IoT Security Challenges and Solutions

1
IoT Security Overview
Steve Orrin
Chief Technologist, Intel Federal

INTEL PROPRIETARY Intel Federal
Agenda
• Overview of Security Challenges in IoT
• The Vision for IoT Security
• Fundamental Capabilities
• Example Solutions / Use Cases
• Summary

Current Issues in Protecting IoT and ICS
Increased Connectivity
 Company Enterprise Network and ICS
 Internet
Interdependencies
 Cascading Failure Concerns
Complexity
 Real Time Control Leads to Increased
System Complexity
 Access to Systems Granted to More and
More Users, Business Systems, Control
Systems
Legacy Systems
 Just Not Built for Security
Market Restructuring
 Increased Volume of Transactions
 Narrower Operating Margins (Engineering
and Monetary)
System Accessibility
 Vulnerabilities and Back Doors
 Wireless Access
Offshore Reliance
Information Availability
 Manuals and Training Videos Available
Publicly
 Hacker Tools Readily Available on Internet
3,000 Industrial Plants Per Year Infected
with Malware Targeted industrial control systems-themed malware
including one variant posing as Siemens PLC firmware
that has been in action since 2013, researchers find.
From:
DarkReading 3/21/17 by Kelly Jackson Higgins

Threats to IoT and ICS
• Disrupt operation of ICS by delaying or blocking the flow of information through
control networks, thereby denying network availability to control system operators
• Send false information to control system operators, either to disguise unauthorized
changes or to initiate inappropriate actions by system operators.
• Modify the system software – producing unpredictable results
• Interfere with the operation of a safety system(s)
• Make unauthorized changes to programmed instructions in PLCs, RTUs, or DCS
controllers
• Change alarm thresholds and settings
• Order premature shutdown of processes
• Disable control equipment

Adversary Trends
The interest in IoT and ICS is increasing:
 Number of IoT / ICS presentations at conferences
 Number of conference locations globally
 Number of subculture information sharing networks
 Visibility of Connected ‘things’ & ICS vulnerability research

Attacks on IoT and ICS
Pipeline Communication Infrastructure
Compromise
Devices used in an attack against a third party.
Device configuration contributed to compromise
Large volume of network traffic generated
Compromised not detected by traditional means
Nuclear Power Plant cyber infection
Recovery time:
SPDS – 4 hours 50 minutes
PPC – 6 hours 9 minutes
Event: Slammer worm infects plant.
Impact: Complete shutdown of digital portion of Safety Parameter
Display System (SPDS) and Plan Process Computer (PPC).
Specifics: Worm started at contractors site. Worm jumped from
corporate to plant network and found an unpatched server. Patch
had been available for
6 months.
Lessons learned:
 Verify device configuration
 Ensure Defense-in-depth strategies are in
place
 Isolate critical systems from the internet.
Lessons learned:
 Secure remote (trusted) access channels
 Ensure Defense-in-depth strategies with
appropriate procurement requirements
 Critical patches need to be applied
Automobile Manufacturing Impact
Event: Internet worms shuts down major US automobile
manufacturer’s industrial control systems
Impact: Production lines were idle as infected systems were patched
Specifics: The malware infected 13 automobile manufacturing
plants. Revenue impact was approximately $1M USD/HR
Lessons learned:
 Critical patches need to be applied
 Provide adequate network segmentation
between control and business networks
 Place controls between segments to
limit congestion and cascading effects
Automobile computer systems hacked
Event(s): Researchers take away driver control of a moving vehicle by
remotely hacking into relatively insecure computer systems
Impact: Computerized systems in modern cars control many critical
components and safety devices
Specifics: Several Team managed to break into key vehicle systems to
kill the engine, apply or disable the brakes and even send various
taunting messages to radio or dashboard displays
Lessons learned:
 Automobile control systems are
vulnerable to the same kind of attacks
which are launched against Internet-
connected computers

Attacks on IoT and ICS
Oil Platform Cyber Incident
Event: Insider computer attack on an energy company’s process
control system.
Impact: By disrupting one of the process control computer
systems, the leak detection system was periodically disabled.
Specifics: Disgruntled IT contractor damaged company
computer systems by impairing the integrity and availability of
critical operational data.
Water Utility Loses Control
Event: Residents of a rural town experienced loss of water
pressure
Impact: Approximately 10,000 residents without water
Specifics: Utility operator updated its HMI OS (Windows) with a
direct connection to the Internet and evidence points to a virus
infecting the SCADA system; causing it to crash.
The ICS was outdated, not supported by the vendor, and not
patched to current updates.
Lacked a firewall between the business and control networks
Water facility accessed via Internet
Event: Cyber researcher used new search engine “SHODAN” to
identify an online link to a utility company’s SCADA system. The
system was then accessed using the default user name and
passwords
Impact: The researcher gained administrative control over the
regional water treatment system
Specifics: After connecting to the water control and management
system via the internet the researcher as able to access all
control systems for water pumping and waste water treatment
Lessons learned:
 Do not underestimate the insider threat
 Ensure access controls
 Policies and Procedure, with regards to
contract personnel, background checks
Lessons learned:
 Utilize DMZ to ensure isolation from
business side and Internet
 Keep systems patched
 Establish and enforce sound security
policies
Lessons learned:
 Change system default user names and
passwords
 Avoid posting system details to public
facing devices
 Not all public facing system details are
obviously visible

8
Overview of Security Challenges in IoT:
Complexity and lack of Standards and Interoperability
Protocols
 Standards based protocols slowly replacing
vendor-specific proprietary communication
protocols
Interconnected to other systems
 Connections to business and administrative
networks to obtain productivity improvements
and mandated open access information
sharing
Reliance on public information systems
 Increasing use of public telecommunication
systems and the Internet for portions of the
ICS

9
Overview of Security Challenges in IoT:
Security Requirements & Required Certifications

focus
Provide security
capabilities that enable
protection,
identification, and
assurance to all nodes in
the IoT ecosystem
InternetofthingssecurityStrategy
• Designed-In Security Foundation – Consistent security
features and a unified programming model which speeds
up ecosystem enablement.
• Built-In IOT Platform Security Architecture – Solutions
integrated to work edge to cloud which lead to HW
protected, market ready vertical solutions.
• On-Demand Device Lifecycle Security Services – Trust
services equip threat defenses with HW verified and
attested devices.

Intel’s IoT Security Portfolio Strategy
 Device onboarding & attestation
 Integrated into IoT platform & security
management ISV offerings
On-Demand
DeviceLifecycle
SecurityServices
Equipsthreatdefenses
withHWVerified&
attestedDevices
TrustServices3.
BuilT-In
IoTPlatform
Security
Architecture
SolutionsIntegratedtowork EdgetoCloud
HWProtected,
MarketReady
VerticalSolutionsHarden
Edge
Secure
Comms
Security
Managemen
t
2.
Protected
Storage
Protected Boot
Trusted Execution Environment
Hardware and Software Identities
Speeds
Ecosystem
Enablement
ConsistentSecurityFeatures &
UnifiedProgrammingModelDesigned-in
Security
Foundation
All Product Lines
1.

Intel’s IoT Security Portfolio Strategy
FOUNDATION
(Consistency - WIP)
Ecosystem
1
Client
IoT
Auto
Drones
Data
Center
3
Memory
Comms
Altera
D
E
V
E
L
O
P
E
R
S
2
4
S
e
r
v
i
c
e
s
5

13
The Vision for Device Security
13
Protected
Workloads
Trusted
Execution
Environment
Identity
Verifies boot process and enables software identification.
Enforces platform boot policies
• Secure Boot using TXT & TPMVerified Boot
Execution environment that isolates the operations from
manipulation or disclosure
• SGX (SW Guard Extensions)
Trusted Execution
Environment (TEE)
Provides a unique identifier for the device and can serve as
the basis for authentication
• EPID (Enhanced Privacy ID)Device Identification
Sensitive data (including key material) protected from misuse
or disclosure when in use, transit, or storage
• TPM – Trusted Platform Module
• PTT – Platform Trust Technology
Secure Storage
ExamplesDefinitionsSecurity Themes
Provides device management, provisioning, and policy • MeshCentral for IoT GatewaysManagement

14
Fundamental Capabilities
Embedded Security (Security Isolation)
• Physical Security
• Endpoint Protection
Secure Communication
• Machine-to-Machine AA-A
• Confidentiality & Integrity
Security Monitoring & Management
• Security Policy Management
• Security Event Monitoring

15
Security Isolation Options
• No Silver Bullet for Security
• No “one-size-fits-all” approach
• Enable a spectrum of security
implementations
• Choose best solution for use
case
• Process Isolation
• Security in same OS as other components
• Separate security processes
• Containerization Isolation
• Software Containers
• Hardware Containers
• Virtualization Isolation
• Security in separate OS
• Physical Isolation
• Gateway or Bump-in-the-Wire

16
Embedded Security Deployment Models
16
• Process Separation
• Security in same OS as other components
• Separate security processes
• Containerization Separation
• Security in same OS, but in software containers (jails)
• Application separation (apps)
• Virtualization Separation
• Security in separate OS
• Physical Separation
• Gateway or Bump-in-the-Wire
Gateway
Virtualization
In same OS
Containerization
It’s all about separation of
concerns to keep security
apart from the
Operational components

17
Security Comms Channel
• Provide Security Management and Monitoring Services
• Back-end Services
• Edge Services
• Traffic channels independent of Operational Flows and Services
• Separate payload and frequency
• Independent QoS
• Transport Security (Confidentiality and Integrity)
• Machine-to-Machine AA-A
• Device ID
• Authentication and Access Control
• Security and other Endpoint Events aggregated and correlated
• Back-end aggregation
• Edge aggregation
• Enables Security Analytics capabilities
• Back-end analytics
• Edge analytics
• Does not affect the existing Operational Services
• Loosely coupled to Operational Technologies
• Allows security to evolve independently from OT process
Management
Monitoring
Analytics
Secured
Unsecured
ApplicationData
Security Data
Security Data

18
Security Management
• All devices have consistent security
APIs, whether security is mixed in
with the OS, below the OS in a
virtualized instance, or in an OS in
a physically separate instance.
• All devices now look the same from
the management perspective,
regardless of Make, Model,
Manufacturer.
• The security policies can be
pushed out to devices regardless of
their deployment model, all from a
centralized management “cloud”.

19
Security Monitoring
• All devices can send events, logs,
properties, etc. back to the
centralized analytics “cloud”.
• Global visibility of all endpoints
and all communications means
that situational awareness spans
the entire environment.
• Create a near-realtime risk
algorithm measuring the level of
risk on the endpoints and the
communications between the
endpoints.

20
Security Management & Monitoring Feedback Loop
• All devices can send events, logs,
properties, etc. back to the
centralized analytics “cloud”.
• Create a near-realtime risk
algorithm measuring the level of
risk on the endpoints and the
communications between the
endpoints.
• Crossing a risk threshold triggers
a state change in the management
system, resulting in automated
responses
• Notify appropriate personnel
• Push new policy out

Management and Monitoring
Security as a Service (SecaaS) Logical View
21
IT & Security Ops
Context
Operational
Context
Security Management
& Monitoring
Communication
Security
Endpoint Security
Management & Monitoring
Services
Time Sequence Data
Custom Data
Operational Services
Context
Overlay
• IT data is out of band from OT data
• OT “cloud” services do not change
• Security encapsulated in IT “cloud”
• Time Sequence Data = Events
• Properties = Endpoints
• Policy = Management
• IT/OT Service Context Dichotomy
Metrics
Rules
Alarms
etc
Use or disclosure of the contents of this page
is restricted by the terms on the notice page

Brownfield: Using Gateway Greenfield: Using Embedded Security in Device

23
Example IoT Use Case: C4ISR + Analytics
C4ISR
Command, Control, Communications, Computers
Intelligence, Surveillance and Reconnaissance
Foundational USG Big Data Computer Vision

Things To Do First
Protect what’s most important
 Data “islanding” / secure enclaving
Consider new layers
Think beyond intrusion prevention
 Post-infection detection and response
 Mitigation
 Monitoring logs; think about exfiltration
Deny, Disrupt, Disable, Destroy
Actively protect your supply chain
Maintain open dialogue with ISP, suppliers, customers,
employees
CLASSIC PERIMETER
Intellectual Property
(Secrets)
HR Data
Process Control
Recipes
Competitively
Sensitive Data
CLASSIC PERIMETERCLASSICPERIMETER
CLASSICPERIMETER

Security is a Journey, not a Destination

26
Intel IoT Platforms and Analytics Capabilities:
Increasing intelligence and value over time

27
Thank you
Steve Orrin
Chief Technologist, Intel Federal
steve.orrin@intel.com

IoT Security Challenges and Solutions

More Related Content

What's hot

Similar to IoT Security Challenges and Solutions

More from Intel® Software

Recently uploaded

IoT Security Challenges and Solutions