The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
2. What is IoT
Why IoT?
Smart objects
Internet of Things - Evolution
Difference between M2M and IoT
Relationship to the Internet of Everything (IoE)
IoT Is Here Now – and Growing!
Unlocking the Massive potential of IoT
What Comprises IoT Networks?
IoT Technologies
Overall Architecture
IoT Architecture
The hardware interface to “things”
Challenges
IoT Expands Security Needs
IT Breach via OT Network
Threat vs. Opportunity
The Secure IoT Architecture – IT Plus OT!
Agenda
3. What is IoT
Internet connected objects (things) working together to solve a business problem
Has been around for quite a while, but only recently has become affordable for personal use
Internet of Things (IoT) comprises things that have unique identities and are connected to the Internet
The focus on IoT is in the configuration, control and networking via the Internet of devices or “Things” that are
traditionally not associated with the internet
Eg: pump, utility meter, car engine
IoT is a new revolution in the capabilities of the endpoints that are connected to the internet
The Scope of IoT is not limited to just connecting things (device, appliances, machines) to the Internet
4. M2M (Machine to
Machine)
“Internet of
Everything”
(Cisco
Systems)
“World Size Web”
(Bruce Schneier)
“Skynet”
(Terminato
r movie)
Education – Partnership – Solutions
Information Security
Office of Budget and Finance
Various Names, One Concept
5. Education – Partnership – Solutions
Information Security
Office of Budget and Finance
It’s everywhere!
Where is IoT?
8. What are the “Things” in the IoT?
•Physical
•Virtual
Could be
anything
9. Generate, collect, process and use acquired information to make
better decisions
Smart objects: Make things that weren’t meant to talk to each other
interact smartly
Gartner says the Internet of Things installed base will grow to 26
Billion units by 2020; I want to be well aligned and prepared for that
Why IoT?
10. Smart objects
Phone
Location
detection,
presence
detection
Thermosta
t
Doorbell
activation
CCTV
takes
picture
Email +
SMS +
Tweet
Fire Alarm
Email +
SMS
Security
System
CCTV
Email +
SMS
Climate
control
presence
@ home
& weather
forecast
Hot water
tank 1
Hot
water tank
2
our
presence,
weather
forecast
Dog
CCTV +
Email
Weather
notificatio
ns
email
Make things that weren’t meant to talk to each other interact smartly
11. Education – Partnership – Solutions
Information Security
Office of Budget and Finance
Internet of Things - Evolution
13. People
Connecting People in More
Relevant, Valuable Ways
Process
Delivering the Right Information
to the Right Person (or Machine)
at the Right Time
Data
Leveraging Data into
More Useful Information for
Decision Making
Things
Physical Devices and Objects
Connected to the Internet and
Each Other for Intelligent
Decision Making
IoE
Relationship to the Internet of Everything (IoE)
14. 7.2
6.8 7.6
Rapid
Adoption
Rate of Digital
Infrastructure:
5X Faster Than
Electricity and
Telephony
50 Billion
“Smart Objects”
50
2010 2015 2020
0
40
30
20
10
BILLIONSOFDEVICES
25
12.5
Inflection
Point
TIMELINE
Source: Cisco IBSG, 2011
World
Population
IoT Is Here Now – and Growing!
20. Application Interfaces
Infrastructure Interfaces
New Business Models Partner Ecosystem
Applications
Device and Sensor Innovation
Unified Platform
Infrastructure
APPLICATION ENABLEMENT PLATFORM
APPLICATION CENTRIC INFRASTRUCTURE
APPLICATION AND BUSINESS INNOVATION
Data Integration Big Data Analytics Control Systems
Application
Integration
… But It Also Adds Complexity
22. Education – Partnership – SolutionsIoT Technologies
Hardware
(Device)
Communication
Technology
Protocols for
IoT
Software (IDE) Cloud Platforms
23. Overall Architecture
Business logic
Thing Interface
M2M
Prot
ocol Interface
Visualiza
tion, BI
Control
UI
Prot
ocol
Read
proper
ties
Set
Prope
rty
Pro
toc
ol
Pro
toc
ol Ra
w
Proces
sed
Logi
c
Storage
24. Education – Partnership – SolutionsIoT Architecture
Integrated Application
Information Processing
Network Construction
Sensing & Identification
Smart Grid Green Building Smart Transport Env. Monitor
Data Center Search Engine Smart Decision Info. Security Data Mining
WWAN
WPAN
WMAN
WLAN
Internet
GPS Smart Device RFID Sensor Sensor
25. The hardware interface to “things”
The ‘Funky’ project
It is an Arduino-compatible multi purpose micro that is:
• Very small: 20×21.2mm (0.78″x0.83″)
• Very light: 3 grams
• Low power (up to 1 year on coin cell battery)
• Wireless capable (RFM12B transceiver)
26. Education – Partnership – SolutionsChallenges
Global cooperation
• Proprietary and incompatible protocols
• Lack of APIs
• Example: Common external power supply
Technological challenges
• Power usage
• Scalability
• Security
• Communication mechanisms
Ethics, control society, surveillance, consent and data driven life
Rapid Evolution
28. CEO Fired
Reputation Damage*
46% drop in year-over-year profit 5.3% drop in year-over-year revenue 2.5% drop in stock price
Breached via Stolen Credentials from HVAC Vendor
40 Million Credit And Debit Cards Stolen PII Stolen From 70 Million Customers
* Source: KrebsonSecurity, May 2014
IT Breach via OT Network
29. If misunderstood and
misconfigured, IoT poses
risk to our data, privacy,
and safety
If understood and secured, IoT
will enhance communications,
lifestyle, and delivery of services
Education – Partnership – Solutions
Information Security
Office of Budget and Finance
Threat vs. Opportunity
30. Services
Application Interfaces
Infrastructure Interfaces
New Business Models Partner Ecosystem
Applications
Device and Sensor Innovation
Application Enablement Platform
Application Centric Infrastructure
Security
APPLICATION AND BUSINESS INNOVATION
Data
Integration
Big Data Analytics
Control
Systems
Application
Integration
Network and
Perimeter
Security
Physical
Security
Device-level
Security /
Anti-tampering
Cloud-based
Threat Analysis
/ Protection
End-to-End
Data
Encryption
Services
The Secure IoT Architecture – IT Plus OT!
British entrepreneur Kevin Ashton first coined the term in 1999 while working at Auto-ID Labs (originally called Auto-ID centers - referring to a global network of Radio-frequency identification (RFID) connected objects).[10] Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications.[11] The interconnection of these embedded devices (including smart objects), is expected to usher in automation in nearly all fields, while also enabling advanced applications like a Smart Grid,[12] and expanding to the areas such as smart cities.
Cisco Systems refers to IoT as the “Internet of Everything”…
Bruce Schinerer recently referred to two new colloquial terms – World Spanning Robot and Benign Organization. There is also the term “Skynet” in reference to the Terminator movies that is frequently discussed in Blog and online postings/jargon.
IoT is everywhere! (Audience Participation)
In our daily lives, we have become more reliant on IoT with our wearable tech, appliances, our cars, how we receive health care.
M2M/IoT Sector Map :: Beecham Research
http://www.beechamresearch.com/article.aspx?id=4
The following graphic from Beecham Research depicts how the Internet of Things may interact with various service sectors within the public/private sectors and ordinary consumers. Public sector entities (such as universities) may have some level of involvement and interaction within all service sectors depicted; ranging from the operation and industry elements of buildings, to levels of research, retail entities, transportation, and IT/Networks. **Place emphasis on service sectors, that it is likely that at least one example of devices may be found within university networks.
Physical
Objects such as
Climate control
Security/Disaster alarm system
Energy/Resource metering (Electricity, Gas, Water)
Water boiler, Solar boiler
Car (OBDII, vehiclepi)
The Sun (sunrise/set times, azimuth)
Living things
People (self quantification)
Presence
Location
Health metrics
Weight
Activity tracking
Temperature
Blood Glycose monitors
Fitbit
Pets
Virtual
Personal schedule/calendar
Social
Email
Twitter/FB
Online notification platforms
WWW resources
Weather forecasting
Stocks
Traffic
DB Storage
Visualization dashboards
Presence
Provide intelligence
Improve efficiency
IoE is the networked connection of people, process, data and things. IoE brings together people, processes, data, and things to make networked connections more relevant and valuable than ever before – turning information into actions that create new capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries.
IoT is the “Things” portion. To be clear, by “things” we’re really talking about the network of sensors, objects, etc – not concentrating on the devices, themselves.
… and IoT isn’t “science fiction” or something that will happen in the future – it’s real, and it’s here now. Cisco believes that the inflection point – the point at which the number of connected devices began outnumbering the number of men, women, and children on the planet – happened about five years ago; others in the industry believe that it happened about a year and a half ago. Similarly, Cisco believes that the number of connected objects will grow to about 50 billion over the next several years, while other estimates put that number at 25, 30, or even as high as 200 billion!
Who’s right doesn’t really matter … the point is that we all universally agree on two things: 1) the point of inflection is in the past; and 2) gap is expected to widen exponentially over the next several years. So, IoT is here today, and will continue to grow!
Using ruggedized cameras and communications equipment that can handle the vibration and jolts of a rapidly moving train, a connected network of IoT-enabled cameras can help improve passenger safety by analyzing and correlating events at various stations, as well as on trains – for actionable security intelligence.
The intelligence gained from multiple connected systems can help identify bottlenecks, enable routes and schedules to be tuned for greater efficiency, and even avoid collisions. Likewise, sensors attached to critical parts such as wheels can proactively determine if a part needs to be replaced – before it can cause a devastating accident. Sensors can also alert supervisors if the train is being operated in an unsafe manner, or alert the operator of important changes in track conditions.
IoT requires that connectivity tools be added to the platform, as well as some network elements such as smaller, more self-contained switches and routers for fields, plants, and other operational environments. These network elements are frequently deployed in challenging environments that include harsh weather conditions, significant amounts of vibration, etc., so they need to be ruggedized to function under these conditions.
[ANIMATE]
Now here’s where it gets interesting … one of the primary differences between your existing IT network and an IoT network is all of these additional devices, sensors, and other “smart objects”. It’s important to note that these objects are networked together, yet they’re independent of your network – you don’t own them; oftentimes can’t see them; and you don’t control them in any way, shape, or form. Yet they’re sending petabytes of data through your network – data that’s required by the applications to function properly.
[ANIMATE]
Another difference is in the applications, themselves. Unlike today’s monolithic applications, where the main value is delivered locally from the application’s code, IoT applications derive most of their value from the intelligence that is collected from, and distributed throughout, the network; the application itself is merely the method employed to access that intelligence.
[ANIMATE]
Which leads us to the other major infrastructure difference in an IoT network, which is required to communicate and process all of this intelligence …
As mentioned on the previous slide, the “IoT Network” isn’t a completely separate entity … rather, it utilizes the existing IT network as its foundation, and then supplements it with operational technology (OT) and the billions of sensors, devices, and other smart objects.
Data produced by the connected things is acquired, processed and logged; DQ, what data to collect (collecting nothing with great accuracy)
Run on a R/O fs raspberry pi; considering moving to the cloud
As “Things” become increasingly smarter, they can talk directly to M2M layer
It is possible to have multiple interfaces on the same “Thing”, specializing on interfacing with certain its property (AC power, temperature, control)
It is possible that multiple interfaced “Things” have one and the same interface on the M2M end, as long as they use same protocol
Storage: Abstract and treat a “thing” with “interface”. EmonCMS, ThingSpeak, NoSQL; Retrieval of data API;
Visualization: in-built EmonCMS, Thingspeak; collect an relate data for better insight. Actionable analytics.
I’ve created a miniature Arduino compatible clone with wireless connectivity to use as interface to physical objects. The project is open hardware/source.
YAPM,
Despite its many business benefits, IoT increases security challenges in several ways:
Increased attack surface – Due to the billions of new devices that are now connected
Threat diversity – Due to the variety of objects – many of which are in insecure locations
Impact & risk – More sensitive data is flowing through more connected devices, in more places throughout the world – and BTW, mostly outside the secure embrace of the existing network
Remediation – Need to think differently about security – can’t necessarily isolate a system, because the cost of shutting it down may be greater than the cost of an infection … also, rather than hardening the outside but leaving the inside relatively insecure, need pervasive protection)
Protocols – Security systems need to be considered as a continuous process – in addition to secure access, the system needs to be content-, context-, and threat-aware)
Compliance & regulation – Regulatory compliance organizations are requiring tighter security and privacy controls than ever before, which is affecting a growing number of industries)
The Target breach is an excellent example of why IT and OT networks need to be converged, with centrally-managed security across them …
- Centralized management and control, IPS/IDS, access control policies, and system segmentation could have prevented this PR and financial disaster
In closing, while, how we as security professionals work, support, and provide the security expertise for Higher Education business initiatives is crucial to success in the scope of IoT.
As I mentioned earlier, it’s important to understand that IoT doesn’t replace your existing network; rather, it supplements it, and relies on it in many ways.
[ANIMATE]
But then we add the emerging set of intelligent, IoT-enabled applications.
[ANIMATE]
… and, of course, billions of additional devices, sensors, and other “smart objects” that will create the intelligence for the applicatoins.
[ANIMATE]
Of course, services will need to be expanded to cover the new capabilities …
[ANIMATE]
And we’ll need additional layers of security to enjoy the many business benefits of IoT while maintaining a high level of data privacy and protection. Now remember I mentioned in the beginning that IoT is not a new network, but rather adjunct – and complementary – to your existing network. As a result, you still need network and perimeter security. In fact, the billions of connected objects in IoT networks create new attack vectors, so this layer of security is more important than ever. And since those billions of objects can be located quite literally anywhere in the world – in both secure and insecure environments – existing network security needs to be supplemented with device-level security and anti-tampering, to protect devices against low-tech attacks. Because it’s now connected, even the simplest object can provide a direct line into the core of your network if compromised. Finally, physical security should be implemented throughout your network, and integrated with your network security. Connected cameras, badge readers, RFID tags and other sensors, as well as video analytics, can add essential security intelligence to help protect your network, physical assets, critical data, and employees.