2. Internet of Things or IoT is a network of
devices/objects that are interconnected, making
them programmable, adaptable, and potentially
capable of interacting with people
3. FTC held a workshop to discuss whether legislation is needed to
ensure appropriate protections for data collected through
connected devices
◦ They decided IoT specific-legislation is not needed, the
workshop proved that Congress should enact general data
security legislation
FTC Workshop Recommendations
◦ Congress enact strong, flexible, and technology-neutral
legislation to strengthen the Commission’s existing data
security enforcement tools
◦ Companies should implement security before design
◦ Train employees on “good” security practices
◦ Only use outside service providers that can protect consumers
data, and are allowed to oversee the providers work
◦ Implement “defense-in-depth”, which means using multiple
layers of security for systems at risk
◦ Have a strong authentication system to limit unauthorized
access to consumers devices, data, or networks
◦ Monitor products and issue patches to fix vulnerabilities
4. Chart the course for adoption
Lead by example
Look to partnerships to overcome obstacles
Reduce regulatory barriers and delays for getting smart
devices to market
Minimize the regulatory cost of data collection
Make it easy to share and reuse data
Relentlessly pursue better data
Reduce the “Data Divide”
Use data to tackle hard problems
Where rules are needed to protect consumers, keep them
narrow and targeted
5. Employees undergo specialized training
◦ Internet of Things Training
◦ Privacy Training
◦ Security Awareness Training
Consider Data Minimization
◦ Companies/agencies should place a limit on the
data they collect, retain, and dispose once the
information is no longer needed
6. Ethics Committee
Office of Inspector General
General Council
Chief Information Security Officer
Policy
Governance
7. Customers Partners
More important to protect
your information and
update passwords more
often
More IoT devices leads to
more launch points for
hackers to gain access to
information
FTC guidelines regarding
IoT will help companies
make sure they can trust
service providers
Providers will have to
implement more secure
software and tools
8. Security Risks Privacy Risks
Enabling unauthorized
access and misuse of
personal information
Using IoT devices as launch
points on other systems
Direct collection of personal
information
Amount of data that is
collected
IoT devices collect
information and can be
invisible to the user/owner
9. Google
◦ Encrypt many services using Secure Sockets Layer (SSL)
SSL encrypts connection between your computer and Google.
Helps prevent others (service providers, internet cafes) from
seeing your search results
SSL doesn’t always hide when user visited Google and typed
search items
◦ Two step verification when accessing personal Google
account and Safe Browsing within Google Chrome
◦ Restrict access to personal information on need to know
basis between Google employees, contractors, and
agents
◦ Undergoing Project Brillo
Brillo will expand the Android OS to all connected devices
Weave is IoT protocol to provide secure communication between
devices (local and cloud)
10. Amazon
◦ Encrypts information about customers using SSL
◦ Amazon Web Services (AWS): IoT Service Provider
Built-In Firewalls
Encrypt data storage using Advanced Encryption
Standard (AES) 256, a secure symmetric key encryption
standard using 256-bit encryption keys
Security Logs
Secure access which allow use of https for secure
communication
Built-In support for multi-factor authentication
◦ Amazon 2lementary
11.
12. Samsung
◦ ARTIK
Hardware Security
Unique ID
Cryptographic Keys
Remediation Support
Secure Firmware Updates
Platform Security
Storage Encryption
Anomaly Detection
Data Replication and Device Failover
Local Intelligence (no need to access cloud)