andy thurai iot security

Post on 09-May-2015

416 Views

Category:

Technology

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

IoT Security

Andy Thurai/ (@andythurai)SaneIoT.com

"Bringing sanity to the IoT/API chaos"

"Smaht" Things...Ya Baby!

We will Internet ("IP") enable our sensitive devices and call them "Wicked Smaht"

IoT infestation...

Photo courtsety Intel

SmartTraffic, SmartCity, SmartGrid, SmartHome, SmartToilet,SmartEnergy .....SmarterPlanet

IoT in the news lately...

Are you worried?

Pure Numbers

• Billions of devices. – Currently we are about 10 B devices*– Expected to grow to 50 B devices in 2020*

• Trillions of dollars.– Revenue by IoT is expected to be $9 T**– That doesn't include the monetization of the

data that these IoTs help collect

* Cisco estimation** IDC estimation - Cisco estimation is $19 T

Data Economy

Data is the new commodity

End to End Data Economy

• Data need to be collected (IoT, Devices, Sensors)

• Data need to be securely transported• Data needs to be sanitized• Data needs to be processed (Big Data)• Data needs to be stored• Data needs to be exposed (API)• Actionable results from Data (Analytics)

Pain or Gain?

• Monetization attack - Gain– Disrupt the supply chain– Disrupt the food/water supply chain– Disrupt the manufacturing chain

• Cause disruption and Chaos - Pain– (Cyber) terrorism

Maginot Line

Strategy or Execution?

Smart Energy/ Smart Grid

Control Freak!!!

photo courtesy of rtcmagazine

Stuxnet

So what now?

• With Billions of devices end point protection is not easy.

• Доверяй, но проверяй doveryai no proveryai (russian) - Trust, but Verify.

• Dont trust always verify.

Defense in Depth

Advise• Design with failure and vulnerability in mind• Data quality matters, not just quantity. • Clean, Trusted data should be weighted more.• Digitally sign device firmware. • Dont run anything from untrusted source,

especially firmware updates.• New generation of nano scanners.• Vouch for data integrity.

Different planes

IoT Security

Andy Thurai/ (@andythurai)SaneIoT.com

"Bringing sanity to the IoT/API chaos"

top related