkeley.

• Vijay Kumar Eranti • Serge Maskalik • Jeffrey Pierce • Dina McKinney • Hima Devisetti • Venkata Nandanavanam • Geoffrey Perez

Introduction IoThasthepotentialtobeoneofthegreatnewfrontiersforinnovationandtechnologicalgrowth.Astheinfrastructureandtechnologygrowtosupportthepossibilitiesofaconnectedworld,wewillsoonseeexamplesofIoTintegratedthroughoutourdailylives.Whereonceelectricitywasnewandstillbeingunderstood,andisnowtakenforgrantedasubiquitousandcommonplace,IoTwillbecomeacceptedasanintegralpartofhowweworkandlive.TheIoTspaceisstillinitsinfancyandtheprojectedgrowthandimpactofthisthistechnologyforbusinesses,consumers,andsocietyissettoshakeupthefoundationoftraditionalinstitutionsanindustries.EstimatesfortheimpactofIoTontheglobaleconomyrangefromfourtoeleventrilliondollarsinthenextdecade.Ourbottom-upanalysisfortheapplicationswesizeestimatesthattheIoThasatotalpotentialeconomicimpactof$3.9trillionto$11.1trillionayearby2025.Atthetopend,thatlevelofvalue—includingtheconsumersurplus—wouldbeequivalenttoabout11percentoftheworldeconomy.(JamesManyika,2015)

OneofthefastestgrowingsegmentsoftheIoTspaceissecurity.Withtheenormousincreaseinavailabledataandthepossibilityofmisuse,securityandprivacyconcernsareincreasinglycomingtotheforefrontoftheIoTdiscussion.Provingsolutionstoaddresssecurityproblemswillbeasignificantareaofinvestmentforbusinesseslookingtoreaptherewardsofaconnectedworld.“TheglobalIoTsecurityproductsmarketwasvaluedatUS$7.8Bnin2014andisexpectedtoincreaseataCAGRof16.5%duringtheforecastperiod(2015-2020).Enhancementinend-userexperienceanddatasecurityarethebasicfactorspropellinggrowthofthismarketcurrently.…Meanwhile,thesoftwaresegmentintheglobalIoTsecurityproductsmarketwasvaluedatUS$3.9Bnin2014andisanticipatedtoregisteraCAGRof17.2%duringtheforecastperiod.”(futuremarketinsights.com,2015)“TheInternetofThings(IoT)securitymarketisdrivenduetorisingsecurityconcernsinthecriticalinfrastructuresandstrictgovernmentregulationsandisexpectedtogrowfromUSD7.90Billionin2016toUSD36.95Billionby2021ataCompoundAnnualGrowthRate(CAGR)of36.1%.Theyear2015hasbeenconsideredasthebaseyearforthestudy,whilethemarketsizeforecastisfrom2016to2021.”(marketsandmarkets.com,2016)

ManyofthesamesecurityissuesexistwithcurrentInternettechnologies.Businessesarekeenlyawarethatsecurityisanimportantcomponenttothegrowthofthisburgeoningspace.ThereareopportunitiestocapitalizeonthemountingconcernsaboutsecurityintheIoTspace.TheInternetofThingsispoisedtoaddtrillionsofdollarstotheannualGDPinthenextfewyears.However,realizingthatpotentialimpactrequiresaddressingsecurity,whichisoneoftheprimarybarrierstoadoption.

Figure1:EstimatedsizeoftheIoTSecuritymarket(Source:BusinessInsiderIntelligenceEstimates2015)

Figure2:BusinessperceptionofIoTbarriers

Lookingatsecurityasjustachallengetobeovercome,however,isonlypartofthestory:IoTsecurityisalargepotentialbusinessinitsownright.IfcompaniesstandtogaintrillionsfromIoTofferings,theyarelikelywillingtopaybillionstoaddresssecurityconcerns.LastyearBusinessInsiderestimatedthattheIoTcybersecuritymarketcouldgrowto$120billionperyearby2020.IoTSecurityThreatTypesIoTfacesavarietyofsecuritythreatswithwidelydifferentcapabilities.Atoneofthespectrumsecuritythreatsincludenation-states(whomightattackacountry’selectricalgridittocrippleitinawarorelectronicvotingmachinestoinfluenceanelection…)whopossessconsiderableresources,bothpersonnelandmaterial.Ontheotherhand

are“scriptkiddiesorotherunskilledindividualswhocanre-useexistingattacksbutareunabletocreatetheirownexploits.Despitethevarietyofactors,mostattackshaveoneofthreebasicgoals:totakecontrolofaffecteddevices(forexample,tounlockdoors),tostealinformation(suchascorporatesecrets),ortodisruptservices(suchasyourautonomousvehicle).

Figure3:IoTThreatActors-SecurityGuidanceforEarlyAdoptersoftheInternetofThings– April2015

IoTSecurityThreatVectorsTobuildasecureIoToffering,acompanyneedstostartwiththesecurityofindividualdevices.Andevenasimpledevicehasmultiplelevelsthatneedtobesecured.

Figure4:TypesofIoTattacks

Figure5:IoTcomponents,issues,andrelevantcompanies

SiliconAtthelowestlevel,securingadevicerequiressecuringitshardwarecomponents:its“silicon”.Adevicecannotbesecureifsoftwareonthedevicecanmanipulatetheexecutionofarbitrarycodeonthedeviceoraccessarbitrarydata.Butachievingthatsecurityisnon-trivial,ascanbeobservedbyattackssuchastherecent”Rowhammer”attack,whichallowsarbitrarysoftwaretomanipulatethecontentsofmemorytoachieverootaccess.Whilesecuringhardwareisdifficult,mostofthecorechipmanufacturers(suchasIntel,ARM,andSamsung)arenowcompetingtodistinguishthemselvesthroughsecurehardwareofferings.FirmwareOnelevelupfromadevice’shardwareisitsfirmware,itslowest-levelcontrolsoftware.Securingadevice’sfirmwareiscritical,becauseunlikeadevice’soperatingsystemitisoftenimpossibletoupdateadevice’sfirmware.LowcostprovidersthatbakedpasswordsintofirmwarewereattherootoftherecentDDosattackagainstDyn.

Figure6:PCWorldOct24

Figure7:IBTOct25

CompanieslikeMocanaandEscryptaretryingtoprovidesecurefirmwareasacomponenttoIoTdevicemakers.OperatingSystemWhileoperatingsystemstendtobeeasiertoupdatethanfirmware,they’realsoalotmorecomplex.ManydevicesuseLinuxasalow-costandpowerfuloperatingsystem,yetdespiteyearsofexperienceanditsfundamentalopennesspeoplearestillidentifyingnewsecurityexploitsforit.DirtyCOW(Dirtycopy-on-write)isasamplesecurityvulnerabilitythataffectsallLinux-basedoperatingsystems,includingAndroid.Itisalocalprivilegeescalationbugthatexploitsaraceconditionintheimplementationofthecopy-on-writemechanism.ThebughasbeenlurkingintheLinuxkernelsince2007andhasbeenactivelyexploitedatleastsinceOctober2016.Anumberofcompanies,suchasGemalto,Intel’sWindRiver,andLynx,providesecureoperatingsystemstodevicemakers.Others,suchasSymantec,provideservicesthathelpmonitorandsecureoperatingsystemsprovidedbyotherentities.NetworkInadditiontocomputation,communicationistheothercorecomponentofanIoTdevice.Andthenetworkingstackisacommonsourceofsecurityflaws,suchasweaknessesinSSHimplementations.SSHowDowNexploitsvulnerabilityinOpenSSHthatis12yearsold,andyetIoTdevicesstillshipwiththeflawunpatched.CompanieslikeCentri,SecureRF,andRubiconoffersecurenetworkstackimplementations,whileothercompaniessuchasDigiCertofferdigitalcertificatesolutionsthataddressendpointauthentication.ApplicationEvenifadevice’sownhardwareandsoftwareissecure,theparticularapplicationorapplicationsthatrunonthatdevicemayintroducetheirownsecurityflaws.Common

Figure8:ArsTechnicaOct20

Figure9:WiredOct13

Figure10:ZDNetOct25

flawsarisefromapplicationsstoringdatainsecurelyonadeviceorfailingtoproperlysecureandauthenticatenetworkconnections.Securingapplicationsisdifficultbecauseeachapplicationisdifferent,butcompanieslikePraetorianandInsideSecureprovideconsulting,design,andanalysisservicestohelpmakersbuildsecureapplications.Cloud+Multiple,HeterogeneousDevicesOfcourse,intheInternetofThings,securingasingledeviceisinsufficient.Devicescommunicatewitheachotherandwiththecloud,meaningthatIoTprovidersalsoneedtoworryaboutthesecurityofnetworkprotocolsanddevices,theircloudinfrastructure,andtheircloudAPIs.InadditiontoestablishedcompanieslikeIBMandMicrosoft,start-upslikeIconLabsandTemperedNetworksprovideofferingsthathelpcompaniessecuretheircloudcomponentsandmanagetheirdevicecollections.Furtherresearch:https://downloads.cloudsecurityalliance.org/assets/research/internet-of-things/future-proofing-the-connected-world.pdf

SecurityApproachesSecuringdevicesandtheircommunicationwithotherdevicesandservicesfocusesonpreventingsecurityissues,butit’sonlyonepartofhowcompaniesneedtoapproachsecuringtheInternetofThings.PreventionlargelyfocusesoncompaniescreatingIoTdevicesandservices.However,preventioncanbechallenging:thedevicesinvolvedareoftenresourceconstrainedsothattheycan’thandlecomplexsecuritysolutions,theyoftenneedtolastanorderofmagnitudelongerthantraditionalcomputingdevices(forexample,20yearsinsteadof2years),andupdatingthemwithnewsoftwareisdifficult,ifnotimpossible.

Figure11:ApproachestoIoTsecurityincludePrevention,Detection,andResponding

Toaddresstheselimitations,companiesalsofocusondetectingattacksorcompromiseddevicesandrespondingappropriately.NumerousITandIoTcompanies,bothbiggerplayerslikeGE,Wurldtech,andCiscoandsmallerstart-upslikeIndegyandCyberFlowAnalytics,offersolutionstoIoToperators(thosethatpurchase,assemble,andoperateanIoTinstallation)thatallowthemtomonitortheoperationoftheirIoTinstallationsanddetectpotentialissues.Othercompanies,likeResilientSystems,CyberX,andNextNine,offersolutionsthathelpoperatorsrespondtodetectedissuesandhandlecompromiseddevices.DefenseinDepthThereanumberofanalogiestobedrawnfromwhathashappenedinthedatacenter/ITspaceinthecontextofaddressingtheattackvectorsthatareprominentintheIOTspacenow–technologiesatvariouslevelsalreadyexisttoaddressmajorityoftheissues.Vendorscansignificantlyimprovethesecuritypostureofthesolutionsbyhardeningtheirapplicationsandoperatingsystems,removingandshuttingdowntheunnecessaryservices,applyingsecurityscanningandpenetration

Defense-in-Depth: IOT Security Strategy

Prevent

Hardenhardwareandso/waretoeliminate

weaknesses(IOTVendor-driven)

Detect

Iden=fya@acks,compromised

applica=ons/devices(IOTOperatorDriven)

Respond

Dealwithcompromisedapplica=ons/devices,

mi=gateimpact(IOTOperatorDriven)

•  Reduce attack surface

•  Disable unneeded services

•  Strip Operating Systems and Packages to bare minimum

•  Apply Hardening techniques

Regulate

Iden=fya@acks,compromised

applica=ons/devices(IOTIndustryDriven)

•  Leverage active device discovery

•  Apply vulnerability scanning techniques frequently

•  Leverage Network Intrusion Detection inline

•  Apply Anomaly Detection

•  Good alerting / scoring

•  Visibility & Forensics capabilities

•  Improve audit trail and configuration history / drift

•  Patch/Remediate @ scale •  Micro-segment to allow

only needed flows

•  Manage @ scale & disable vulnerable services

•  Have ability to selectively quarantine and isolate devices or endpoints

•  Emulate existing regulations like PCI or HIPAA

•  Have vendor compliance validation programs (like UL, FIPS, Common Criteria, NEBS

•  Require mandatory vendor participation if present in critical infrastructure positions

testingintheirqualityassurancecycles,andleverage3rdpartysecurityassessmentvendorstoclosegapspriortoshipmentofnewdevices.IndustrialandconsumercustomersofIOTcanbenefitfromdetectioncapabilitiesavailableinITspacetodayifappliedagainstIOTarea.Exampleswouldbediscovery-basedinventorysolutionswithscanningtodeterminesecuritypatchinglevelsandvulnerabilitystateofthedevices.Inlinenetwork-basedanomaly-detectionandintrusionpreventiontechniquescanbeappliedtowired/wirelessnetworksaggregatingIOTandcentralizedalerting/monitoringandconfigurationaudittrailmechanismscanbeappliedtoincreasevisibilityoftheIOTimplementationstofurtherdecreaseawarenessofpotentialissuesanddecreasetheremediationtimesforsecurityevents.Fromresponseandremediationperspective,havingcentralmanagementdeliveredasSaaSforindustrialIOTsolutionsisapossibility,butnotlikelyintheheterogeneousconsumerenvironments.Inenterprisespace,mass-patchingsolutionsexiststoprovidecomprehensivedistributionandinstallationofsecurityfixes–thiscanbeappliedtoIOTatscaletoinsurelatestfixesaredeployedtodevicesrapidlyandtimely.ItwouldalsobeinterestingtodoafurtherstudyacrossvendorsanddevicestoseeifapositivesecuritymodelcanbeappliedwhereonlytheneededcommunicationflowsareallowedintheIOTwired/wirelessnetworksandtherestoftheunneededcommunicationspathsaremicro-segmentedandturnedoffbydefault.Inhomogenousstacks,thiswouldbeapossibility.Furtherresearch:https://inform.tmforum.org/sponsored-feature/2014/09/defense-depth-breadth-securing-internet-things/

BusinessLandscapeTheInternetofThingsiscomprisedofawildlydiverserangeofdevicetypes- from small to large, from simple to complex – from consumergadgets to sophisticated systems found in DoD, utility andindustrial/manufacturing systems. Now part of the expanding webconnected network – Internet of Things, embedded devices are verydifferent from standard PCs or other consumer devices. These

industrial operational assets are commonly fixed function devicesdesignedspecificallytoperformaspecializedtask.ManyofthemuseaspecializedoperatingsystemsuchasVxWorks,MQXorINTEGRITY,orastrippeddownversionofLinux.Installingnewsoftwareonthesystemin the field either requires a specialized upgrade process or is simplynotsupported. Inmostcases,thesedevicesareoptimizedtominimizeprocessingcyclesandmemoryusageanddonothaveextraprocessingresourcesavailabletosupporttraditionalsecuritymechanisms.Asaresult,standardPCsecuritysolutionswon’tsolvethechallengesofembeddeddevices.Infact,giventhespecializednatureofembeddedsystems,PCsecuritysolutionswon’tevenrunonmostembeddeddevices.TherearemanycompaniesthatareworkingonprovidingsecurityinIoTlandscape.Someofthecompaniesinclude:

• AzetiNetworksAG• Intel• Sypris• ZingBox• Shodan• CertifiedSecuritySolutions:EnterprisedigitalidentityCertified Security Solutions (CSS) (https://www.css-security.com/ ) is a cyber security company that builds andsupports platforms to enable secure commerce for globalbusinesses connected to the Internet. CMS enterprise certificatelifecycle management and VerdeTTo™ IoT identity securityplatforms simplify the design, deployment, monitoring andmanagement of trusted digital identities, making authenticationscalable,flexibleandaffordable.

• Symantec:Symantec (https://www.symantec.com/ ) expands securityportfolio with new Embedded Critical System Protection,designedtodefendIoTdevicesagainstzero-dayattacks,andsignsATMmanufacturerWincorNixdorf as oneof the early adopters.To further fuel innovation in IoT security, Symantec recentlyannounced a partnership with Frost Data Capital to incubateearly-stage startupswith funding, resourcesandexpertise.FrostData Capital underpins the incubator with seasoned

entrepreneurs,proven innovationmethodologyandprocess,anddeep expertise in big data analytics, IoT, industrials andhealthcare.ThesestartupcompanieswillhavetheopportunitytocollaboratewithSymantec to solve themost complex challengesshapingtomorrow'sthreatlandscape.

• SecureThings:SecuriThings (http://securithings.com/) is a User and EntityBehavioral Analytics (UEBA) solution for IoT. It monitors usersandtheIoTdevicesthemselves.Itusesmachinelearningsecurityalgorithms adapted for IoT to identify andmitigate threats. Andit’s simple to add to any IoT application, because it’s pre-integratedwithleadingIoTplatforms.

• DeviceAuthority:SecurityAutomationforInternetofThingsDevice Authority (http://www.deviceauthority.com/) providessimple,innovativesolutionstoaddressthechallengesofsecuringthe Internet of Things (IoT). IoT brings new security challengesintroduced by the scale and pace of adoption, as well as thephysicalconsequencesofcompromisedsecurity.Thesechallengescannot be effectively addressed by traditional InformationTechnology (IT) security solutions. The Device Authority IoTsecurity platform is purpose-built to address these challengesthrough automated device provisioning, credentialmanagement,secure updates and policy-driven data encryption. The IoTpromises countless efficiencies, increased competitiveness,improved customer service and even brand new marketopportunities. However, deploying strong security is hard andalways has been. Deploying strong IoT security is evenharder. According to Gartner, by 2020, around 25% of allidentified security breaches will involve IoT. To address this,Device Authority introduces a new paradigm of IoT SecurityAutomation that accelerates and simplifies the deployment ofstrongIoTsecurity.Advanced,policydrivensecurityautomationiscriticalforindustrial,healthcare,transportationandotherlargescale security sensitive IoT environments. Their patenteddynamickeytechnologyprovidestheessentialdevice-basedtrustanchor for IoT devices, enabling policy-driven provisioning,

access control and data protection for mission-critical IoTapplicationsandservices.

• Bastille:SecurityfortheInternetofRadiosBastille(https://www.bastille.net/)isthefirstcompanytoenableenterprise security teams to assess and mitigate the riskassociatedwiththegrowingInternetofRadios.Bastille’ssoftwareand security sensors bring visibility to devices emitting radiosignals (Wi-Fi, cellular, wireless dongles and other IoTcommunications) in the installed organization’sairspace. Bastille’s technology scans the entire radio spectrum,identifying devices on frequencies from 60MHz to 6 GHz. Thisdataisthengatheredandstored,andmappedsothatcompaniescan understand what devices are transmitting data, and fromwhere in their corporate airspace. This provides improvedsituational awareness of potential cyber threats and post-eventforensicanalysis.

FollowingaresomeofthecompaniesthatareworkingonprovidingsecurityinIoTlandscapeateachofthefollowinglayers(showninthepicturebelow):

Startups

Challenge:HeterogeneityThetypesofsecuritythreatsandtheapproachestoprovidingsecurityaresimilaracrossITandIoT,butsecuringIoTissignificantlymorecomplex.OnereasonisthatIoThastodealwithsignificantlymoreheterogeneity.Notonlydomakersandoperatorsneedtoaddressmultiplelevelsofthreats,theyhavetodoitacrossamuchwidervarietyofdevices.Andbecausesecurityisonlyasstrongasitsweakestlink,mixingmultiplecomponentsanddevicesthatmaynothavebeenexplicitlydesignedtoworkwitheachothermakesprovidingsecureofferingsmuchharder.

Figure13:IoTheterogeneityisthecombinationofbothdeviceandcomponentheterogeneity

TrendsinIoTSecurity:AcquisitionsExaminationofcurrentofferingsintheIoTsecurityspaceandtheongoingchallengesfacedbyIoTmakersandoperators,severaltrendsareapparent.First,particularlyintheindustrialIoT,operatorsarelookingforsingle-providersolutionsthatreducetheheterogeneityofinstallationsandthushopefullyincreasetheirsecurity.Inresponse,manyofthelargeplayers(particularestablishedITsecurityplayers)areacquiringsmallercompaniesinordertoincreasetheirabilitytoprovide“onestopshopping”IoTsecuritysolutions.Cisco’sacquisitionofJasper,Intel’spurchaseofYogitech,andQualcomm’spurchaseofNXPareallinpartintendedtoallowthosecompaniestoimprovetheirIoTsecurityofferings.

Thisconsolidationislikelytoincrease,asothercompanieswillfeelthepressuretoprovidecomparativeofferingsandwillthusneedtomakeacquisitionsoftheirown.Largerplayersarealsowellpositionedtomaketheseacquisitionsbecauseoftheirlargercashbalances,whichallowsthemtoconsiderbothlargeandsmallcompaniesaspotentialpurchases.

Undisclosedacquisitionprice $47billionacquisition$1.4billionacquisition

Figure15:Cashbalanceoftopconsolidators(Source-MomentumPartners2016)

Challenge:CostInaddition,costismuchmoreofaconsiderationforIoT.Spendingtensofdollarstosecureadevicethatcoststhousandsofdollarsmaybeacceptable,butspendingthatsameamountofmoneytosecurealightbulb,alightswitch,oradoorlockisclearlynot.Asaresult,consumerIoTsecuritytendstoeitherignoredorprovidedascheaplyaspossible.Complicatingthematteristhatconsumerstypicallyconsiderjusttheshort-termcostofIoTdevices:theirpurchasecost.Buttherealcostofthosedevicesmaybetheirlong-termcostwhentheyfail:a$50smartlockthatcanbeeasilyhacked,allowingthievestostealyourvaluables,willendupalotmoreexpensivethan$50.Andwhilemanufacturersmayfocusontheshort-termcostsofmanufacturingadevice,IoTdevicesaremorelikelytofallunderproductliabilitylawsthanITdevices,leavingtheircreatorssubjecttosubstantiallawsuitsinthelong

term.Andbothofthosecasesignorethecoststo3rdparties,asinrecentcaseswherehackedIoTdeviceshaveparticipatedinDDoSattacks.

Figure14:RelativeimpactofIoTcostsandwhobearsthatcost

TrendsinIoTSecurity:RegulationsRegulationisonewaytoshiftlong-termcostconsiderationstotheshort-term,andthereisalreadyevidenceofgovernmentmovementinthatdirection.TheObamaadministration,aspartofitsCybersecurityNationalActionPlan,hasactivelybeenworkingwithindustrytoexplorenewcertificationstandards.Asananalogy,considerhowsomegovernmentregulationsrequireUnderwritersLaboratorycertificationforsomeelectricalproductsincertaincases.ThereisastronglikelihoodthatthegovernmentwillsoonissueregulationsthatmakesimilarrequirementsforIoTdevices.TheUnderwritersLaboratoryhasbeenactivelyworkingwiththegovernmenttocreateaCybersecurityAssurancecertificationprogramforIoTproviders.Ifregulationsdogetinstituted,theywouldhaveasignificantimpactondemandfordifferenttypesofofferings.Componentsthatalreadyprovidesecurecomponentswouldlikelytoseeincreaseddemand,whilemorecompanieswilllikelyenterthespacetoprovideconsultingservicestohelpIoTdevicemakersdesignandimplementsecuredevices.Praetorianisonecompanythatalreadyprovidessuchconsultingservicesandiswellpositionedtotakeadvantageofincreaseddemand.ExistingcertificationcompaniessuchasUL,GE

wurldtech,andICSALabsarealsoideallypositionedtobenefitfromnewsecurityregulations.

Figure16:SampleIoTcompanieslikelyimpactedbypotentialregulation

WhiteSpaceinIoTSecurityFinally,wenotethatintheconsumerspacethereissignificantwhitespaceforsecurityofferingsthatemphasizedetectingandrespondingtosecurityissues.ThiswhitespaceisdrivenbothbythecostconsciousnessoftheconsumerspaceandtherelativeimmaturityofconsumerIoTofferings(atleastascomparedtoindustrialofferings).However,consumerIoTcompanieswilleventuallyneedtoaddresstheseapproaches,andcompaniesthatstarttotacklethisspaceearlywilllikelyhaveanadvantage.

Figure17:DetectionandResponsearewhitespacefortheConsumerIoT

SummaryTheInternetofThingshasthepotentialtohaveamulti-trilliondollarannualimpactinthenearfuture,butonlyifcompaniescaneffectivelyaddresssecurity.Andwhilesecurityisalargeandcomplexissue,thereareobservabletrendsthathowtheindustrywillevolveinthenear-term.

Relatedreading:1.TheIOT:Mappingthevaluebeyondthehype:McKinseyGlobalInstituteAnalysis2.VulnerableIoTdevicesarechangingthecybersecuritylandscape:BusinessInsiderIntelligence3.SecurityIsaTopBarriertoInternetofThingsGrowth:Emarketer.comFeb2016IOTSecurityThreatTypes1.SecurityGuidancefor_Early_Adopters_of_the_Internet_of_Things:CoudSecurityAlliance2.Futureproofingtheconnectedworld:CloudSecurityAlliance3.SecurityChallengesintheIoTEra–“Internet”&“Things”ComingTogether:EquinoxblogSecurityApproaches1.Volume-1-Practical-Handbook-and-Reference-Guide-for-the-Working-Cyber-Security-Professional.pdf:CyberflowanalyticsandCiscoIOTStartups/Mergers1.IoTsecurityM&A,Part1:StartupstackleearlyIoTsecuritychallengesinkeymarkets2.451Research:IoTsecurityM&A,Part23.Cybersecurity_Market_Review_Q2_2016

IoT Security

•  Acquisi'onbylargerplayers•  Regula'onmayincreaseandshapedemand•  Whitespacearounddetec'onandresponse

IoT’s potential impact is in the $ trillions, but realizing that value requires addressing security.