SlideShare a Scribd company logo

Need For Hardware Security Controls in IoT

Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

As IoT devices are deployed in physically exposed environments there is a need to protect the hardware. Medical IoT, Consumer IoT, Secure Smart Cities, Industrial IoT

Technology
1 of 11
Download to read offline
The Need For Hardware Security Controls in IoT Niloufer Tamboly, CCSP, CISSP
I am a risk management professional and help companies prevent, detect and mitigate technology and business risks. I hold multiple certi cations in IT Security (CISSP), Audit (CISA, CIA) and Fraud (CFE). I am a Certi ed Public Account licensed to practice in the State of New Jersey. INTRODUCTION Niloufer Tamboly, CCSP, CISSP
AGENDA What is the need for security?01 02 03 04 What are the challenges? Why do we need hardware security controls? What controls should we have?
Examples Threats Data theft Pranksters Guage response time Failure threshhold Wearables Monitors Smart Home Consumer IoT
Examples Threats Information disclosure Organized crime/ competitors Loss of life due to wrong diagnosis Monitoring equipment Despensing pumps Implants Medical IoT
Examples Threats Distruction by nation state actors Hacktivist / malicious insider Terrorism Tra c lights and road sensors  Digital outdoor of home displays Smart car / bus (head units) Smart Cities IoT
Examples Threats Distruction by nation state actors Against the drone / or attack misusing the drone Insider threat SCADA / Remote Terminal Units Drones Robotics Industrial IoT
WHY? Can be leveraged to launch further attacks Are vulnerable Can compromise privacy Can be used for reconnaissance
Challenges Not a business driver No uni ed standards Low Prices Resource Constraints
Why Do We Need Hardware Security Controls? Internal debug interfaces can be used to gain access Data/ rmware can be extracted for reverse engineering Malware can be injected to change functionality Devices deployed in physically exposed environment
Cryptography Bootloader to support FOA updates Security chips to store credentials and cryptographic info Hardware Security Controls Physically Uncloanable Devices Smart Fusion Field Programable Gate Array Trusted Platform Modules Authenticate and authorize Memory Protection Units Control access to memory locations

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Perfect Training Center
 
CYBER51-FYLER
CYBER51-FYLERCYBER51-FYLER
CYBER51-FYLERCyber 51 LLC
 
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Armstrong Teasdale
 
11. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber5111. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber51Doree Garcia, CCNA, OSWP
 
Concord presentation may2011
Concord presentation may2011Concord presentation may2011
Concord presentation may2011
David Millen
 
Securing Online Transactions and Customer Data
Securing Online Transactions and Customer DataSecuring Online Transactions and Customer Data
Securing Online Transactions and Customer Data
National Retail Federation
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...OKsystem
 
IT Policy
IT PolicyIT Policy
IT Policy
Sherri Booher
 

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Perfect Training Center
 
CYBER51-FYLER
CYBER51-FYLERCYBER51-FYLER
CYBER51-FYLERCyber 51 LLC
 
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Armstrong Teasdale
 
11. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber5111. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber51Doree Garcia, CCNA, OSWP
 
Concord presentation may2011
Concord presentation may2011Concord presentation may2011
Concord presentation may2011
David Millen
 
Securing Online Transactions and Customer Data
Securing Online Transactions and Customer DataSecuring Online Transactions and Customer Data
Securing Online Transactions and Customer Data
National Retail Federation
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...OKsystem
 
IT Policy
IT PolicyIT Policy
IT Policy
Sherri Booher
 
Red Flags Rule General
Red Flags Rule GeneralRed Flags Rule General
Red Flags Rule General
Teo Leonard
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO's
Patrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Lucien Pierce
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?
Thales e-Security
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Paragon insert i.t. forensic
Paragon insert i.t. forensicParagon insert i.t. forensic
Paragon insert i.t. forensicWilliam Grieve
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
John Rhoton
 
needforsecurity
needforsecurityneedforsecurity
needforsecurityDavid Joao Vieira Carvalho
 
Bank security
Bank securityBank security
Bank securityPLN9 Security Services Pvt. Ltd.
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
Southern Cross Group Services
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in Internet
Richardus Indrajit
 
Information security in public governance
Information security in public governanceInformation security in public governance
Information security in public governance
Temitayo Oladiran
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Andris Soroka
 
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital world
Andris Soroka
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
Andris Soroka
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
Narinrit Prem-apiwathanokul
 
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
Stephen Cobb
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
Temok IT Services
 
Unisa 2010
Unisa 2010Unisa 2010
Unisa 2010
Jenny Reid
 

More Related Content

What's hot

Red Flags Rule General
Red Flags Rule GeneralRed Flags Rule General
Red Flags Rule General
Teo Leonard
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO's
Patrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Lucien Pierce
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?
Thales e-Security
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Paragon insert i.t. forensic
Paragon insert i.t. forensicParagon insert i.t. forensic
Paragon insert i.t. forensicWilliam Grieve
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
John Rhoton
 

What's hot (11)

Red Flags Rule General
Red Flags Rule GeneralRed Flags Rule General
Red Flags Rule General
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO's
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
Paragon insert i.t. forensic
Paragon insert i.t. forensicParagon insert i.t. forensic
Paragon insert i.t. forensic
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
needforsecurity
needforsecurityneedforsecurity
needforsecurity
 
Bank security
Bank securityBank security
Bank security
 

Similar to Need For Hardware Security Controls in IoT

Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
Southern Cross Group Services
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in Internet
Richardus Indrajit
 
Information security in public governance
Information security in public governanceInformation security in public governance
Information security in public governance
Temitayo Oladiran
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Andris Soroka
 
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital world
Andris Soroka
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
Andris Soroka
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
Narinrit Prem-apiwathanokul
 
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
Stephen Cobb
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
Temok IT Services
 
Unisa 2010
Unisa 2010Unisa 2010
Unisa 2010
Jenny Reid
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
The Role Of Artificial Intelligence In Cybersecurity.pdf
The Role Of Artificial Intelligence In Cybersecurity.pdfThe Role Of Artificial Intelligence In Cybersecurity.pdf
The Role Of Artificial Intelligence In Cybersecurity.pdf
Ciente
 
Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5 Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5
UNIVERSITAS TEKNOKRAT INDONESIA
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
What is threat intelligence ?
What is threat intelligence ?What is threat intelligence ?
What is threat intelligence ?
AariyaRathi
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
Accenture
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism
Accenture
 

Similar to Need For Hardware Security Controls in IoT (20)

Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in Internet
 
Information security in public governance
Information security in public governanceInformation security in public governance
Information security in public governance
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
 
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital world
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
 
Unisa 2010
Unisa 2010Unisa 2010
Unisa 2010
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
The Role Of Artificial Intelligence In Cybersecurity.pdf
The Role Of Artificial Intelligence In Cybersecurity.pdfThe Role Of Artificial Intelligence In Cybersecurity.pdf
The Role Of Artificial Intelligence In Cybersecurity.pdf
 
Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5 Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
What is threat intelligence ?
What is threat intelligence ?What is threat intelligence ?
What is threat intelligence ?
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism
 

More from Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE

Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdfCybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
How to Secure Your Small Business from Cyber Threats
How to Secure Your Small Business from Cyber ThreatsHow to Secure Your Small Business from Cyber Threats
How to Secure Your Small Business from Cyber Threats
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
How To Fix The Most Critical API Security Risks.pdf
How To Fix The Most Critical API Security Risks.pdfHow To Fix The Most Critical API Security Risks.pdf
How To Fix The Most Critical API Security Risks.pdf
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Top Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureTop Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart Infrastructure
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Securing The Journey To The Cloud
Securing The Journey To The Cloud Securing The Journey To The Cloud
Securing The Journey To The Cloud
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Drive Digital Trust One Code At A Time
Drive Digital Trust One Code At A TimeDrive Digital Trust One Code At A Time
Drive Digital Trust One Code At A Time
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
CyberCorps: Scholarship for Service Program
CyberCorps: Scholarship for Service ProgramCyberCorps: Scholarship for Service Program
CyberCorps: Scholarship for Service Program
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
IT Audit Career Path
IT Audit Career PathIT Audit Career Path
IT Audit Career Path
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
How To Become An IT Security Risk Analyst
How To Become An IT Security Risk AnalystHow To Become An IT Security Risk Analyst
How To Become An IT Security Risk Analyst
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Cybersecurity Careers For Students
Cybersecurity Careers For StudentsCybersecurity Careers For Students
Cybersecurity Careers For Students
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Top cloud security certifications 2019
Top cloud security certifications 2019Top cloud security certifications 2019
Top cloud security certifications 2019
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
5 Ways To Improve Cissp Exam Score Without Studying
5 Ways To Improve Cissp Exam Score Without Studying5 Ways To Improve Cissp Exam Score Without Studying
5 Ways To Improve Cissp Exam Score Without Studying
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 

More from Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE (12)

Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdfCybersecurity Careers - Step Up Skill Feb2023 (1).pdf
Cybersecurity Careers - Step Up Skill Feb2023 (1).pdf
 
How to Secure Your Small Business from Cyber Threats
How to Secure Your Small Business from Cyber ThreatsHow to Secure Your Small Business from Cyber Threats
How to Secure Your Small Business from Cyber Threats
 
How To Fix The Most Critical API Security Risks.pdf
How To Fix The Most Critical API Security Risks.pdfHow To Fix The Most Critical API Security Risks.pdf
How To Fix The Most Critical API Security Risks.pdf
 
Top Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureTop Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart Infrastructure
 
Securing The Journey To The Cloud
Securing The Journey To The Cloud Securing The Journey To The Cloud
Securing The Journey To The Cloud
 
Drive Digital Trust One Code At A Time
Drive Digital Trust One Code At A TimeDrive Digital Trust One Code At A Time
Drive Digital Trust One Code At A Time
 
CyberCorps: Scholarship for Service Program
CyberCorps: Scholarship for Service ProgramCyberCorps: Scholarship for Service Program
CyberCorps: Scholarship for Service Program
 
IT Audit Career Path
IT Audit Career PathIT Audit Career Path
IT Audit Career Path
 
How To Become An IT Security Risk Analyst
How To Become An IT Security Risk AnalystHow To Become An IT Security Risk Analyst
How To Become An IT Security Risk Analyst
 
Cybersecurity Careers For Students
Cybersecurity Careers For StudentsCybersecurity Careers For Students
Cybersecurity Careers For Students
 
Top cloud security certifications 2019
Top cloud security certifications 2019Top cloud security certifications 2019
Top cloud security certifications 2019
 
5 Ways To Improve Cissp Exam Score Without Studying
5 Ways To Improve Cissp Exam Score Without Studying5 Ways To Improve Cissp Exam Score Without Studying
5 Ways To Improve Cissp Exam Score Without Studying
 

Recently uploaded

Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 

Recently uploaded (20)

Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 

Need For Hardware Security Controls in IoT

  • 1. The Need For Hardware Security Controls in IoT Niloufer Tamboly, CCSP, CISSP
  • 2. I am a risk management professional and help companies prevent, detect and mitigate technology and business risks. I hold multiple certi cations in IT Security (CISSP), Audit (CISA, CIA) and Fraud (CFE). I am a Certi ed Public Account licensed to practice in the State of New Jersey. INTRODUCTION Niloufer Tamboly, CCSP, CISSP
  • 3. AGENDA What is the need for security?01 02 03 04 What are the challenges? Why do we need hardware security controls? What controls should we have?
  • 4. Examples Threats Data theft Pranksters Guage response time Failure threshhold Wearables Monitors Smart Home Consumer IoT
  • 5. Examples Threats Information disclosure Organized crime/ competitors Loss of life due to wrong diagnosis Monitoring equipment Despensing pumps Implants Medical IoT
  • 6. Examples Threats Distruction by nation state actors Hacktivist / malicious insider Terrorism Tra c lights and road sensors  Digital outdoor of home displays Smart car / bus (head units) Smart Cities IoT
  • 7. Examples Threats Distruction by nation state actors Against the drone / or attack misusing the drone Insider threat SCADA / Remote Terminal Units Drones Robotics Industrial IoT
  • 8. WHY? Can be leveraged to launch further attacks Are vulnerable Can compromise privacy Can be used for reconnaissance
  • 9. Challenges Not a business driver No uni ed standards Low Prices Resource Constraints
  • 10. Why Do We Need Hardware Security Controls? Internal debug interfaces can be used to gain access Data/ rmware can be extracted for reverse engineering Malware can be injected to change functionality Devices deployed in physically exposed environment
  • 11. Cryptography Bootloader to support FOA updates Security chips to store credentials and cryptographic info Hardware Security Controls Physically Uncloanable Devices Smart Fusion Field Programable Gate Array Trusted Platform Modules Authenticate and authorize Memory Protection Units Control access to memory locations