iot (internet of things) and security
DESCRIPTION
ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014). IoT (Internet of Things) and Security. Mikhail Kader, DSE, Cisco [email protected]. Abstract. - PowerPoint PPT PresentationTRANSCRIPT
Geneva, Switzerland, 15-16 September 2014
IoT (Internet of Things) and Security
Mikhail Kader,DSE, Cisco
ITU Workshop on “ICT Security Standardizationfor Developing Countries”
(Geneva, Switzerland, 15-16 September 2014)
Geneva, Switzerland, 15-16 September 2014 2
Abstract
More things are being connected to address a growing range of business needs. In fact, by 2020, more than 50 billion things will connect to the Internet—seven times our human population. Examples are wearable health and performance monitors, connected vehicles, smart grids, connected oilrigs, and connected manufacturing. This Internet of Things (IoT) will revolutionize the way we work, live, play, and learn.Inadequate security will be a critical barrier to large-scale deployment of IoT systems and broad customer adoption of IoT applications. Simply extending existing IT security architectures to the IoT will not be sufficient. The IoT world requires new security approaches, creating fertile ground for innovative and disruptive thinking and solutions.
Agenda
IntroductionExtraordinary BenefitsMajor Security ChallengesDelivering Security Across the Extended Network
3
What Is the Internet of Things?
The Internet of Things is the intelligent connectivity of physical devices driving massive gains in efficiency, business growth, and quality of life”
4
Relationship to the Internet of Everything (IoE)
Networked Connection of People, Process, Data, Things
PeopleConnecting People in
More Relevant, Valuable Ways
ProcessDelivering the Right Informationto the Right Person (or Machine) at the Right Time
DataLeveraging Data into
More Useful Information for Decision Making
ThingsPhysical Devices and Objects Connected to the Internet andEach Other for IntelligentDecision Making
IoEIoE
7.27.26.8 7.67.6
IoT Is Here Now – and Growing!
Rapid Rapid Adoption Adoption Rate of Digital Rate of Digital Infrastructure:Infrastructure:5X Faster Than 5X Faster Than Electricity and Electricity and TelephonyTelephony
50 BillionBillion
““Smart Objects”Smart Objects”
5050
20102010 20152015 20202020
00
4040
3030
2020
1010
BIL
LIO
NS
OF D
EV
ICES
B
ILLIO
NS
OF D
EV
ICES
25
12.5
InflectionPoint
TIMELINTIMELINEE
Source: Cisco IBSG, 2011
World Population
IoT Delivers Extraordinary Benefits
Cost savings, improved safety, superior service
Connected Rail Operations
PASSENGER SECURITY In-station and onboard safety Visibility into key events
ROUTE OPTIMIZATION Enhanced Customer Service Increased efficiency Collision avoidance Fuel savings
CRITICAL SENSING Transform “data” to “actionable intelligence” Proactive maintenance Accident avoidance
Smart City
Safety, financial, and environmental benefits
CONNECTED TRAFFIC SIGNALS Reduced congestion Improved emergency services response times Lower fuel usage
PARKING AND LIGHTING Increased efficiency Power and cost savings New revenue opportunities
CITY SERVICES Efficient service delivery Increased revenues Enhanced environmental monitoring
capabilities
The Connected Car
Actionable intelligence, enhanced comfort, unprecedented convenience
WIRELESS ROUTER Online entertainment Mapping, dynamic re-routing, safety and
security
CONNECTED SENSORS Transform “data” to “actionable intelligence” Enable proactive maintenance Collision avoidance Fuel efficiency
URBAN CONNECTIVITY Reduced congestion Increased efficiency Safety (hazard avoidance)
… But It Also Adds Complexity
Application InterfacesApplication Interfaces
Infrastructure InterfacesInfrastructure Interfaces
New Business Models Partner Ecosystem
ApplicationsApplications
Unified PlatformUnified Platform
InfrastructureInfrastructure
APPLICATION ENABLEMENT PLATFORMAPPLICATION ENABLEMENT PLATFORM
APPLICATION CENTRIC INFRASTRUCTUREAPPLICATION CENTRIC INFRASTRUCTURE
Data Integration
Big Data AnalyticsControl Systems
Application Integration
What Comprises IoT Networks?
The Flip Side: Major Security Challenges
IoT Expands Security Needs
Converged, Managed Network
Resilience at Scale Security
Security Application Enablement
Distributed Intelligence
Increased Attack Surface
Threat Diversity
Impact and Risk
Remediation
Protocols
Compliance and Regulation
What Can Breach IoT Networks?
What can’t?
Billions of connected devicesSecure and insecure locationsSecurity may or may not be built inNot owned or controlled by IT … but data flows through the network
Any node on your network can potentially provide access to the core
Smart City
Potential impact to services and public safety
REMOTE ACCESS Increased traffic congestion Creation of unsafe conditions
SYSTEM CONTROL Device manipulation Remote monitoring Creation of unsafe conditions
SERVICE MANIPULATION Environmental degradation System shutdown Lost revenue
IT Breach via OT Network
Breached via Stolen Credentials from HVAC Vendor40 Million Credit And Debit Cards StolenPII Stolen From 70 Million CustomersReputation Damage*
46% drop in year-over-year profit5.3% drop in year-over-year revenue2.5% drop in stock price
CEO Fired
* Source: KrebsonSecurity, May 2014
Unintended Security Exposures*
Farm Feeding System in the U.S.
Mine Ventilation System in Romania
Hydroelectric Plant in the U.S.
* Source: Wired, November 2013
Delivering Security Across the Extended Network
The Secure IoT Architecture – IT Plus OT!
Services
Application InterfacesApplication Interfaces
Infrastructure InterfacesInfrastructure Interfaces
New Business Models Partner Ecosystem
ApplicationsApplications
Application Enablement PlatformApplication Enablement Platform
Application Centric InfrastructureApplication Centric Infrastructure
SecuritySecurity
Data Integrati
on
Data Integrati
onBig DataBig Data AnalyticsAnalytics Control
Systems
Control Systems
Application
Integration
Application
Integration Network and
Perimeter Security
Physical Security
Device-level Security /
Anti-tampering
Cloud-based Threat Analysis
/ Protection
End-to-End Data
Encryption
Services
IT and OT are Inherently Different
IT OT• Connectivity: “Any-to-Any”
• Network Posture: Confidentiality, Integrity, Availability (CIA)
• Security Solutions: Cybersecurity; Data Protection
• Response to Attacks: Quarantine/Shutdown to Mitigate
• Connectivity: Hierarchical
• Network Posture: Availability, Integrity, Confidentiality (AIC)
• Security Solutions: Physical Access Control; Safety
• Response to Attacks: Non-stop Operations/Mission Critical – Never Stop, Even if Breached
IT/OT Converged Security Model
IT
DMZ
OT
Enterprise Network
Supervisory
Demilitarized Zone
Automation & Control
Iden
tity
Serv
ices
Clo
ud
Netw
ork
Secu
rity
Secu
re A
ccess
Ap
plicati
on
Con
trol
Con
fig
M
gm
t
Conclusion: Securely Embrace IoT!
New challenges require new thinking!avoid operational siloesnetworking and convergence are keya sound security solution is integrated throughoutbuild for the future
Security must be pervasiveinside and outside the networkdevice- and data-agnosticproactive and intelligent
Intelligence, not dataconvergence, plus analyticsspeed is essential for real-time decisions