2. Instructor: Junior Williams
Instructor: Junior Williams
Introduction to IoT, OT, and XIoT
IoT refers to Internet of Things, a network of physical objects embedded with
sensors and software to connect and exchange data over the internet
OT refers to Operational Technology, hardware and software used to monitor
and control physical processes and devices
XIoT refers to Extended Internet of Things, encompassing IoT, OT, and other
cyber-physical systems like medical devices
3. Instructor: Junior Williams
Instructor: Junior Williams
Overview of IoT
• Connects everyday objects like appliances,
vehicles, lights, etc. to the internet via
embedded sensors and software
• Enables objects to collect and exchange data,
becoming "smart" devices
• Provides automation, analysis, integration of
physical world into computer systems
• Applications across many industries like
manufacturing, transportation, healthcare, etc.
5. Instructor: Junior Williams
Instructor: Junior Williams
IoT Communication
Protocols
IoT Communication Protocols
• MQTT - lightweight publish-subscribe protocol
• CoAP - web transfer protocol for constrained
nodes
• AMQP - asynchronous messaging protocol
• DDS - data-centric publish-subscribe protocol
• XMPP - extensible messaging and presence
protocol
6. Instructor: Junior Williams
Instructor: Junior Williams
Overview of OT
Hardware and software
systems used to monitor and
control physical processes
Found in industries like
manufacturing, power
generation, oil and gas, etc.
Includes components like
sensors, SCADA, DCS, PLCs,
HMIs, actuators
Focuses on reliability, safety,
real-time control vs IT focus
on data/info
OT (Operational Technology): OT specifically refers to the
technology used to monitor and control physical processes,
devices, and infrastructure in industrial operations. It includes
systems like SCADA (Supervisory Control and Data Acquisition),
PLCs (Programmable Logic Controllers), and other control
systems.
7. Instructor: Junior Williams
Instructor: Junior Williams
OT Components
• Sensors measure processes
• PLCs control processes
• SCADA monitors systems
• DCS - distributed control system
• HMIs - human-machine
• Actuators - mechanical devices
SCADA, which stands for Supervisory Control and
Data Acquisition, is a system of hardware and
software elements used to control and monitor
industrial processes, infrastructure, and facilities.
10. Instructor: Junior Williams
Instructor: Junior Williams
XIoT
Cybersecurity
Best Practices
• Asset inventory
• Access control
• Encryption
• Security frameworks
(e.g. NIST, CIS, ISO, etc.)
11. Instructor: Junior Williams
Instructor: Junior Williams
Group Activity – Assessment 3 / PART 2
• Groups are supposed to discuss the following topics and prepare a short
presentation.
• What is IoT?
• How IoT is applied in the Industry assigned to your group.
• Group A: Smart Home
• Group B: Healthcare
• Group C: Retail
• Group D: Agriculture
• Group E: Transportation
• What Cybersecurity concerns does IoT raise in that industry?
12. Instructor: Junior Williams
Instructor: Junior Williams
XIoT Security Standards/Frameworks
IEC 62443 - Industrial
automation and control
systems security
NIST SP 800-82 - Guide
to industrial control
systems security
ISO/IEC 27001 -
Information security
management
NIST Cybersecurity
Framework
CIS Critical Security
Controls
15. Instructor: Junior Williams
Instructor: Junior Williams
XIoT Governance -
Define roles and
responsibilities
• IoT Governance Board: Establish a dedicated
governance board responsible for overseeing and
guiding XIoT initiatives. This board may include
representatives from various departments, such as
IT, security, legal, compliance, and business units.
• Chief IoT Officer (CIoTO): Designate an executive
or leader responsible for coordinating and driving
the organization's XIoT strategy. This role ensures
alignment with business goals and compliance
with regulatory requirements.
• IoT Project Teams: Define roles and
responsibilities for teams involved in
implementing and managing specific IoT projects.
This may include individuals responsible for
device deployment, data management, security,
and maintenance.
16. Instructor: Junior Williams
Instructor: Junior Williams
XIoT Governance -
Policies and procedures
• Data Governance Policies: Establish clear policies
governing the collection, storage, processing, and sharing
of IoT-generated data. Ensure compliance with data
protection regulations and industry standards.
• Security Policies: Develop comprehensive security
policies that address the unique challenges of IoT devices,
including authentication, encryption, and secure device
lifecycle management.
• Privacy Policies: Define policies that protect the privacy
of individuals whose data is collected by IoT devices. This
includes obtaining consent, anonymizing data when
necessary, and providing transparency about data usage.
• Device Lifecycle Management: Implement procedures
for the entire lifecycle of IoT devices, from procurement
and deployment to maintenance, updates, and eventual
decommissioning.
17. Instructor: Junior Williams
Instructor: Junior Williams
XIoT Governance - Risk
assessments
• Security Risk Assessment: Conduct regular assessments
to identify and mitigate security risks associated with XIoT
deployments. This includes evaluating vulnerabilities in
devices, networks, and communication protocols.
• Compliance Risk Assessment: Assess the organization's
compliance with relevant laws, regulations, and industry
standards governing IoT implementations, such as data
protection and cybersecurity regulations.
• Operational Risk Assessment: Evaluate the operational
risks associated with XIoT, including potential disruptions
to business processes, system failures, and the impact on
customer experiences.
• Supply Chain Risk Assessment: Assess and manage risks
related to the IoT device supply chain, ensuring the
integrity and security of devices from production to
deployment.
18. Instructor: Junior Williams
Instructor: Junior Williams
XIoT Governance -
Enforcement
Monitoring and Enforcement:
• Continuous Monitoring: Implement mechanisms for
continuous monitoring of IoT devices and the associated
infrastructure to detect anomalies, security breaches, or
performance issues.
• Enforcement Mechanisms: Define processes for enforcing
policies and procedures, including consequences for non-
compliance. This may involve using technology solutions,
conducting audits, and providing ongoing training to
personnel.
Regular Audits and Reviews:
• Regular Audits: Conduct periodic audits of XIoT
implementations to ensure alignment with governance
policies, regulatory requirements, and best practices.
• Performance Reviews: Assess the performance of XIoT
initiatives against defined objectives, making adjustments
as needed to improve efficiency, security, and compliance.
22. Instructor: Junior Williams
Instructor: Junior Williams
XIoT – Final Thoughts
IoT, OT, and XIoT enable
automation and data exchange
between cyber-physical systems
and internet-connected devices
Presents new security
challenges with diverse,
interconnected assets and
environments
Holistic approach required
combining IT and OT security
tools, policies, and procedures
Asset management, network
segmentation, monitoring, and
encryption key for risk
reduction
25. Instructor: Junior Williams
Instructor: Junior Williams
Botnets
• A botnet comprises specific internet-connected computers
• Each computer infected by specialized malware
• Malware enables remote attacker to control individual computer
• All computers collectively managed by attacker through designated
server
• Server used to issue commands to all malware-infected computers
27. Instructor: Junior Williams
Botnets usually have the structure of a centralized network
Which means – each Bot is controlled by the server
This server is also called a C&C Server
Add a footer
The Structure of Botnets
28. Instructor: Junior Williams
The C&C Server
C&C server is for Command & Control
Attacker stores commands for botnet on server
Bots pull commands from server
Bots return operation results to server
Add a footer
29. Instructor: Junior Williams
How Bots Are Made
• A computer can be infected by
visiting a malicious website
• An Infected mails, or software's
are also an option which
cybercriminals use to infect
computers and turns them into
bots
Add a footer
30. Instructor: Junior Williams
How Bots Are Made
Once a computer is infected, it tries to connect to the C&C Server
If successful, the malware generate a Unique ID for this computer and send it along with
other valuable info (locations, usernames, password hashes, etc.) to the C&C Server
Add a footer
31. Instructor: Junior Williams
Bot Routine
Bot routine initiated based on attacker's configuration
Bot connects to C&C at set intervals, such as once a day, to fetch
commands
Bot carries out fetched commands
Results of executed commands sent back to C&C
Add a footer
32. Instructor: Junior Williams
What Kind of Commands can the
Bots Execute ?
There 2 types of commands usually executed by the
bots:
Local commands – which usually will retrieve
information from the Bot’s computer
Remote commands – which usually will used to
attack other computers using the Bot
Add a footer
33. Instructor: Junior Williams
Local Commands –
Screenshots
Download files
Execute Files
View webcam
Obtain credentials
Add a footer
What Kind of Commands the Bots
Can Execute ?
34. Instructor: Junior Williams
What Kind of Commands the
Bots Can Execute ?
Remote Commands –
DoS attack
Try to infect a remote computer
Send a malicious email
Add a footer
35. Instructor: Junior Williams
DoS & DDoS
DoS – Denial Of Service – is an attack which aims to make a service
unavailable to legitimate users for example preventing YouTube from
being able to serve users.
DDoS – Distributed Denial Of Service – is the same attack but its
executing from a number of computers for example Bots
Add a footer
36. Instructor: Junior Williams
DoS & DDoS – How it Works ?
The attack preformed by sending many request as possible to a
server until it crashes (from running out of compute or storage
capacity)
Modern servers are too resilient to be crashed by a single
computer
DDoS – Attackers now uses Botnets in order to perform a
successful DoS attack
Add a footer
38. Instructor: Junior Williams
How Attackers Construct a
New Botnet Network ?
• An Exploit Kit
• Scanning
• Buying an existing botnet network
Add a footer
39. Instructor: Junior Williams
Exploit Kit
• An Exploit Kit is a special kit designed and built in
order to execute an authorized code on a remote
computer
• It can be bought(for example on the dark net) or
be devolved by an attacker
• If an Exploit Kit offers a unique ability to infect
remote computers it can become a really
expensive business
Add a footer
41. Instructor: Junior Williams
Buying an Existing
Botnet Network
• Cybercriminals offer pre-
constructed networks online
• Activity ongoing for extended
period on Dark Net
• Botnet network cost
influenced by geographical
location of compromised
computers
• Computers in United States
often command highest prices
Add a footer