Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Contextual Cyber Security for IoT

141 views

Published on

The presentation explores how Cyber Security should be considered surrounding the use of IoT within different applications and contexts of use. Application areas include consumer personal devices, Public Safety wearables and smart city sensors. Information is the key asset, and we explore the risks associated with gathering, processing and sharing of information both intentionally and maliciously.

By David Lund, HW Communications
The presentation was made at the Fraunofer Innovation Days on 22nd-23rd May 2017 in Bonn.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Contextual Cyber Security for IoT

  1. 1. Co-funded by the European Union Management Of Networked IoT Wearables – Very Large Scale Demonstration of Cultural Societal Applications Contextual Cyber Security for IoT Fraunhofer Innovation Days Dr. David Lund
  2. 2. Contextual Cyber Security for IoT Dr David Lund, Head of Research & Development, HW Communications Data Security manager, MONICA Project Board Member, Public Safety Communication Europe Forum © HW Communications Ltd 2012
  3. 3. ‘Things’ that we put on the internet
  4. 4. Current Networks Secure Pipes – Insecure Endpoints
  5. 5. Current Networks Secure Pipes – Insecure Endpoints Reliance on Physical Security End 2 End security often overlays lower layer security creating overhead and increasing vulnerability
  6. 6. More devices or more degrees of freedom
  7. 7. More devices or more degrees of freedom
  8. 8. Compliance Checklists often driven by vague standards • Have you… • Defined a security plan e.g. • implement a Firewall, blocking x,y,z • patch all windows xp machines • put up a poster warning of electric shock
  9. 9. Compliance Checklists often driven by vague standards • Have you… • Defined a security plan • E.g. • implement a Firewall, blocking x,y,z • patch all windows xp machines • put up a poster warning of electric shock • Implemented it • Yes, • Yes • Yes
  10. 10. Compliance Checklists often driven by vague standards • Have you… • Defined a security plan • E.g. • implement a Firewall, blocking x,y,z • patch all windows xp machines • put up a poster warning of electric shock • Implemented it • Yes, • Yes • Yes It’s Friday afternoon so I can go home happy that I’ve done what I need to do, and therefore everything is safe
  11. 11. Don’t forget humans • As assets • Rich and valuable information
  12. 12. Don’t forget humans • As assets • Rich and valuable information • As vulnerabilities • How stupid are we? • There is always a human with access!
  13. 13. Don’t forget humans • As assets • Rich and valuable information • As vulnerabilities • How stupid are we? • There is always a human with access ! • As threats • I’ve a business to run, and I have competitors • Information is valuable to my business !!
  14. 14. Don’t forget humans • As assets • Rich and valuable information • As vulnerabilities • How stupid are we? • There is always a human with access ! • As threats • I’ve a business to run, and I have competitors • Information is valuable to my business !!
  15. 15. Don’t forget humans • As assets • Rich and valuable information • As vulnerabilities • How stupid are we? • There is always a human with access ! • As threats • I’ve a business to run, and I have competitors • Information is valuable to my business !!
  16. 16. RISK gives context ! So how do we minimise risk and maximise opportunity ??
  17. 17. • Characterization of key assets • Investigate known threats • Identify vulnerabilities • Impact analysis of threats • Capability and likelihood 17 Cyber Risk Assessment Asset Characterization Threat Characterization Vulnerability Assessment Consequence Assessment Managing Threat Assessment SecurityOperator ConsultandInform Sharing information with others- physical and logistics Continuous Monitoring Threat Likelihood Assessment Contextual Risk based approach
  18. 18. Physical Access IT Physical / Virtual Component Access Information Personal Information / Knowledge Organisation Knowledge Risk Cascade
  19. 19. Physical Access IT Physical / Virtual Component Access Information Personal Information / Knowledge Organisation Knowledge My laptop is hacked… Risk Cascade
  20. 20. Physical Access IT Physical / Virtual Component Access Information Personal Information / Knowledge Organisation Knowledge Information that’s important to my business is now at risk Risk Cascade
  21. 21. Physical Access IT Physical / Virtual Component Access Information Personal Information / Knowledge Organisation Knowledge Knowledge gives the context Risk Cascade
  22. 22. Physical Access IT Physical / Virtual Component Access Information Personal Information / Knowledge Organisation Knowledge Technology should be aware of the context Risk Cascade
  23. 23. Who Trusts Who ? Human Interaction Social Business Information Comms Protocols Networks Agents Virtualisation Metal Human Interaction Social Business Information Comms Protocols Networks Agents Virtualisation Metal https://www.techuk.org/insights/reports/item/6008-5g-innovation-opportunities-a-discussion-paper
  24. 24. Human Interaction Social Business Information Comms Protocols Networks Agents Virtualisation Metal Human Interaction Social Business Information Comms Protocols Networks Agents Virtualisation Metal https://www.techuk.org/insights/reports/item/6008-5g-innovation-opportunities-a-discussion-paper Who Trusts Who ?
  25. 25. Human Interaction Social Business Information Comms Protocols Networks Agents Virtualisation Metal Human Interaction Social Business Information Comms Protocols Networks Agents Virtualisation Metal https://www.techuk.org/insights/reports/item/6008-5g-innovation-opportunities-a-discussion-paper Who Trusts Who ?
  26. 26. Thanks for your attention All rights reserved. All copyright for this presentation are owned in full by the MONICA Project. Permission is granted to print material published in this presentation for personal use only. Its use for any other purpose, and in particular its commercial use or distribution, is strictly forbidden in the absence of prior written approval. MONICA has received funding from the European Union’s Horizon 2020 Framework Programme for Research and Innovation under Grant Agreement No 732350. Possible inaccuracies of information are under the responsibility of the project. This presentation reflects solely the views of its authors. The European Commission is not liable for any use that may be made of the information contained therein. Please see us here: www.monica-project.eu www.psc-europe.eu Next Conference Madrid 14-16, November 2017 www.hwcomms.com

×