CyberSecurity_for_the_IoT

Cybersecurity for the IoT
Dr Abdullahi Arabo Jr
Senior Lecturer in Computer Networks and Mobile
Technologies
Department of Computer Science and Creative Technologies
Faculty of Environment and Technology
UWE, Frenchay, Bristol, BS16 1QY, UK

Overview
• Brief recap on IoT
• Some examples
• Cybersecurity Issues of IoT
12 May 2015 IoT Submit 2

Today’s Cyber Situation
• Victims of our own success
• Opportunity expands the attack surface:
– Clouds linked to legacy systems
– IoT means more entry points
– Bring Your Own Devices (BYOD)
• We’re not doing all we can:
– Poor info sharing even at basic levels, not real-
time
– Eliminating/upgrading legacy systems
– Government – no legislation since 2002, poor
grades

Cyber is not a Normal Risk!
• Cyber defies conventional metrics
– Non-quantifiable
– Non-predictable
– Global, not local
– Can put the entire system at complete risk
• Examples of normal risks:
– Weather - business interruption
– Employee and customer lawsuits
– Theft of a trailer full of cell phones

Attacks will increase rapidly due to
• Hyper-growth
• Poor security hygiene
• High value of data on IoT devices
Thread Predictions 2015 – McAfee Labs

IoT Cybersecurity/Privacy Issues
• IoT provide an opportunity for enterprise
and PAN or Connect Home Ecosystems
• Downside – all that connectivity and
production of massive amount of data and
lack of standards
• Dramatically increase the potential of
cybersecurity intrusions and infringements
upon privacy

• As a starter, there are three areas that will
require some new or additional attention in
the IoT world
– Customer facing privacy policies
– Internal Infosec policies – BOYD and
DocRetention
– B2B commercial agreements – including
cloud storage agreements

Photo: Showtime
The scenario was explored in an
episode of Homeland
Terrorists could
hack into
electronic
implants like
pacemakers to
kill targets,
Defibrillators,
bedside intravenous
fluid pumps,
scanners and
hospital networks.

• In short, IoT will alter the playing filed as
much if not more than PCs and mobile
devices have, combined
• Vast amounts of data, increasing security
concerns, rising privacy issues
• The IoT savvy leaders will see this coming
and help to lead their company with
confidence and vision

Key STANDARDS emerging
for an Open Internet of Things
Lightweight protocols
for devices to work
together, communicate
OASIS MQTT, MQTT-SN
OASIS SmartGrid projects
Unique and extensible
identifiers for all those
billions of devices
Multiple new projects, XRI,
UUIDs, etc.
Demand for API access
and interoperability
SOA/Cloud orchestration
and API standardization
(AMQP, MQTT, OData)
Cybersecurity KMIP, SAML, XACML/JSON,
PKCS11, CloudAuthZ
Privacy and Policy PMRM, PbDSE, and Personal
Data Stores

IoT – Remarks
• IoT is an exciting megatrend – it offer amazing
advancements in connected homes, health,
community, defense etc.
• It is likely to propel organization forward in ways
yet to be imagined
• However, for us whose job is to secure this service
it provides a shifting and uncertain landscape
• For the cyber criminals – it provides a honeypot of
opportunities
• For lay users – it provides a security nightmare
• For enterprise developing such solutions – it
provides huge opportunities for revenue

@AArabojr
abdullahi.arabo@uwe.ac.uk

CyberSecurity_for_the_IoT

More Related Content

What's hot

Similar to CyberSecurity_for_the_IoT

CyberSecurity_for_the_IoT