SlideShare a Scribd company logo

IIoT Endpoint Security – The Model in Practice

team-WIBU
team-WIBU

What is your first line of defense against cyberattacks? Secure endpoints! Endpoints are everywhere in the IIoT landscape. Without proper security, Industrial Internet of Things (IIoT) systems are not trustworthy, putting organizations, their missions and the greater public at increased risk. The viability of the IIoT depends on proper implementation of security to counter the growing and ever changing threats that are emerging. Addressing this challenge is critical to the success of the Industrial IoT, Industrie 4.0 and the Industrial Internet revolution. To that end, Industrial Internet Consortium members have developed a common security framework and an approach to assess cybersecurity in Industrial Internet of Things systems: The Industrial Internet Security Framework (IISF). Watch the webinar: https://youtu.be/t0GC4Fp-NXQ

Software
1 of 33
Download to read offline
IIoT Endpoint Security – The Model in Practice February 22, 2017 Industrial Internet Security Framework #IICSeries
Guest Speakers 2 MARCELLUS BUCHHEIT President and CEO, Wibu-Systems USA Editor, Industrial Internet Consortium Security Framework @WibuSystems TERRENCE BARR Head of Solutions Engineering, Electric Imp, Inc. @electricimp
Motivation 3 Unprotected devices in internet are dangerous! They can be used to: • Intrude into local networks: stealing or deleting private data • Block or alter websites or internet communication • Upload viruses and start Denial-of-Service (DoS) attacks Additional for IIoT: • Shut down public or private services (electricity, water, sewer etc.) • Prevent commercial usage (production, hospitals, hotels, PoS etc.), • Damage or destroy industrial installations or produced parts
Motivation 4 Unprotected devices problematic for component manufacturer • Example: FTC charges D-Link for unsecure routers and IP cameras • https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk- due-inadequate Unprotected devices problematic for users/operators • Example: Point-of-Sale (POS) attack at Target end of 2013 • 40 million credit cards and 70 million addresses stolen • Target paid $50M+ for settlements • http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
A few words about Wibu-Systems 5 • Wibu-Systems was founded in 1989 in Germany • Global company targeting secure software licensing • Offer security and licensing solutions for IIoT systems and devices • More about the company: www.wibu.com • More about the key product: http://www.wibu.com/codemeter • More about IIoT security: http://www.wibu.com/embedded-software- security • And since 2015 member of the Industrial Internet Consortium (IIC)
About the IIC Industrial Internet Consortium Security Webinar February 22, 2017 Kathy Walsh, walsh@iiconsortium.org Director of Marketing
The Industrial Internet is Leading the Next Economic Revolution 7 GDP data extracted from the Futurist 2007
Bring Together the Players to Accelerate Adoption 8 Connectivity Standards Technology Research Academia Systems Integration Security Government Big Data Industries The Industrial Internet: A $32 trillion opportunity
The IIC: Things are Coming Together 9 Things are coming together. Academia Standards Research Systems Integration Government IndustriesConnectivity Technology Big Data Security
The Industrial Internet Consortium is a global, member supported organization that promotes the accelerated growth of the Industrial Internet of Things by coordinating ecosystem initiatives to securely connect, control and integrate assets and systems of assets with people, processes and data using common architectures, interoperability and open standards to deliver transformational business and societal outcomes across industries and public infrastructure. Launched in March 2014 by five founding members: AT&T, Cisco, General Electric, IBM & Intel. The IIC is an open, neutral “sandbox” where industry, academia and government meet to collaborate, innovate and enable. Industrial Internet Consortium Mission Over 250 Member Organizations Spanning 30 Countries 10
Securing IIoT Endpoints -- The Model Industrial Internet Consortium Security Webinar February 22, 2017 Marcellus Buchheit, mabu@wibu.com Wibu-Systems USA Inc.
Overview 12 What is an endpoint? Why endpoint security? Security functions of an endpoint Implementing endpoint security
What is an Endpoint? 13 The IIoT Landscape: Where are Endpoints? E P E PE P E P E P E P E P
What is an Endpoint (II)? 14 IISF and IIC defines endpoints similar as ISO/IEC 24791-1:2010 standard does: • An endpoint is one of two components that either implements and exposes an interface to other components or uses the interface of another component. IIC simplified this definition (see IIC Vocabulary, version 2.0): • An endpoint is a component that has an interface for network communication. … but added a note for clarification: • An endpoint can be of various types including device endpoint or an endpoint that provides cloud connectivity. Endpoint 1 Endpoint 2 Communication
What is an Endpoint (III)? 15 The IIoT Landscape: Endpoints are everywhere! E P E PE P E P E P E P E P
What is an Endpoint (IV)? 16 Summary: • Endpoints are everywhere in an IIoT System (including edge and cloud) • One single (security) model for all locations • A single computer, even a device, can have several endpoints • Example Router: One LAN endpoint, one WAN endpoint • Frequently shared code/data between multiple endpoints • Endpoint and its communication is another model
Why endpoint security? 17 Endpoints are the only location in an IIoT system where: • Execution code is stored, started and updated • Data is stored, modified or applied (“Data at Rest” / “Data in Use“) • Communication to another endpoint is initiated and protected • Network security is analyzed, configured, monitored and managed Result: An attack to an IIoT system typically starts in attacking one or more endpoints: • Try to access the execution code and analyze to find weak security implementation • Attack weak communication protection via network • Modify or replace (“hijack”) the execution code in a malicious way • ...
IISF Endpoint Protection Model 18
Threats and Vulnerabilities to an IIoT Endpoint 19 1. Hardware components 2/3. Boot process 4. Operating System 5. Hypervisor/Sep. Kernel 6. Non-OS Applications 7. Applications and their API 8. Runtime Environment 9. Containers 10. Deployment 11. Data at Rest, Data in Use 12. Monitoring/Analysis 13. Configuration/Management 14. Security Model/Policy 15. Development Environment
Endpoint security: Solutions 20 • Start with a clean design of the security model and policies • Define endpoint identity, authorization, authentication • How other endpoints see me? What can they do with me? • Define proper data protection model • Integrity and confidentiality, especially of shared data-in-rest but also data-in- use • Define secure hardware, BIOS, roots of trust • Includes lifetime of hardware, BIOS update, consistent root of trust • Select secure OS, hypervisor, programming language • Consider lifetime of (open source?), dynamic of programming language • Consider isolation principles (4 different models explained in IISF) • Plan remote code update and provide code integrity • Security has an unspecific expiration date: needs update • Code integrity prevents malicious remote code-hijacking
Endpoint security: Solutions (II) 21 • Plan “beyond the basics” security instantly • Plan security configuration and management • For example: defining, replacing and updating of keys and certificates • User-friendly setting of access rights and authorization • Plan endpoint monitoring and analysis • For example: log all security configuration changes • Log all unexpected remote activity • Provide user-friendly analysis, alerts etc. • Implement “state of the art”: • Have a team of experienced security implementers • Use latest versions of development tools, OS, hypervisors, libraries • Test a lot, including malicious attacks • Prepare and test your first remote update
Securing IIoT Endpoints -- In Practice Industrial Internet Consortium Security Webinar February 22, 2017 Terrence Barr, terrence@electricimp.com Head of Solutions Engineering
Endpoint Security Introduction to Electric Imp 23
Electric Imp Industrial-strength IoT starts here Secure IoT Connectivity Platform Authorized Hardware for connected devices impOS™ and hardware impCloud™ imp Enterprise API’s BlinkUp™ & impFactory™ impSecure™ Proven IoT Deployments at Scale • 2016: surpassed 1 Million WiFi/Ethernet devices • 18B+ data messages per month • 100+ customers; 105+ countries Full Lifecycle, Trusted Security • Passed security review and pen-testing: • In process: UL 2900-2-2: Cybersecurity Certification for Industrial Controls plus first Affiliate program • Aligned with IIC Security Framework Fastest Prototype-to-Production • 5 months for GE connected air conditioner 24© Property of Electric Imp, Inc.
Endpoint Security Implementation Approach 25
Endpoint Security: Part of Integrated and Managed Security Silicon-to-Cloud Security – Defense in Depth & Defense in Time 7. Full Lifecycle Managed Services 1. Edge Device Security incl. Secure Silicon & Managed Software 4. Secure Communication via Managed Tunnel 3. Trusted Manufacture & Commissioning 6. Secure Cloud and Application Integration 2. Data Privacy, Integrity & Confidentiality 5. Protected Public & Private Cloud 26© Property of Electric Imp, Inc.
IISF Endpoint Protection Techniques Electric Imp Implementation Protecting Endpoints: General Endpoint protection from the silicon upwards, every level tightly integrated and tested for full coverage of security objective and no weak links Architectural Considerations for Protecting Endpoints Designed from the ground up for resource-constrained IoT devices and real-world use cases and proven in large-scale customer deployments Endpoint Physical Security Disabled hardware interfaces, tampering destroys individual module Establish Roots of Trust Unique per-device keys, secure provisioning via cloud device management Endpoint Identity One-Time-Programming at module manufacturing time Endpoint Access Control Mutual authentication with RSA certificates and ECC challenge-response Endpoint Integrity Protection HSM protected keys, secure boot, non-execution barriers with cloud alerts Endpoint Data Protection All processing on-die, all off-die storage with device-unique encryption. TLS 1.2, AES-128, EDH forward secrecy. Endpoint Monitoring and Analysis Extensive monitoring of security-sensitive operations Endpoint Configuration and Management Endpoints managed, configured, and provisioned from the impCloud, all updates signed, encrypted, and logged Cryptography Techniques for Endpoint Protection AES-128 GCM+AEAD with device-unique keys, hardware accelerator and true random used where available. Isolation Techniques for Endpoint Protection Sandboxed application execution (VM), application updates separate from OS updates 27© Property of Electric Imp, Inc.
Endpoint Security Real-World Case Study 28
• Replace analogue lines • Customer delight exceeds expectations • Recognized as Business Transformation success story 1.5M Customers worldwide Security for regulated markets Reduce service calls by 20% ROI – Payback in 45 days on connectivity costs alone SmartLink™ device 29© Property of Electric Imp, Inc.
impSecureTM: Integrated Silicon-to-Cloud Security and Connectivity managed by Electric Imp ’Slide-In’ Postage Meter Retrofit for Device-to-Cloud Security and Connectivity imp Application Module impOSTM Meter Integration Code Virtual Machine paired Virtual Machine Cloud Meter Code Cloud Integration Code Operations & Device Lifecycle Management Cloud Services Electric Imp Managed Cloud USB Commerce Cloud Device-paired Virtual Machines Scalable to millions of devices No changes to meter No changes to cloud Audited and Tested Meets Postal and Government Security Requirements WiFi Ethernet IP tunnel &imp SiliconSecurity 30© Property of Electric Imp, Inc.
Conclusion: Endpoint Security In Practice Well-designed and implemented Endpoint Security is critical in IoT • Large number of devices in field, subject to physical tampering for years • Present or future breaches can reach disasterous proportions Hardware-level security requires deep integration and skills • Security boundaries, root of trust, defense-in-depth design, remote security updates, security monitoring down to silicon, rock-solid reliability and scalability Build on pre-integrated and proven silicon-to-cloud security platform • Minimize time-to-market, risk of mistakes and undiscovered weak links Must protect against future, unknown vulnerabilities • Seperation of concerns allows offloading security maintenance to specialists (‘Security-as-a-Service’) 31© Property of Electric Imp, Inc.
® Transforming the world through the power of secure connectivity 32© Property of Electric Imp, Inc.
Thank you! 33 Things are coming together. Community. Collaboration. Convergence. www.iiconsortium.org Additional Resources available as attachments • Industrial Internet Security Framework Document • White Paper: Business Viewpoint of Securing the Industrial Internet • Upcoming Monthly Webinars on IIC BrightTALK channel: • March 2017 – Enabling & Securing the Smart Factory • April 2017 Preview of IIC/I4.0 at Hannover Messe

Recommended

Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesOverload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Tripwire
 
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT WorldOWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Ulf Mattsson
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challenges
Hadi Fadlallah
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
Hildebrand Technology
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
Plantconnectiot
 
ASDF WSS 2014 Keynote Speech 1
ASDF WSS 2014 Keynote Speech 1ASDF WSS 2014 Keynote Speech 1
ASDF WSS 2014 Keynote Speech 1
Association of Scientists, Developers and Faculties
 

Recommended

Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesOverload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Tripwire
 
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT WorldOWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
OWASP
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Ulf Mattsson
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challenges
Hadi Fadlallah
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
Hildebrand Technology
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
Plantconnectiot
 
ASDF WSS 2014 Keynote Speech 1
ASDF WSS 2014 Keynote Speech 1ASDF WSS 2014 Keynote Speech 1
ASDF WSS 2014 Keynote Speech 1
Association of Scientists, Developers and Faculties
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
Paris Open Source Summit
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
IoT613
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks
odix (ODI LTD)
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
Rui Miguel Feio
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
Waterfall Security Solutions
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020
odix (ODI LTD)
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 
CyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTCyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTAbdullahi Arabo Jr (MEng, MBCS, PhD)
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT Networks
Yokogawa1
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
Bryley Systems Inc.
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
Kirti Ahirrao
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of Things
Gerry Elman
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1Irsandi Hasan
 
Innovative software solutions for industry 4.0 (English+Mandarin)
Innovative software solutions for industry 4.0 (English+Mandarin)Innovative software solutions for industry 4.0 (English+Mandarin)
Innovative software solutions for industry 4.0 (English+Mandarin)
Ishay Tentser
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
team-WIBU
 

More Related Content

What's hot

Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
Paris Open Source Summit
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
IoT613
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks
odix (ODI LTD)
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
Rui Miguel Feio
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
Waterfall Security Solutions
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020
odix (ODI LTD)
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT Networks
Yokogawa1
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
Bryley Systems Inc.
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
Kirti Ahirrao
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of Things
Gerry Elman
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1Irsandi Hasan
 
Innovative software solutions for industry 4.0 (English+Mandarin)
Innovative software solutions for industry 4.0 (English+Mandarin)Innovative software solutions for industry 4.0 (English+Mandarin)
Innovative software solutions for industry 4.0 (English+Mandarin)
Ishay Tentser
 

What's hot (20)

Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
CyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTCyberSecurity_for_the_IoT
CyberSecurity_for_the_IoT
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT Networks
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of Things
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1
 
Innovative software solutions for industry 4.0 (English+Mandarin)
Innovative software solutions for industry 4.0 (English+Mandarin)Innovative software solutions for industry 4.0 (English+Mandarin)
Innovative software solutions for industry 4.0 (English+Mandarin)
 

Similar to IIoT Endpoint Security – The Model in Practice

IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
team-WIBU
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT Implementations
TechWell
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
Electric Imp
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
The Subversive Six: Hidden Risk Points in ICS
The Subversive Six: Hidden Risk Points in ICSThe Subversive Six: Hidden Risk Points in ICS
The Subversive Six: Hidden Risk Points in ICS
Tripwire
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
Tryzens
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
Priyanka Aash
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
ssuser365526
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
Irsandi Hasan
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
Irsandi Hasan
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product Development
Mark Szewczul, CISSP
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
Digital Catapult
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
ssuserfb92ae
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
Charles Li
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
Security Innovation
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 

Similar to IIoT Endpoint Security – The Model in Practice (20)

IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT Implementations
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
IoT security
IoT securityIoT security
IoT security
 
The Subversive Six: Hidden Risk Points in ICS
The Subversive Six: Hidden Risk Points in ICSThe Subversive Six: Hidden Risk Points in ICS
The Subversive Six: Hidden Risk Points in ICS
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product Development
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 

More from team-WIBU

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
team-WIBU
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Security
team-WIBU
 
The Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success TogetherThe Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success Together
team-WIBU
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basics
team-WIBU
 
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für GeschäftskontinuitätKeine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
team-WIBU
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
team-WIBU
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenarios
team-WIBU
 
Optimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best PracticesOptimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best Practices
team-WIBU
 
For a Few Licenses More
For a Few Licenses MoreFor a Few Licenses More
For a Few Licenses More
team-WIBU
 
App Management on the Edge
App Management on the EdgeApp Management on the Edge
App Management on the Edge
team-WIBU
 
Protecting and Licensing .NET Applications
Protecting and Licensing .NET ApplicationsProtecting and Licensing .NET Applications
Protecting and Licensing .NET Applications
team-WIBU
 
A Bit of License Management Magic
A Bit of License Management MagicA Bit of License Management Magic
A Bit of License Management Magic
team-WIBU
 
The first step is always the most decisive
The first step is always the most decisiveThe first step is always the most decisive
The first step is always the most decisive
team-WIBU
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
team-WIBU
 
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevicesAuthenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
team-WIBU
 
How and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licenses
team-WIBU
 
Serving Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every AppetiteServing Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every Appetite
team-WIBU
 
Security and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptx
team-WIBU
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solution
team-WIBU
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environments
team-WIBU
 

More from team-WIBU (20)

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Security
 
The Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success TogetherThe Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success Together
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basics
 
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für GeschäftskontinuitätKeine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenarios
 
Optimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best PracticesOptimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best Practices
 
For a Few Licenses More
For a Few Licenses MoreFor a Few Licenses More
For a Few Licenses More
 
App Management on the Edge
App Management on the EdgeApp Management on the Edge
App Management on the Edge
 
Protecting and Licensing .NET Applications
Protecting and Licensing .NET ApplicationsProtecting and Licensing .NET Applications
Protecting and Licensing .NET Applications
 
A Bit of License Management Magic
A Bit of License Management MagicA Bit of License Management Magic
A Bit of License Management Magic
 
The first step is always the most decisive
The first step is always the most decisiveThe first step is always the most decisive
The first step is always the most decisive
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
 
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevicesAuthenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
 
How and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licenses
 
Serving Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every AppetiteServing Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every Appetite
 
Security and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptx
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solution
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environments
 

Recently uploaded

First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
Srikant77
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 

Recently uploaded (20)

First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 

IIoT Endpoint Security – The Model in Practice

  • 1. IIoT Endpoint Security – The Model in Practice February 22, 2017 Industrial Internet Security Framework #IICSeries
  • 2. Guest Speakers 2 MARCELLUS BUCHHEIT President and CEO, Wibu-Systems USA Editor, Industrial Internet Consortium Security Framework @WibuSystems TERRENCE BARR Head of Solutions Engineering, Electric Imp, Inc. @electricimp
  • 3. Motivation 3 Unprotected devices in internet are dangerous! They can be used to: • Intrude into local networks: stealing or deleting private data • Block or alter websites or internet communication • Upload viruses and start Denial-of-Service (DoS) attacks Additional for IIoT: • Shut down public or private services (electricity, water, sewer etc.) • Prevent commercial usage (production, hospitals, hotels, PoS etc.), • Damage or destroy industrial installations or produced parts
  • 4. Motivation 4 Unprotected devices problematic for component manufacturer • Example: FTC charges D-Link for unsecure routers and IP cameras • https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk- due-inadequate Unprotected devices problematic for users/operators • Example: Point-of-Sale (POS) attack at Target end of 2013 • 40 million credit cards and 70 million addresses stolen • Target paid $50M+ for settlements • http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
  • 5. A few words about Wibu-Systems 5 • Wibu-Systems was founded in 1989 in Germany • Global company targeting secure software licensing • Offer security and licensing solutions for IIoT systems and devices • More about the company: www.wibu.com • More about the key product: http://www.wibu.com/codemeter • More about IIoT security: http://www.wibu.com/embedded-software- security • And since 2015 member of the Industrial Internet Consortium (IIC)
  • 6. About the IIC Industrial Internet Consortium Security Webinar February 22, 2017 Kathy Walsh, walsh@iiconsortium.org Director of Marketing
  • 7. The Industrial Internet is Leading the Next Economic Revolution 7 GDP data extracted from the Futurist 2007
  • 8. Bring Together the Players to Accelerate Adoption 8 Connectivity Standards Technology Research Academia Systems Integration Security Government Big Data Industries The Industrial Internet: A $32 trillion opportunity
  • 9. The IIC: Things are Coming Together 9 Things are coming together. Academia Standards Research Systems Integration Government IndustriesConnectivity Technology Big Data Security
  • 10. The Industrial Internet Consortium is a global, member supported organization that promotes the accelerated growth of the Industrial Internet of Things by coordinating ecosystem initiatives to securely connect, control and integrate assets and systems of assets with people, processes and data using common architectures, interoperability and open standards to deliver transformational business and societal outcomes across industries and public infrastructure. Launched in March 2014 by five founding members: AT&T, Cisco, General Electric, IBM & Intel. The IIC is an open, neutral “sandbox” where industry, academia and government meet to collaborate, innovate and enable. Industrial Internet Consortium Mission Over 250 Member Organizations Spanning 30 Countries 10
  • 11. Securing IIoT Endpoints -- The Model Industrial Internet Consortium Security Webinar February 22, 2017 Marcellus Buchheit, mabu@wibu.com Wibu-Systems USA Inc.
  • 12. Overview 12 What is an endpoint? Why endpoint security? Security functions of an endpoint Implementing endpoint security
  • 13. What is an Endpoint? 13 The IIoT Landscape: Where are Endpoints? E P E PE P E P E P E P E P
  • 14. What is an Endpoint (II)? 14 IISF and IIC defines endpoints similar as ISO/IEC 24791-1:2010 standard does: • An endpoint is one of two components that either implements and exposes an interface to other components or uses the interface of another component. IIC simplified this definition (see IIC Vocabulary, version 2.0): • An endpoint is a component that has an interface for network communication. … but added a note for clarification: • An endpoint can be of various types including device endpoint or an endpoint that provides cloud connectivity. Endpoint 1 Endpoint 2 Communication
  • 15. What is an Endpoint (III)? 15 The IIoT Landscape: Endpoints are everywhere! E P E PE P E P E P E P E P
  • 16. What is an Endpoint (IV)? 16 Summary: • Endpoints are everywhere in an IIoT System (including edge and cloud) • One single (security) model for all locations • A single computer, even a device, can have several endpoints • Example Router: One LAN endpoint, one WAN endpoint • Frequently shared code/data between multiple endpoints • Endpoint and its communication is another model
  • 17. Why endpoint security? 17 Endpoints are the only location in an IIoT system where: • Execution code is stored, started and updated • Data is stored, modified or applied (“Data at Rest” / “Data in Use“) • Communication to another endpoint is initiated and protected • Network security is analyzed, configured, monitored and managed Result: An attack to an IIoT system typically starts in attacking one or more endpoints: • Try to access the execution code and analyze to find weak security implementation • Attack weak communication protection via network • Modify or replace (“hijack”) the execution code in a malicious way • ...
  • 19. Threats and Vulnerabilities to an IIoT Endpoint 19 1. Hardware components 2/3. Boot process 4. Operating System 5. Hypervisor/Sep. Kernel 6. Non-OS Applications 7. Applications and their API 8. Runtime Environment 9. Containers 10. Deployment 11. Data at Rest, Data in Use 12. Monitoring/Analysis 13. Configuration/Management 14. Security Model/Policy 15. Development Environment
  • 20. Endpoint security: Solutions 20 • Start with a clean design of the security model and policies • Define endpoint identity, authorization, authentication • How other endpoints see me? What can they do with me? • Define proper data protection model • Integrity and confidentiality, especially of shared data-in-rest but also data-in- use • Define secure hardware, BIOS, roots of trust • Includes lifetime of hardware, BIOS update, consistent root of trust • Select secure OS, hypervisor, programming language • Consider lifetime of (open source?), dynamic of programming language • Consider isolation principles (4 different models explained in IISF) • Plan remote code update and provide code integrity • Security has an unspecific expiration date: needs update • Code integrity prevents malicious remote code-hijacking
  • 21. Endpoint security: Solutions (II) 21 • Plan “beyond the basics” security instantly • Plan security configuration and management • For example: defining, replacing and updating of keys and certificates • User-friendly setting of access rights and authorization • Plan endpoint monitoring and analysis • For example: log all security configuration changes • Log all unexpected remote activity • Provide user-friendly analysis, alerts etc. • Implement “state of the art”: • Have a team of experienced security implementers • Use latest versions of development tools, OS, hypervisors, libraries • Test a lot, including malicious attacks • Prepare and test your first remote update
  • 22. Securing IIoT Endpoints -- In Practice Industrial Internet Consortium Security Webinar February 22, 2017 Terrence Barr, terrence@electricimp.com Head of Solutions Engineering
  • 24. Electric Imp Industrial-strength IoT starts here Secure IoT Connectivity Platform Authorized Hardware for connected devices impOS™ and hardware impCloud™ imp Enterprise API’s BlinkUp™ & impFactory™ impSecure™ Proven IoT Deployments at Scale • 2016: surpassed 1 Million WiFi/Ethernet devices • 18B+ data messages per month • 100+ customers; 105+ countries Full Lifecycle, Trusted Security • Passed security review and pen-testing: • In process: UL 2900-2-2: Cybersecurity Certification for Industrial Controls plus first Affiliate program • Aligned with IIC Security Framework Fastest Prototype-to-Production • 5 months for GE connected air conditioner 24© Property of Electric Imp, Inc.
  • 26. Endpoint Security: Part of Integrated and Managed Security Silicon-to-Cloud Security – Defense in Depth & Defense in Time 7. Full Lifecycle Managed Services 1. Edge Device Security incl. Secure Silicon & Managed Software 4. Secure Communication via Managed Tunnel 3. Trusted Manufacture & Commissioning 6. Secure Cloud and Application Integration 2. Data Privacy, Integrity & Confidentiality 5. Protected Public & Private Cloud 26© Property of Electric Imp, Inc.
  • 27. IISF Endpoint Protection Techniques Electric Imp Implementation Protecting Endpoints: General Endpoint protection from the silicon upwards, every level tightly integrated and tested for full coverage of security objective and no weak links Architectural Considerations for Protecting Endpoints Designed from the ground up for resource-constrained IoT devices and real-world use cases and proven in large-scale customer deployments Endpoint Physical Security Disabled hardware interfaces, tampering destroys individual module Establish Roots of Trust Unique per-device keys, secure provisioning via cloud device management Endpoint Identity One-Time-Programming at module manufacturing time Endpoint Access Control Mutual authentication with RSA certificates and ECC challenge-response Endpoint Integrity Protection HSM protected keys, secure boot, non-execution barriers with cloud alerts Endpoint Data Protection All processing on-die, all off-die storage with device-unique encryption. TLS 1.2, AES-128, EDH forward secrecy. Endpoint Monitoring and Analysis Extensive monitoring of security-sensitive operations Endpoint Configuration and Management Endpoints managed, configured, and provisioned from the impCloud, all updates signed, encrypted, and logged Cryptography Techniques for Endpoint Protection AES-128 GCM+AEAD with device-unique keys, hardware accelerator and true random used where available. Isolation Techniques for Endpoint Protection Sandboxed application execution (VM), application updates separate from OS updates 27© Property of Electric Imp, Inc.
  • 29. • Replace analogue lines • Customer delight exceeds expectations • Recognized as Business Transformation success story 1.5M Customers worldwide Security for regulated markets Reduce service calls by 20% ROI – Payback in 45 days on connectivity costs alone SmartLink™ device 29© Property of Electric Imp, Inc.
  • 30. impSecureTM: Integrated Silicon-to-Cloud Security and Connectivity managed by Electric Imp ’Slide-In’ Postage Meter Retrofit for Device-to-Cloud Security and Connectivity imp Application Module impOSTM Meter Integration Code Virtual Machine paired Virtual Machine Cloud Meter Code Cloud Integration Code Operations & Device Lifecycle Management Cloud Services Electric Imp Managed Cloud USB Commerce Cloud Device-paired Virtual Machines Scalable to millions of devices No changes to meter No changes to cloud Audited and Tested Meets Postal and Government Security Requirements WiFi Ethernet IP tunnel &imp SiliconSecurity 30© Property of Electric Imp, Inc.
  • 31. Conclusion: Endpoint Security In Practice Well-designed and implemented Endpoint Security is critical in IoT • Large number of devices in field, subject to physical tampering for years • Present or future breaches can reach disasterous proportions Hardware-level security requires deep integration and skills • Security boundaries, root of trust, defense-in-depth design, remote security updates, security monitoring down to silicon, rock-solid reliability and scalability Build on pre-integrated and proven silicon-to-cloud security platform • Minimize time-to-market, risk of mistakes and undiscovered weak links Must protect against future, unknown vulnerabilities • Seperation of concerns allows offloading security maintenance to specialists (‘Security-as-a-Service’) 31© Property of Electric Imp, Inc.
  • 32. ® Transforming the world through the power of secure connectivity 32© Property of Electric Imp, Inc.
  • 33. Thank you! 33 Things are coming together. Community. Collaboration. Convergence. www.iiconsortium.org Additional Resources available as attachments • Industrial Internet Security Framework Document • White Paper: Business Viewpoint of Securing the Industrial Internet • Upcoming Monthly Webinars on IIC BrightTALK channel: • March 2017 – Enabling & Securing the Smart Factory • April 2017 Preview of IIC/I4.0 at Hannover Messe