Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
IERC Conference 2015
Paul Malone 13th May 2015
12/05/2015	
   www.tssg.org	
  
The internet of energy things
will deliver a secure, cheap and
sustainable energy future
12/05/2015	
   www.tssg.org	
   2...
The internet of energy things
will deliver a secure?, cheap and
sustainable energy future
14/05/2015	
   www.tssg.org	
   ...
•  Increased attack surface
•  Difficulty of patching devices
•  Lack of data governance frameworks
12/05/2015	
   www.tss...
Increased attack surface
12/05/2015	
   www.tssg.org	
   5	
  
12/05/2015	
   www.tssg.org	
   6	
  
Source:	
  Cisco	
  
2014	
  Verizon	
  Data	
  Breach	
  
Inves6ga6ons	
  Report	
  
12/05/2015	
   www.tssg.org	
   7	
  
Source:	
  Verizon	...
The	
  OWASP	
  Internet	
  of	
  Things	
  Top	
  10	
  	
  
1.  Insecure Web Interface
2.  Insufficient Authentication/A...
Difficulty of patching devices
12/05/2015	
   www.tssg.org	
   9	
  
HP	
  Report	
  2014	
  
“70 percent of the most commonly used Internet of
Things (IoT) devices contain vulnerabilities,
i...
“The challenge is, you see all of these devices coming
online at a rapid clip, without robust security. … Trying to
apply ...
Foscam	
  Baby	
  Monitor	
  
•  Multiple vulnerabilities
•  100,000 cameras in the wild (easy to find)
•  20% default use...
Lack of agreed Data
Governance Frameworks
12/05/2015	
   www.tssg.org	
   13	
  
•  Huge amounts of data
•  Regulatory and compliance complexities
•  Assurances with regard to PII
–  Where is my data?
– ...
12/05/2015	
   www.tssg.org	
   15	
  
What about Surveillance?
“If privacy and confidentiality isn’t designed in up front, on
top of the security capabilities provided by the enabling
M...
The internet of energy things
will deliver a secure, cheap and
sustainable energy future
14/05/2015	
   www.tssg.org	
   1...
The internet of energy things
will deliver a secure, cheap and
sustainable energy future
can
12/05/2015	
   www.tssg.org	
...
The internet of energy things
will deliver a secure, cheap and
sustainable energy future
can
14/05/2015	
   www.tssg.org	
...
“You cannot escape the
responsibility of tomorrow by
evading it today.”
- Abraham Lincoln
12/05/2015	
   www.tssg.org	
   ...
Upcoming SlideShare
Loading in …5
×

Paul Malone of TSSG spoke at the IERC debate entitled “The Internet of Energy Things will deliver a Secure, Cheap and Sustainable Energy Future”.

596 views

Published on

The International Energy Research Centre held their 2015 conference in Cork on Wednesday 13th May. The International Energy Research Centre (IERC) (http://www.ierc.ie/) is an industry led, world-leading, collaborative programme of research and innovation in integrated sustainable energy system technologies. The yearly conference brings together members from the energy industry, policy makers as well as academic researchers within the energy domain to discuss emerging trends and examine medium- and long-term future trends within the domain.

Paul Malone of TSSG spoke at the IERC debate entitled “The Internet of Energy Things will deliver a Secure, Cheap and Sustainable Energy Future”.

Published in: Technology
  • Be the first to comment

Paul Malone of TSSG spoke at the IERC debate entitled “The Internet of Energy Things will deliver a Secure, Cheap and Sustainable Energy Future”.

  1. 1. IERC Conference 2015 Paul Malone 13th May 2015 12/05/2015   www.tssg.org  
  2. 2. The internet of energy things will deliver a secure, cheap and sustainable energy future 12/05/2015   www.tssg.org   2  
  3. 3. The internet of energy things will deliver a secure?, cheap and sustainable energy future 14/05/2015   www.tssg.org   3  
  4. 4. •  Increased attack surface •  Difficulty of patching devices •  Lack of data governance frameworks 12/05/2015   www.tssg.org   4  
  5. 5. Increased attack surface 12/05/2015   www.tssg.org   5  
  6. 6. 12/05/2015   www.tssg.org   6   Source:  Cisco  
  7. 7. 2014  Verizon  Data  Breach   Inves6ga6ons  Report   12/05/2015   www.tssg.org   7   Source:  Verizon  
  8. 8. The  OWASP  Internet  of  Things  Top  10     1.  Insecure Web Interface 2.  Insufficient Authentication/Authorization 3.  Insecure Network Services 4.  Lack of Transport Encryption 5.  Privacy Concerns 6.  Insecure Cloud Interface 7.  Insecure Mobile Interface 8.  Insufficient Security Configurability 9.  Insecure Software/Firmware 10. Poor Physical Security https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project 12/05/2015   www.tssg.org   8  
  9. 9. Difficulty of patching devices 12/05/2015   www.tssg.org   9  
  10. 10. HP  Report  2014   “70 percent of the most commonly used Internet of Things (IoT) devices contain vulnerabilities, including password security, encryption and general lack of granular user access permissions.” “IoT devices averaged 25 vulnerabilities per product, indicating expanding attack surface for adversaries” 12/05/2015   www.tssg.org   10  
  11. 11. “The challenge is, you see all of these devices coming online at a rapid clip, without robust security. … Trying to apply a patch to a thermostat in the home is going to be much more challenging.” - Gary Davis, Intel Security 12/05/2015   www.tssg.org   11  
  12. 12. Foscam  Baby  Monitor   •  Multiple vulnerabilities •  100,000 cameras in the wild (easy to find) •  20% default user “admin” no password •  Vendor generated a patch (for some of the vulnerabilities) •  99% of cameras still ran the older firmware 12/05/2015   www.tssg.org   12  
  13. 13. Lack of agreed Data Governance Frameworks 12/05/2015   www.tssg.org   13  
  14. 14. •  Huge amounts of data •  Regulatory and compliance complexities •  Assurances with regard to PII –  Where is my data? –  Who has access? •  What assurances does the consumer have? –  How is my data being used? •  What is the value to me? •  What is the value to 3rd parties? 12/05/2015   www.tssg.org   14  
  15. 15. 12/05/2015   www.tssg.org   15   What about Surveillance?
  16. 16. “If privacy and confidentiality isn’t designed in up front, on top of the security capabilities provided by the enabling M2M infrastructure (including authentication, access control, data protection), the benefits of the IoT cannot be fully realized.” - Tim Carey, Alcatel Lucent 12/05/2015   www.tssg.org   16  
  17. 17. The internet of energy things will deliver a secure, cheap and sustainable energy future 14/05/2015   www.tssg.org   17  
  18. 18. The internet of energy things will deliver a secure, cheap and sustainable energy future can 12/05/2015   www.tssg.org   18  
  19. 19. The internet of energy things will deliver a secure, cheap and sustainable energy future can 14/05/2015   www.tssg.org   19   But only if security is addressed first!
  20. 20. “You cannot escape the responsibility of tomorrow by evading it today.” - Abraham Lincoln 12/05/2015   www.tssg.org   20  

×