CITIZEN CENTRIC DIGITAL AND
MOBILE-IDENTITY, PERSONAL
DATA ECOSYSTEMS AND THE
INTERNET OF THINGS:
ASSESSING THE NATURE OF
...
WHO AM I?
 PhD online criminal activity: implications for investigative strategies
 Chief Security Officer Bebo, VP AOL
...
NASCENT INTEROPERABLE
ECOSYSTEMS:

I
DATA DRIVEN ECONOMY
CISCO’S PREDICTIONS: IoT
DATA GENERATED BY IoT
ELECTRONIC AND MOBILE ID
 NSTIC
 STORK
 IdAP
 GSMA Mobile ID
 Proposed regulation
PERSONAL INTERNET OF
THINGS

• Multi-tenancy cloud
based personal data
stores
• Targeted attacks,
• Cryptolocker virus
PATH TO ROI
Gigya's series
'Path to ROI',
focuses on the
different
technologies
and tools that
businesses can
leverage to
...
IoT TRUSTED CREDENTAILS
 Education
 Assert trusted credentials (LoA)
 Recognise trusted intermediaries
(accreditation)
...
IoT SECURITY AND TRUST
 Inofsec properties of the IoT are often hidden in
pervasive systems and small devices manufacture...
M2M VISION
MARKET EVOLUTION
FOR TELCO IN M2M
PDETS TRUST FRAMEWORKS
 Forging new social contracts
 The Respect Trust Framework is designed to give individuals
contro...
GOVERNANCE AS A
SOFTWARE SERVICE
 ID³ believes, governance principles should be expressed as
software that is then able t...
LEGAL FRAMEWORK
 European Network and Information Security Agency (ENISA)
comprehensive duties and responsibilities, whic...
INCREASE IN NUMBER OF
THREATS VECTORS
 Structured and unstructured data

 Information security management systems – thre...
NEW APPROACHES
 Existing solutions – each ecosystem is an island
 Security incident and management systems – usually uti...
POINTS FOR DISCUSSION
 Will the convergence between e-identity, Mobile ID
and personal data ecosystems in concert with th...
POINTS FOR DISCUSSION
 Where should concerns lie – unsecured M2M or citizen
centric facing, or interactions between these...
Thank you
 Rachel O’Connell
 rachel@technologist.com
 Twitter: @racheloconnell
Upcoming SlideShare
Loading in …5
×

Citizen centric digital and mobile-identity, personal data ecosystems and the internet of things: Assessing the nature of operational security issues

1,238 views
1,082 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,238
On SlideShare
0
From Embeds
0
Number of Embeds
710
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • More things are connecting to the Internet than people — over 12.5 billion devices in 2010 alone. Cisco’s Internet Business Solutions Group (IBSG) predicts some 25 billion devices will be connected by 2015, and 50 billion by 2020. How will having lots of things connected change everything?
  • Affordable sensorsObject taggingWireless communicationBroadband
  • Trust is central to the operation of a data driven economy. In order to both provide and benefit from digital services, companies, public administrations and consumers need to distinguish between trusted and non-trusted counterparts online; they also need to be recognised as trusted parties themselves. At an operational level, trust frameworks can reduce the need to negotiate a multitude of individual commercial contracts.
  • Citizen centric digital and mobile-identity, personal data ecosystems and the internet of things: Assessing the nature of operational security issues

    1. 1. CITIZEN CENTRIC DIGITAL AND MOBILE-IDENTITY, PERSONAL DATA ECOSYSTEMS AND THE INTERNET OF THINGS: ASSESSING THE NATURE OF OPERATIONAL SECURITY ISSUES Dr Rachel O’Connell RSA Conference 2013, Europe
    2. 2. WHO AM I?  PhD online criminal activity: implications for investigative strategies  Chief Security Officer Bebo, VP AOL  Research Consultant  Oxford Internet Institute:  Effective Age Verification Techniques: Lessons to be Learnt from the Online Gambling Industry  Ctrl_Shift  A market analyst and consulting: changing personal data landscape.  Member of OIX and the GSMA’s UK Assured legal working group  Advisor to commercial organisations on both the policy requirements and business opportunities associated with digital and mobile ID  Co-founder of GroovyFuture.com.
    3. 3. NASCENT INTEROPERABLE ECOSYSTEMS: I
    4. 4. DATA DRIVEN ECONOMY
    5. 5. CISCO’S PREDICTIONS: IoT
    6. 6. DATA GENERATED BY IoT
    7. 7. ELECTRONIC AND MOBILE ID  NSTIC  STORK  IdAP  GSMA Mobile ID  Proposed regulation
    8. 8. PERSONAL INTERNET OF THINGS • Multi-tenancy cloud based personal data stores • Targeted attacks, • Cryptolocker virus
    9. 9. PATH TO ROI Gigya's series 'Path to ROI', focuses on the different technologies and tools that businesses can leverage to generate valuable ROI from their marketing efforts
    10. 10. IoT TRUSTED CREDENTAILS  Education  Assert trusted credentials (LoA)  Recognise trusted intermediaries (accreditation)  Quantified self - Databetes  Convenience, security  Active participants
    11. 11. IoT SECURITY AND TRUST  Inofsec properties of the IoT are often hidden in pervasive systems and small devices manufactured by a large number of vendors.  uTRUSTit enables system manufacturers and system integrators to express the underlying security concepts to users in a comprehensible way, allowing them to make valid judgments on the trustworthiness of such systems.  How security conscious is the average user of IoT devices?  Data mining  End-to-end security telemetry – automated scripts, correlating data points from multiple machines across multiple sectors
    12. 12. M2M VISION
    13. 13. MARKET EVOLUTION FOR TELCO IN M2M
    14. 14. PDETS TRUST FRAMEWORKS  Forging new social contracts  The Respect Trust Framework is designed to give individuals control over the sharing of their personal data on the Internet.  Mydex, the personal data store and trusted identity provider, has also had its “Mydex Trust Framework” listed by the Open Identity Exchange.  Connet.me has had its Trust Model and Business Model for Personal Data listed by OIX  The Personal Network: A New Trust Model and Business Model for Personal Data  Access to data that companies make available and authoritative personal data sources – university exam results  Penetration testing, SEIM, ISO27001,
    15. 15. GOVERNANCE AS A SOFTWARE SERVICE  ID³ believes, governance principles should be expressed as software that is then able to evolve to incorporate advances in technology and to support changing market and societal requirements.  Using these tools, people will be able to ensure the privacy of their personal information, leverage the power of networked data, and create new forms of online coordination, exchange and self-governance.  Forge new “social contracts” and participate in new types of legal and regulatory systems for managing organizations, markets and their social and civic lives. These systems will conform to both international legal standards and to the specific social norms and priorities of its members.
    16. 16. LEGAL FRAMEWORK  European Network and Information Security Agency (ENISA) comprehensive duties and responsibilities, which are inter alia motivated by the protection of critical infrastructures  Cert (Computer Emergency Response Teams)  Directive and working paper  Proposal for a Directive of the EU Parliament and of the Council concerning measures to ensure a high level of network and information security across the Union  Cyber-security Strategy of the European Union: An open, Safe and Secure Cyberspace
    17. 17. INCREASE IN NUMBER OF THREATS VECTORS  Structured and unstructured data  Information security management systems – threat intelligence  Security Information and Event Management (SIEM)  Access management – lessons from enterprise solution providers  Data access, control, leakage, revocation, audits,  Social engineering  Scale of attacks  Complex crypto based attacks, e.g. flame  Vulnerabilities of inter-operable trust frameworks  LoA’s associated with different ecosystems
    18. 18. NEW APPROACHES  Existing solutions – each ecosystem is an island  Security incident and management systems – usually utilised in a single system (SIEM)  Stephen Trilling, Symantec, keynote speaker: Massive cloud based security - SIEM on steroids – apps that run on security telemetry data  New era of operational security  New attacks – automatically looking for anomalous behaviours  Forensic graph for Attack ID  Security system with a world view – looks across ecosystems, industries and geographies …  Proportionate, self fulfilling prophecies, balance  Security in critical infrastructures – Future pre-condition for operating license?
    19. 19. POINTS FOR DISCUSSION  Will the convergence between e-identity, Mobile ID and personal data ecosystems in concert with the Internet of Things, foster new and diverse commercial opportunities, whilst pushing legal, security, policy and regulatory debates into new terrain?  From a security perspective, what are the nature, scale and extent of the threat vectors we can expect to be associated with these nascent ecosystems that are evolving at different rates?  Ubiquitous connectedness opens up pathways for attacks however, a siloed approach to development and oversight creates a perception issue, how can this best be addressed?  Operational Security Assurance?
    20. 20. POINTS FOR DISCUSSION  Where should concerns lie – unsecured M2M or citizen centric facing, or interactions between these ecosystems?  Scale: Destructive attacks, cybercrimes, erosion of privacy, trust  Will the operation of the IoT in concert with e.g. critical infrastructure necessitate new sets of international rules that address cyber security threats and govern cyber warfare?  What can the security community do to address these issues?
    21. 21. Thank you  Rachel O’Connell  rachel@technologist.com  Twitter: @racheloconnell

    ×