Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Splunk Discovery Koln - 17.01.2020 - TUV Austria: IoT & IIOT


Published on

Presentation slides from Splunk Discovery held in Koln on January 17th 2020

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Splunk Discovery Koln - 17.01.2020 - TUV Austria: IoT & IIOT

  1. 1. IOT AND IIOT THREAT OR OPPORTUNITY? Verify · Optimize · Certify
  2. 2. 2|TÜVTRUSTIT2019 ÜBER UNSER UNTERNEHMEN TÜV Austria – founded 1872 TÜV TRUST IT provides: ● Certification services in the area of information security and privacy ● Over 40 IT security experts ● Long-standing experience ● Extended industry segment know- how
  3. 3. 3|TÜVTRUSTIT2019 TOPICS OVERVIEW ISMS Security Architecture IoT elDAS Training Cloud Security GDPR Cyber Security Pentesting
  4. 4. Foto:FalkS./ 4|TÜVTRUSTIT2019 IT SECURITY OF IoT
  5. 5. IT SECURITY IN THE INDUSTRY 6|TÜVTRUSTIT2019 Foto:fridarika/
  6. 6. History repeats itself ✔IT security of some industrial components (SPS) equates with the level of security of IT system 20 years ago. ✔This allows the same attacks like on IT systems 20 years ago. ✔An industrial component needs the same amount of protection as a standard IT component e.g. a PC. ✔The presumption that OT is completely different than IT in the area of cyber security is false.
  7. 7. Examples ✔One example are Siemens SPS. ✔Siemens provides all known vulnerabilities on their CERT Internet page. ✔As an example in September 2019: 7 vulnerabilities disclosed ✔It shows that the provided vulnerabilities are not really specific to the industrial sector but can also be found in „normal“ IT systems like servers and clients.
  8. 8. Innovative attacks ✔TÜV AUSTRIA published a Whitepaper called „IoT im Smart Home“ ✔It describes new attack scenarios using side channel attacks ✔The use against IIoT and I4.0 is more likely than in a smart home environment ✔Right now, there are no easy and cheap countermeasures available
  10. 10. OWASP IoT Top 10
  11. 11. IEC 62443
  12. 12. ✔Simple countermeasures: • Network separations • Firewalls • Anti Virus • Network analysis • Patch management • … Countermeasures
  13. 13. ✔Countermeasures against sophisticate attacks can only work if the defense are informed. This means the access to information, which are displayed in a SIEM like Splunk. Countermeasures
  14. 14. Foto:birdys/ 15|TÜVTRUSTIT2019 THREAT OR OPPORTUNITY?
  15. 15. Conclusion • Cybersecurity is getting more and more important. • Each involved party needs to think about security. > Product developers > Product integrators > Administrators of the products > User of the products • Unfortunately, IoT and IIoT devices and cybersecurity is both; a threat and an opportunity. We all will benefit from the integration of devices but also this new integration can cause us harm. • The key to success is the visibility of information and problems in the network to protect against attacks.
  16. 16. YOUR BENEFIT: STAY SECURE Your individual contact: Hendrik Dettmer Telephone +49 (0)151 41436773 |