SlideShare a Scribd company logo

IoT Security Challenges and Opportunities

Download as PPTX, PDF
S
sajid mehmood

The document discusses cybersecurity challenges related to IoT. It outlines several security incidents involving IoT devices over time. It then discusses inherent security challenges for IoT, including threats from advanced persistent threats, cyber terrorism, and compromised supply chains. The document also summarizes statistics on IoT security concerns and vulnerabilities. It identifies top vulnerabilities according to OWASP and discusses how to secure IoT in different domains like smart cities and homes.

Internet
1 of 16
Prepared by Sajid Mehmood IoT: Cybersecurity Challenges Challenges and Opportunities in Security of Internet of Things
AGENDA 2  Security is the Key  Inherent Security Challenges  Threat Spectrum – Trends  Securing the “Things”
INDUSTRY 4.0 Advanced Persistent Threats and Cyber-Espionage Cyber-Terrorism Supply Chain and the Extended Eco-System Smart Security and the Smart Factory Social Privacy 3
INCIDENTS – CHRONOLOGICAL PERSPECTIVE Australian treatment sewage plant remote break into the sewage treatment controls which led to the release of 264,000 gallons of raw sewage into local rivers and parks 2000 2003 2005 2008 2010 13 Daimler Chrysler automobile plant went offline for an hour stopping all work after being with ZotobWorm Discovery of Stuxnet, a 500 Kb computer worm that infected software of at least 14 industrial sites in Iran, including a uranium enrichment plant. Davis-Basse nuclear power plant Slammer Worm disabled the safety monitoring system. Sobig computer virus was blamed for shutting down train signalling systems throughout the east cost of the U.S. SCADA system alarm processor failed. Power was lost affecting area of 50 million people in the Northeast US and Canada. Polish police arrested a 14 year old for hacking the Lodz disrupting tram system, traffic and derailing trams, injuring 12 passengers. 4
INCIDENTS – CHRONOLOGICAL PERSPECTIVE Hackers attacked German Steel mill control system such that a blast furnace was unable to shutdown resulting in massive damage. A water treatment facility reported to ICS- CERT that it suspected that an overflow of wastewater treatment process was due to unauthorised employee access. In October, 2016 attacked by group Dyn was called Anonymous. Various IoT devices used to create DDoS on Dyn servers is which is provider for major internet platforms and services. 2012 2014 2015 2016 Cyber dubbed espionage campaign Energetic Bear or Dragonfly targets grid operations, industrial equipment. information stealing, energy Includes remote access and sabotage capabilities. In December 2015, Ukraine Power Grid was attacked. Hackers were able to successfully compromise information systems of three energy distribution companies in Ukraine and temporary disrupt electricity supply to the end consumers. 5
IOT SECURITY BY NUMBERS Aon Service Corporation | Global Security Services 62% 46% 40% 28% 27% 24% 58% 43% 31% 31% 40% 23% 29% 13% 0% 20% 40% 60% 80% 100% Video Equipment Electronic Peripherals Physical Security Sensors Appliances Controllers Wearable Internet Connect Things - Consumer Market 2014 2016 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Security Concerns Equipment Insufficient Latency Intermittent No Issues Bandwidth Issues Service Challenges Top Challenges in Keeping user Connected 2016 2014 AT&T's Cybersecurity Insights Report surveyed more than 5,000 enterprises around the world and found that 85% enterprises are in the process of or intend to deploy IoT devices. Yet a mere 10% of those surveyed feel confident that they could secure those devices against hackers. Source: IoT Developer Survey April 2016 by Eclipse IoT Working Group, IEEE and AGILE; The many guises of the IoT by Quocirca December 2015; 2016 IoT Trends: The Devices Landed by SpiceWorks
IOT SECURITY BY NUMBERS Developer Concerns on IoT Products 0 10 20 30 40 50 Security Interoperability Connectivity Integration with Hardware Cost Performance Privacy Complexity Maintenance Data Analytics Certification/Conformance Other I Don't Know 0 0.5 1 1.5 Devices Recruited to Botnets Devices Used as Ingress Points Privacy - Employee Vulnerable Firmware/API of IoT Ownership of Data Vulnerable Business Process Regulatory Controls Expanded Attack Surface to IoT Privacy - Customers Devices Insecurely Delivered to… Open Source Hacker Tools IoT Security Concerns Source: IoT Developer Survey April 2016 by Eclipse IoT Working Group, IEEE and AGILE; The many guises of the IoT by Quocirca December 2015; 2016 IoT Trends: The Devices Landed by SpiceWorks
IOT SECURITY BY NUMBERS 17 % 49 % 21 % 13 % Which statement best captures your feelings about the IoT and security? IoT will be Disaster IoT will have same level of Secuirty Problem as other applications and systems IoT will provide opportunity to increase secuirty over today Other 32 % 46 % 22 % Do you have policy for visibility and secure management of “Things” on your network today? Ye s No Unknow n 8
IOT SECURITY BY NUMBERS Other Our Physical Secuirty Group Department Managers Our IT Operations Group The Thing Manufacturer Our IT Security Group 0% 20% 40% 60% 80% 100% In your opinion, who should take responsibility for managing the risk imposed by new “Things” connecting to the Internet and your network? What controls are you using currently to protect against the risks imposed by new “Things” on your network? What controls do you plan on deploying in the next 2 years to address these issues? 80% 70% 60% 50% 40% 30% 20% 10% 0% Current Next 2 Years Data From: SANS Securing the Internet of Things Survey 9
IOT CYBERSECURITY - VULNERABILITIES Rank OWASP Top 10 for IoT I1 Insecure Web Interface I2 Insufficient Authentication/ Authorization I3 Insecure Network Services I4 Lack of Transport Encryption/ Integrity Verification I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure Software/Firmware I10 Poor Physical Security Source: OWASP IoT Project •IoT Bases services require continuity and high availability Operational Security •Valuable data require protection Privacy •Many IoT devices lack human users who can install security updates Software Patching •In the absence of universal standards, each implementation requires unique approach to manage authentication and access Identity of Things •Logging system must identify events without relying in time of day data Logging
IOT CYBERSECURITY – SECURITY TRIAD 11 Confidentiality Availability Integrity Non-repudiation Authentication Code Validation Threat Model  Availability threats  Integrity threats  Authenticity threats  Confidentiality threats  Non-repudiation/accountability threats Smart processing Data aggregation connectivity Data processing Data transmission network Field components Six Points of SecuritySimplified View of ICT Architecture
IOT CYBERSECURITY – SMART CITY Protecting from IntentionalAttacks  Use Virtual Private Network  Encryption of Data  Network Intrusion detection system  Physical protection  Access control  Alarm and surveillance  Information security policy  Activity logs  Maintained of backups  Regular auditing  Shut down procedures
IOT CYBERSECURITY – SMART CITY Protecting from Accidents  Monitoring of KPIs  Hardware Redundancy  Shutdown Procedures  Design Specification  Maintenance Scheduling  Response teams  Quality assurance  Reporting procedures  Awareness  Incident Reporting System  Increase Resilience
IOT CYBERSECURITY – SMART HOME Threats  Physical attacks  Unintentional damage (accidental)  Disasters and Outages  Damage/ Loss (ITAssets)  Failures/ Malfunctions  Eavesdropping/Interception  Hijacking as well as Nefarious Activity/Abuse
IOT CYBERSECURITY – SMART HOME 15  The need for security in Smart Home Environments is still underestimated  Vendors lack incentives to enhance security in Smart Home devices and services  Smart Home devices and services implement few security measures  Smart Home Environments result in new security challenges  IoT vulnerable “building blocks” cause vulnerabilities to be shared at large scale  IoT pervasiveness and dynamicity
THANK YOU

Recommended

Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 

Recommended

Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 

More Related Content

What's hot

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 

What's hot (20)

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
IoT security
IoT securityIoT security
IoT security
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
IOT Security
IOT SecurityIOT Security
IOT Security
 

Similar to IoT Security Challenges and Opportunities

The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?Yasmin AbdelAziz
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET Journal
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Best of Positive Research 2013
Best of Positive Research 2013Best of Positive Research 2013
Best of Positive Research 2013qqlan
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 
The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.Spiceworks Ziff Davis
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts#essaywriting
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Tigerspike - Cybersecurity and Mobility in the Energy Industry
Tigerspike - Cybersecurity and Mobility in the Energy IndustryTigerspike - Cybersecurity and Mobility in the Energy Industry
Tigerspike - Cybersecurity and Mobility in the Energy IndustryChristian Glover Wilson
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesIRJET Journal
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar PresentationCertrec
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 

Similar to IoT Security Challenges and Opportunities (20)

Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Best of Positive Research 2013
Best of Positive Research 2013Best of Positive Research 2013
Best of Positive Research 2013
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
 
sample assignment
sample assignmentsample assignment
sample assignment
 
Tigerspike - Cybersecurity and Mobility in the Energy Industry
Tigerspike - Cybersecurity and Mobility in the Energy IndustryTigerspike - Cybersecurity and Mobility in the Energy Industry
Tigerspike - Cybersecurity and Mobility in the Energy Industry
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Things
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 

Recently uploaded

办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 

Recently uploaded (20)

办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 

IoT Security Challenges and Opportunities

  • 1. Prepared by Sajid Mehmood IoT: Cybersecurity Challenges Challenges and Opportunities in Security of Internet of Things
  • 2. AGENDA 2  Security is the Key  Inherent Security Challenges  Threat Spectrum – Trends  Securing the “Things”
  • 3. INDUSTRY 4.0 Advanced Persistent Threats and Cyber-Espionage Cyber-Terrorism Supply Chain and the Extended Eco-System Smart Security and the Smart Factory Social Privacy 3
  • 4. INCIDENTS – CHRONOLOGICAL PERSPECTIVE Australian treatment sewage plant remote break into the sewage treatment controls which led to the release of 264,000 gallons of raw sewage into local rivers and parks 2000 2003 2005 2008 2010 13 Daimler Chrysler automobile plant went offline for an hour stopping all work after being with ZotobWorm Discovery of Stuxnet, a 500 Kb computer worm that infected software of at least 14 industrial sites in Iran, including a uranium enrichment plant. Davis-Basse nuclear power plant Slammer Worm disabled the safety monitoring system. Sobig computer virus was blamed for shutting down train signalling systems throughout the east cost of the U.S. SCADA system alarm processor failed. Power was lost affecting area of 50 million people in the Northeast US and Canada. Polish police arrested a 14 year old for hacking the Lodz disrupting tram system, traffic and derailing trams, injuring 12 passengers. 4
  • 5. INCIDENTS – CHRONOLOGICAL PERSPECTIVE Hackers attacked German Steel mill control system such that a blast furnace was unable to shutdown resulting in massive damage. A water treatment facility reported to ICS- CERT that it suspected that an overflow of wastewater treatment process was due to unauthorised employee access. In October, 2016 attacked by group Dyn was called Anonymous. Various IoT devices used to create DDoS on Dyn servers is which is provider for major internet platforms and services. 2012 2014 2015 2016 Cyber dubbed espionage campaign Energetic Bear or Dragonfly targets grid operations, industrial equipment. information stealing, energy Includes remote access and sabotage capabilities. In December 2015, Ukraine Power Grid was attacked. Hackers were able to successfully compromise information systems of three energy distribution companies in Ukraine and temporary disrupt electricity supply to the end consumers. 5
  • 6. IOT SECURITY BY NUMBERS Aon Service Corporation | Global Security Services 62% 46% 40% 28% 27% 24% 58% 43% 31% 31% 40% 23% 29% 13% 0% 20% 40% 60% 80% 100% Video Equipment Electronic Peripherals Physical Security Sensors Appliances Controllers Wearable Internet Connect Things - Consumer Market 2014 2016 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Security Concerns Equipment Insufficient Latency Intermittent No Issues Bandwidth Issues Service Challenges Top Challenges in Keeping user Connected 2016 2014 AT&T's Cybersecurity Insights Report surveyed more than 5,000 enterprises around the world and found that 85% enterprises are in the process of or intend to deploy IoT devices. Yet a mere 10% of those surveyed feel confident that they could secure those devices against hackers. Source: IoT Developer Survey April 2016 by Eclipse IoT Working Group, IEEE and AGILE; The many guises of the IoT by Quocirca December 2015; 2016 IoT Trends: The Devices Landed by SpiceWorks
  • 7. IOT SECURITY BY NUMBERS Developer Concerns on IoT Products 0 10 20 30 40 50 Security Interoperability Connectivity Integration with Hardware Cost Performance Privacy Complexity Maintenance Data Analytics Certification/Conformance Other I Don't Know 0 0.5 1 1.5 Devices Recruited to Botnets Devices Used as Ingress Points Privacy - Employee Vulnerable Firmware/API of IoT Ownership of Data Vulnerable Business Process Regulatory Controls Expanded Attack Surface to IoT Privacy - Customers Devices Insecurely Delivered to… Open Source Hacker Tools IoT Security Concerns Source: IoT Developer Survey April 2016 by Eclipse IoT Working Group, IEEE and AGILE; The many guises of the IoT by Quocirca December 2015; 2016 IoT Trends: The Devices Landed by SpiceWorks
  • 8. IOT SECURITY BY NUMBERS 17 % 49 % 21 % 13 % Which statement best captures your feelings about the IoT and security? IoT will be Disaster IoT will have same level of Secuirty Problem as other applications and systems IoT will provide opportunity to increase secuirty over today Other 32 % 46 % 22 % Do you have policy for visibility and secure management of “Things” on your network today? Ye s No Unknow n 8
  • 9. IOT SECURITY BY NUMBERS Other Our Physical Secuirty Group Department Managers Our IT Operations Group The Thing Manufacturer Our IT Security Group 0% 20% 40% 60% 80% 100% In your opinion, who should take responsibility for managing the risk imposed by new “Things” connecting to the Internet and your network? What controls are you using currently to protect against the risks imposed by new “Things” on your network? What controls do you plan on deploying in the next 2 years to address these issues? 80% 70% 60% 50% 40% 30% 20% 10% 0% Current Next 2 Years Data From: SANS Securing the Internet of Things Survey 9
  • 10. IOT CYBERSECURITY - VULNERABILITIES Rank OWASP Top 10 for IoT I1 Insecure Web Interface I2 Insufficient Authentication/ Authorization I3 Insecure Network Services I4 Lack of Transport Encryption/ Integrity Verification I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure Software/Firmware I10 Poor Physical Security Source: OWASP IoT Project •IoT Bases services require continuity and high availability Operational Security •Valuable data require protection Privacy •Many IoT devices lack human users who can install security updates Software Patching •In the absence of universal standards, each implementation requires unique approach to manage authentication and access Identity of Things •Logging system must identify events without relying in time of day data Logging
  • 11. IOT CYBERSECURITY – SECURITY TRIAD 11 Confidentiality Availability Integrity Non-repudiation Authentication Code Validation Threat Model  Availability threats  Integrity threats  Authenticity threats  Confidentiality threats  Non-repudiation/accountability threats Smart processing Data aggregation connectivity Data processing Data transmission network Field components Six Points of SecuritySimplified View of ICT Architecture
  • 12. IOT CYBERSECURITY – SMART CITY Protecting from IntentionalAttacks  Use Virtual Private Network  Encryption of Data  Network Intrusion detection system  Physical protection  Access control  Alarm and surveillance  Information security policy  Activity logs  Maintained of backups  Regular auditing  Shut down procedures
  • 13. IOT CYBERSECURITY – SMART CITY Protecting from Accidents  Monitoring of KPIs  Hardware Redundancy  Shutdown Procedures  Design Specification  Maintenance Scheduling  Response teams  Quality assurance  Reporting procedures  Awareness  Incident Reporting System  Increase Resilience
  • 14. IOT CYBERSECURITY – SMART HOME Threats  Physical attacks  Unintentional damage (accidental)  Disasters and Outages  Damage/ Loss (ITAssets)  Failures/ Malfunctions  Eavesdropping/Interception  Hijacking as well as Nefarious Activity/Abuse
  • 15. IOT CYBERSECURITY – SMART HOME 15  The need for security in Smart Home Environments is still underestimated  Vendors lack incentives to enhance security in Smart Home devices and services  Smart Home devices and services implement few security measures  Smart Home Environments result in new security challenges  IoT vulnerable “building blocks” cause vulnerabilities to be shared at large scale  IoT pervasiveness and dynamicity