Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things


Published on

V Międzynarodowa Konferencja Naukowa Nauka o informacji (informacja naukowa) w okresie zmian Innowacyjne usługi informacyjne. Wydział Dziennikarstwa, Informacji i Bibliologii Katedra Informatologii, Uniwersytet Warszawski, Warszawa, 15 – 16 maja 2017

Published in: Education
  • Be the first to comment

  • Be the first to like this

Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things

  1. 1. CYBERSECURITY AND THE INTERNET OF THINGS Chris Biedermann Chief Financial Officer, Chief Data Security Officer – Emitel PhD Student – Warsaw University of Technology
  2. 2. Information is Everywhere • Why a discussion on “The Internet of Things” at a conference on Information Services? • With the dramatic growth in connected devices information is now effectively accumulated and stored a vast array of common devices • Commonplace “things” that in the past posed no security risk now need to be thought of in a different light • Source of confidential information that needs to be adequately protected • End point that can be used to attack larger systems • The basic tenants of cybersecurity “CIA” need to be incorporated into how we view everyday devices
  3. 3. What is “IOT” • IOT – the “Internet of Things” • A growing universe of “things” that are now connected to the internet • Includes appliances, switches, cars, medical devices, etc… • Connecting to the internet opens up a vast array of new opportunities
  4. 4. The IoT Connecting a myriad of devices (actuators and sensors) with each other and to higher level processing centers in the cloud - Cloud can utilize more sophisticated algorithms - Cloud can store massive amount of data collected for more intelligent analysis (data mining) Communication performed utilizing the internet and internet protocols
  5. 5. Growth of the IoT • Still in the early stage • Gartner estimates that by 2020 over 20 billion IoT connected devices will be in place • Ericsson predicted that by the end of 2018 there will be more IoT connections than phone subsriptions Source: NCTA, Gartner
  6. 6. IoT Growth will bring new opportunities • Smart Home • Smart City • Smart Medical Devices • Self Driving Cars
  7. 7. New sources of risks • New ways to hack or disrupt systems • New sources of data privacy concerns • All sorts of common day “things” may be storing potentially Confidential and Personally identifiable information • Day to day habits of consumers will be tracked in ways not seen before • All this data has value for both legitimate and non legitimate persons
  8. 8. Case Study: example of IoT security risk • Example - DDoS Attack in October 2016 • DDoS attack utilized distributed computers to overwhelm a target server • Unknown group launched the attack (using Marai botnet) on DNS server that served major corporations such as Amazon, Twitter, Netflix • Unique as attacked utilized vulnerabilities in common IoT devices (e.g. smart TV’s) to carry out the attack
  9. 9. Infected devices found in over 164 countries • Devices that were most vulnerable and therefore most likely hijacked were home security systems, home monitoring cameras and smart TVs
  10. 10. Poor security practices are primarily to blame • The malicious software (Marai) found easy targets by scanning IP addresses looking for poorly secured devices • Many simple IoT devices such as IP cameras or smartTV’s did not have passwords changed from default ones. • In some cases the devices had hardcoded passwords that could not be changed • Once attackers had control of the device they could use it to launch the DDoS attack
  11. 11. Implications • Hijacking of devices • Marai example • Baby monitors • Japanese toilet example • Many devices track non standard personal information (e.g. track behaviors of people) – information is valuable and can be sold • What are we doing • What are we using • Where are we going • Significant improvement in overall state of IoT Security required
  12. 12. IoT security – underlying issues • IT was estimated that less than 10% of IoT devices on the market are designed with adequate security • Lack of consumer awareness • IoT devices however present unique new challenges – the tend to have lower processing power and memory than traditional connected devices – difficulties with • Encryption methodologies • Automatic patching and updates • installation of anti-virus programs • Lack of standards Source: IoT Security Foudnation
  13. 13. Potential Solutions • Technologies will improve to provide some solutions • However other fundamental changes need to take place • Drive for open standards • In most cases today systems from different producers operate in silos and can not talk to each other • Industry change and consolidation • Many smaller players developing proprietary systems • Consumer education
  14. 14. Considerations for average consumer • Awareness – know what devices are connected and the associated risks • Any malware placed on computing devices (e.g. PC, tablet, phone) can be used to access IoT devices on the same network • Similar guidelines as with PC’s • Always change default passwords • Create strong passwords (.eg. I*have*3*children) • Social Engineering Be careful of phishing emails
  15. 15. Questions?