SlideShare a Scribd company logo

Cyber warfare update 2016

Download as PPTX, PDF
Kevin Murphy
Kevin Murphy

The document discusses cybersecurity defense and threats facing various industries. It outlines key inflection points like Stuxnet and Target breach. New threats include hacking for hire and risks from the growing Internet of Things ecosystem. The presenter advocates for expanding threat models to include supply chain risks, network segmentation, vulnerability management, and red team testing to protect against modern attacks. Participants are asked to share recent attacks in their industries.

1 of 16
IOActive, Inc. Copyright ©2015. All Rights Reserved. Cybersecurity Defense Update SecureWorld -Seattle Kevin J. Murphy, CISSP, CISM, CGEIT Vice President Operations Kevin.murphy@ioactive.com November 10, 2016
IOActive, Inc. Copyright ©2015. All Rights Reserved. Agenda A very interactive discussion – We learn from each other! “Let’s look at our attack surface a little differently.” • Welcome & Room Introductions • Cybersecurity Inflection Points • The Threat Actors • How to protect your enterprise • Room Discussion
IOActive, Inc. Copyright ©2015. All Rights Reserved. Who is in the room? • Healthcare • Energy • Telecom • Financial • Manufacturing • Government • Retail • IT Vendors • Others?
IOActive, Inc. Copyright ©2015. All Rights Reserved. Game Changing Attack Inflection Points • APT – Nation State espionage / attacks • Stuxnet – Embedded and SCADA systems • Heartbleed – 3rd party software and network appliances • TARGET – HVAC vendor account compromise • San Bernardino Shooting – BYOD Chip memory hacking “What will the next one be?”
IOActive, Inc. Copyright ©2015. All Rights Reserved. New Threat Actors - Hacking for hire
IOActive, Inc. Copyright ©2015. All Rights Reserved. Hacking for hire
IOActive, Inc. Copyright ©2015. All Rights Reserved. Technology Evolves. Security Must Evolve. • The Internet Of Things (IOT) is a game changer. • The products and services being built and used by our customers are changing to meet this new market. • We need to work together to help secure the ecosystem to allow IOT to be successful.
IOActive, Inc. Copyright ©2015. All Rights Reserved. IOT Products = Any Connected Device Your New Endpoints: • Refrigerators, Washers • Home & Building Power meters • Thermostats, HVAC, Cameras • TVs, Smartphones, iPads • Cars, Trains, Buses • Smart Cities 8
IOActive, Inc. Copyright ©2015. All Rights Reserved. Your new endpoints: Chip to Code Biometrics And more… Cloud ArchitectureSystem on chipOS Apps Device Network
IOActive, Inc. Copyright ©2015. All Rights Reserved. IOT End-to-End Attack Vectors
IOActive, Inc. Copyright ©2015. All Rights Reserved. The Evolution of Security Pen Testing • Includes: • Scanning Electron Microscopes (SEMs) • Focused Ion Beams (FIBs) • Ion Etcher • Confocal optical imaging equipment • Specifically equipped garage for vehicle research • Labs drive research and perform security analysis for our customers: • Embedded devices (OEM, Internet of Things (IoT), industrial, transportation, medical, and more) • Low-level device firmware and drivers • Semiconductors 11
IOActive, Inc. Copyright ©2015. All Rights Reserved. Chip level Imaging down to 2 microns
IOActive, Inc. Copyright ©2015. All Rights Reserved. How to Protect your Enterprise • Threat Models: View the complete new attack surface in your threat models - Silicon to applications and supply chain • Supply Chain: Require your supply chain vendors to disclose what security testing they have conducted and the results • Segment your network with firewalls and enclaves
IOActive, Inc. Copyright ©2015. All Rights Reserved. How to Protect your Enterprise • Monitor your network and your hosts with real-time alerting and a well planned incident response plan • Vulnerability mgmt. e.g. Qualys for all your system components. Keep your security patching up-to-date • Red Team /Pen Test. Use combo of internal and external skills. Don’t always use the same people
IOActive, Inc. Copyright ©2015. All Rights Reserved. Resources to help you: http://csrc.nist.gov/
IOActive, Inc. Copyright ©2015. All Rights Reserved. Learning From Peers Please share some of the attacks that your industry has been seeing.

Recommended

Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
IoT613
 
Enterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile worldEnterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile world
Samsung Business USA
 
The Mobile Aware CISO: Security as a Business Enabler
The Mobile Aware CISO: Security as a Business EnablerThe Mobile Aware CISO: Security as a Business Enabler
The Mobile Aware CISO: Security as a Business Enabler
Samsung Business USA
 
EIA 2015 Why future Unicorns will be powered by Bluemix
EIA 2015 Why future Unicorns will be powered by BluemixEIA 2015 Why future Unicorns will be powered by Bluemix
EIA 2015 Why future Unicorns will be powered by Bluemix
European Innovation Academy
 
"Azure is the new black”
"Azure is the new black” "Azure is the new black”
"Azure is the new black”
Marketing Team
 
New Telco Stack: 5G, Edge Computing
New Telco Stack: 5G, Edge ComputingNew Telco Stack: 5G, Edge Computing
New Telco Stack: 5G, Edge Computing
GlobalLogic Ukraine
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of Things
ChromeInfo Technologies
 
Open source IoT
Open source IoTOpen source IoT
Open source IoT
IoT613
 

Recommended

Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
IoT613
 
Enterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile worldEnterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile world
Samsung Business USA
 
The Mobile Aware CISO: Security as a Business Enabler
The Mobile Aware CISO: Security as a Business EnablerThe Mobile Aware CISO: Security as a Business Enabler
The Mobile Aware CISO: Security as a Business Enabler
Samsung Business USA
 
EIA 2015 Why future Unicorns will be powered by Bluemix
EIA 2015 Why future Unicorns will be powered by BluemixEIA 2015 Why future Unicorns will be powered by Bluemix
EIA 2015 Why future Unicorns will be powered by Bluemix
European Innovation Academy
 
"Azure is the new black”
"Azure is the new black” "Azure is the new black”
"Azure is the new black”
Marketing Team
 
New Telco Stack: 5G, Edge Computing
New Telco Stack: 5G, Edge ComputingNew Telco Stack: 5G, Edge Computing
New Telco Stack: 5G, Edge Computing
GlobalLogic Ukraine
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of Things
ChromeInfo Technologies
 
Open source IoT
Open source IoTOpen source IoT
Open source IoT
IoT613
 
De presentatie van Michel Gulpen tijdens de GDPR-avond.
De presentatie van Michel Gulpen tijdens de GDPR-avond. De presentatie van Michel Gulpen tijdens de GDPR-avond.
De presentatie van Michel Gulpen tijdens de GDPR-avond.
Pure Minds
 
BYOD: Be your own device?
BYOD: Be your own device?BYOD: Be your own device?
BYOD: Be your own device?
Michel de Goede
 
The “other side” of MWC: IoT’s turn for the Kool-Aid?
The “other side” of MWC: IoT’s turn for the Kool-Aid?The “other side” of MWC: IoT’s turn for the Kool-Aid?
The “other side” of MWC: IoT’s turn for the Kool-Aid?
Geoff Ballinger
 
electric imp Intro
electric imp Introelectric imp Intro
electric imp Intro
Matt Haines
 
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCXDigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
Mike Speckman
 
IoT in Home Automation: Create an Ultimate IoT Smart Home
IoT in Home Automation: Create an Ultimate IoT Smart HomeIoT in Home Automation: Create an Ultimate IoT Smart Home
IoT in Home Automation: Create an Ultimate IoT Smart Home
Mobinius Technologies
 
Building a better Internet of Things
Building a better Internet of ThingsBuilding a better Internet of Things
Building a better Internet of Things
Janaina Pilomia
 
La technologie Java embarquée pour des plateformes de services riches
La technologie Java embarquée pour des plateformes de services richesLa technologie Java embarquée pour des plateformes de services riches
La technologie Java embarquée pour des plateformes de services riches
charlotte75009
 
The New Industrial Revolution
The New Industrial RevolutionThe New Industrial Revolution
The New Industrial Revolution
David Yushin KIM
 
Io t talk_demoday_141222
Io t talk_demoday_141222Io t talk_demoday_141222
Io t talk_demoday_141222
David Yushin KIM
 
App korea wearable_davidkim_141127_v1.1
App korea wearable_davidkim_141127_v1.1App korea wearable_davidkim_141127_v1.1
App korea wearable_davidkim_141127_v1.1
David Yushin KIM
 
Apps for everything Alec Saunders, QNX
Apps for everything Alec Saunders, QNXApps for everything Alec Saunders, QNX
Apps for everything Alec Saunders, QNX
appbackr
 
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
Alan Quayle
 
Proposal for final project
Proposal for final projectProposal for final project
Proposal for final project
ssuser37e1ef
 
Ayla Networks IoT Platform & Use Cases
Ayla Networks IoT Platform & Use CasesAyla Networks IoT Platform & Use Cases
Ayla Networks IoT Platform & Use Cases
Internet of Things DC
 
Intelligence Driven Security
Intelligence Driven SecurityIntelligence Driven Security
Intelligence Driven Security
MarketingArrowECS_CZ
 
Design Patterns for Ontologies in IoT
Design Patterns for Ontologies in IoTDesign Patterns for Ontologies in IoT
Design Patterns for Ontologies in IoT
Mark Underwood
 
Buy march 7
Buy march 7Buy march 7
Buy march 7
ctringham
 
Simon Ford - ARM and the Open Internet of Things
Simon Ford - ARM and the Open Internet of ThingsSimon Ford - ARM and the Open Internet of Things
Simon Ford - ARM and the Open Internet of Things
Business of Software Conference
 
IOT thought leadership
IOT thought leadershipIOT thought leadership
IOT thought leadership
Kam Soon Siew
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
Senrio
 
Law seminars intl cybersecurity in the power industry
Law seminars intl cybersecurity in the power industryLaw seminars intl cybersecurity in the power industry
Law seminars intl cybersecurity in the power industry
Kevin Murphy
 

More Related Content

What's hot

De presentatie van Michel Gulpen tijdens de GDPR-avond.
De presentatie van Michel Gulpen tijdens de GDPR-avond. De presentatie van Michel Gulpen tijdens de GDPR-avond.
De presentatie van Michel Gulpen tijdens de GDPR-avond.
Pure Minds
 
BYOD: Be your own device?
BYOD: Be your own device?BYOD: Be your own device?
BYOD: Be your own device?
Michel de Goede
 
The “other side” of MWC: IoT’s turn for the Kool-Aid?
The “other side” of MWC: IoT’s turn for the Kool-Aid?The “other side” of MWC: IoT’s turn for the Kool-Aid?
The “other side” of MWC: IoT’s turn for the Kool-Aid?
Geoff Ballinger
 
electric imp Intro
electric imp Introelectric imp Intro
electric imp Intro
Matt Haines
 
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCXDigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
Mike Speckman
 
IoT in Home Automation: Create an Ultimate IoT Smart Home
IoT in Home Automation: Create an Ultimate IoT Smart HomeIoT in Home Automation: Create an Ultimate IoT Smart Home
IoT in Home Automation: Create an Ultimate IoT Smart Home
Mobinius Technologies
 
Building a better Internet of Things
Building a better Internet of ThingsBuilding a better Internet of Things
Building a better Internet of Things
Janaina Pilomia
 
La technologie Java embarquée pour des plateformes de services riches
La technologie Java embarquée pour des plateformes de services richesLa technologie Java embarquée pour des plateformes de services riches
La technologie Java embarquée pour des plateformes de services riches
charlotte75009
 
The New Industrial Revolution
The New Industrial RevolutionThe New Industrial Revolution
The New Industrial Revolution
David Yushin KIM
 
Io t talk_demoday_141222
Io t talk_demoday_141222Io t talk_demoday_141222
Io t talk_demoday_141222
David Yushin KIM
 
App korea wearable_davidkim_141127_v1.1
App korea wearable_davidkim_141127_v1.1App korea wearable_davidkim_141127_v1.1
App korea wearable_davidkim_141127_v1.1
David Yushin KIM
 
Apps for everything Alec Saunders, QNX
Apps for everything Alec Saunders, QNXApps for everything Alec Saunders, QNX
Apps for everything Alec Saunders, QNX
appbackr
 
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
Alan Quayle
 
Proposal for final project
Proposal for final projectProposal for final project
Proposal for final project
ssuser37e1ef
 
Ayla Networks IoT Platform & Use Cases
Ayla Networks IoT Platform & Use CasesAyla Networks IoT Platform & Use Cases
Ayla Networks IoT Platform & Use Cases
Internet of Things DC
 
Intelligence Driven Security
Intelligence Driven SecurityIntelligence Driven Security
Intelligence Driven Security
MarketingArrowECS_CZ
 
Design Patterns for Ontologies in IoT
Design Patterns for Ontologies in IoTDesign Patterns for Ontologies in IoT
Design Patterns for Ontologies in IoT
Mark Underwood
 
Buy march 7
Buy march 7Buy march 7
Buy march 7
ctringham
 
Simon Ford - ARM and the Open Internet of Things
Simon Ford - ARM and the Open Internet of ThingsSimon Ford - ARM and the Open Internet of Things
Simon Ford - ARM and the Open Internet of Things
Business of Software Conference
 
IOT thought leadership
IOT thought leadershipIOT thought leadership
IOT thought leadership
Kam Soon Siew
 

What's hot (20)

De presentatie van Michel Gulpen tijdens de GDPR-avond.
De presentatie van Michel Gulpen tijdens de GDPR-avond. De presentatie van Michel Gulpen tijdens de GDPR-avond.
De presentatie van Michel Gulpen tijdens de GDPR-avond.
 
BYOD: Be your own device?
BYOD: Be your own device?BYOD: Be your own device?
BYOD: Be your own device?
 
The “other side” of MWC: IoT’s turn for the Kool-Aid?
The “other side” of MWC: IoT’s turn for the Kool-Aid?The “other side” of MWC: IoT’s turn for the Kool-Aid?
The “other side” of MWC: IoT’s turn for the Kool-Aid?
 
electric imp Intro
electric imp Introelectric imp Intro
electric imp Intro
 
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCXDigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
DigiKey announces Global Agreement with enmo Technologies_FINAL.DOCX
 
IoT in Home Automation: Create an Ultimate IoT Smart Home
IoT in Home Automation: Create an Ultimate IoT Smart HomeIoT in Home Automation: Create an Ultimate IoT Smart Home
IoT in Home Automation: Create an Ultimate IoT Smart Home
 
Building a better Internet of Things
Building a better Internet of ThingsBuilding a better Internet of Things
Building a better Internet of Things
 
La technologie Java embarquée pour des plateformes de services riches
La technologie Java embarquée pour des plateformes de services richesLa technologie Java embarquée pour des plateformes de services riches
La technologie Java embarquée pour des plateformes de services riches
 
The New Industrial Revolution
The New Industrial RevolutionThe New Industrial Revolution
The New Industrial Revolution
 
Io t talk_demoday_141222
Io t talk_demoday_141222Io t talk_demoday_141222
Io t talk_demoday_141222
 
App korea wearable_davidkim_141127_v1.1
App korea wearable_davidkim_141127_v1.1App korea wearable_davidkim_141127_v1.1
App korea wearable_davidkim_141127_v1.1
 
Apps for everything Alec Saunders, QNX
Apps for everything Alec Saunders, QNXApps for everything Alec Saunders, QNX
Apps for everything Alec Saunders, QNX
 
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...
 
Proposal for final project
Proposal for final projectProposal for final project
Proposal for final project
 
Ayla Networks IoT Platform & Use Cases
Ayla Networks IoT Platform & Use CasesAyla Networks IoT Platform & Use Cases
Ayla Networks IoT Platform & Use Cases
 
Intelligence Driven Security
Intelligence Driven SecurityIntelligence Driven Security
Intelligence Driven Security
 
Design Patterns for Ontologies in IoT
Design Patterns for Ontologies in IoTDesign Patterns for Ontologies in IoT
Design Patterns for Ontologies in IoT
 
Buy march 7
Buy march 7Buy march 7
Buy march 7
 
Simon Ford - ARM and the Open Internet of Things
Simon Ford - ARM and the Open Internet of ThingsSimon Ford - ARM and the Open Internet of Things
Simon Ford - ARM and the Open Internet of Things
 
IOT thought leadership
IOT thought leadershipIOT thought leadership
IOT thought leadership
 

Similar to Cyber warfare update 2016

The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
Senrio
 
Law seminars intl cybersecurity in the power industry
Law seminars intl cybersecurity in the power industryLaw seminars intl cybersecurity in the power industry
Law seminars intl cybersecurity in the power industry
Kevin Murphy
 
Leveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachLeveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future Breach
Kevin Murphy
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
Balwinder Kaur
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefInternet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Bill Chamberlin
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
FitCEO, Inc. (FCI)
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh
 
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Vladimir Eliseev
 
Ibm iot overview
Ibm iot overviewIbm iot overview
Ibm iot overview
Eric Cattoir
 
Cisco data analytics in ioe_rajiv niles_2015 nov
Cisco data analytics in ioe_rajiv niles_2015 novCisco data analytics in ioe_rajiv niles_2015 nov
Cisco data analytics in ioe_rajiv niles_2015 nov
CiscoKorea
 
Outsmarting the Smart City
Outsmarting the Smart CityOutsmarting the Smart City
Outsmarting the Smart City
Priyanka Aash
 
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Priyanka Aash
 
Cl16 wit io_t
Cl16 wit io_tCl16 wit io_t
Cl16 wit io_t
Shubha Govil
 
Reshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to ConsiderReshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to Consider
Eurotech
 
meet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
meet2016: Reshaping Business Through IoT: Key Technology Factors to Considermeet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
meet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
Roberto Siagri
 
Delivering a commercially successful end-to end IoT Solution.
Delivering a commercially successful end-to end IoT Solution.Delivering a commercially successful end-to end IoT Solution.
Delivering a commercially successful end-to end IoT Solution.
Miriam O'Brien
 
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
gogo6
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital Footprint
SurfWatch Labs
 

Similar to Cyber warfare update 2016 (20)

The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
 
Law seminars intl cybersecurity in the power industry
Law seminars intl cybersecurity in the power industryLaw seminars intl cybersecurity in the power industry
Law seminars intl cybersecurity in the power industry
 
Leveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachLeveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future Breach
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefInternet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
 
Ibm iot overview
Ibm iot overviewIbm iot overview
Ibm iot overview
 
Cisco data analytics in ioe_rajiv niles_2015 nov
Cisco data analytics in ioe_rajiv niles_2015 novCisco data analytics in ioe_rajiv niles_2015 nov
Cisco data analytics in ioe_rajiv niles_2015 nov
 
Outsmarting the Smart City
Outsmarting the Smart CityOutsmarting the Smart City
Outsmarting the Smart City
 
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
 
Cl16 wit io_t
Cl16 wit io_tCl16 wit io_t
Cl16 wit io_t
 
Reshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to ConsiderReshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to Consider
 
meet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
meet2016: Reshaping Business Through IoT: Key Technology Factors to Considermeet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
meet2016: Reshaping Business Through IoT: Key Technology Factors to Consider
 
Delivering a commercially successful end-to end IoT Solution.
Delivering a commercially successful end-to end IoT Solution.Delivering a commercially successful end-to end IoT Solution.
Delivering a commercially successful end-to end IoT Solution.
 
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
The IoT Food Chain – Picking the Right Dining Partner is Important with Dean ...
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital Footprint
 

Recently uploaded

一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
ukwwuq
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
bseovas
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 

Recently uploaded (20)

一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 

Cyber warfare update 2016

  • 1. IOActive, Inc. Copyright ©2015. All Rights Reserved. Cybersecurity Defense Update SecureWorld -Seattle Kevin J. Murphy, CISSP, CISM, CGEIT Vice President Operations Kevin.murphy@ioactive.com November 10, 2016
  • 2. IOActive, Inc. Copyright ©2015. All Rights Reserved. Agenda A very interactive discussion – We learn from each other! “Let’s look at our attack surface a little differently.” • Welcome & Room Introductions • Cybersecurity Inflection Points • The Threat Actors • How to protect your enterprise • Room Discussion
  • 3. IOActive, Inc. Copyright ©2015. All Rights Reserved. Who is in the room? • Healthcare • Energy • Telecom • Financial • Manufacturing • Government • Retail • IT Vendors • Others?
  • 4. IOActive, Inc. Copyright ©2015. All Rights Reserved. Game Changing Attack Inflection Points • APT – Nation State espionage / attacks • Stuxnet – Embedded and SCADA systems • Heartbleed – 3rd party software and network appliances • TARGET – HVAC vendor account compromise • San Bernardino Shooting – BYOD Chip memory hacking “What will the next one be?”
  • 5. IOActive, Inc. Copyright ©2015. All Rights Reserved. New Threat Actors - Hacking for hire
  • 6. IOActive, Inc. Copyright ©2015. All Rights Reserved. Hacking for hire
  • 7. IOActive, Inc. Copyright ©2015. All Rights Reserved. Technology Evolves. Security Must Evolve. • The Internet Of Things (IOT) is a game changer. • The products and services being built and used by our customers are changing to meet this new market. • We need to work together to help secure the ecosystem to allow IOT to be successful.
  • 8. IOActive, Inc. Copyright ©2015. All Rights Reserved. IOT Products = Any Connected Device Your New Endpoints: • Refrigerators, Washers • Home & Building Power meters • Thermostats, HVAC, Cameras • TVs, Smartphones, iPads • Cars, Trains, Buses • Smart Cities 8
  • 9. IOActive, Inc. Copyright ©2015. All Rights Reserved. Your new endpoints: Chip to Code Biometrics And more… Cloud ArchitectureSystem on chipOS Apps Device Network
  • 10. IOActive, Inc. Copyright ©2015. All Rights Reserved. IOT End-to-End Attack Vectors
  • 11. IOActive, Inc. Copyright ©2015. All Rights Reserved. The Evolution of Security Pen Testing • Includes: • Scanning Electron Microscopes (SEMs) • Focused Ion Beams (FIBs) • Ion Etcher • Confocal optical imaging equipment • Specifically equipped garage for vehicle research • Labs drive research and perform security analysis for our customers: • Embedded devices (OEM, Internet of Things (IoT), industrial, transportation, medical, and more) • Low-level device firmware and drivers • Semiconductors 11
  • 12. IOActive, Inc. Copyright ©2015. All Rights Reserved. Chip level Imaging down to 2 microns
  • 13. IOActive, Inc. Copyright ©2015. All Rights Reserved. How to Protect your Enterprise • Threat Models: View the complete new attack surface in your threat models - Silicon to applications and supply chain • Supply Chain: Require your supply chain vendors to disclose what security testing they have conducted and the results • Segment your network with firewalls and enclaves
  • 14. IOActive, Inc. Copyright ©2015. All Rights Reserved. How to Protect your Enterprise • Monitor your network and your hosts with real-time alerting and a well planned incident response plan • Vulnerability mgmt. e.g. Qualys for all your system components. Keep your security patching up-to-date • Red Team /Pen Test. Use combo of internal and external skills. Don’t always use the same people
  • 15. IOActive, Inc. Copyright ©2015. All Rights Reserved. Resources to help you: http://csrc.nist.gov/
  • 16. IOActive, Inc. Copyright ©2015. All Rights Reserved. Learning From Peers Please share some of the attacks that your industry has been seeing.

Editor's Notes

  1. Often when security firms say they “do mobile security”, they typically mean just the mobile apps. In our case, we handle everything from chip to code – everything from the processors, to embedded systems, the device itself, the apps, the network, the storage – and everything in between.