The document discusses risks related to the Internet of Things (IoT) and strategies to manage those risks. It notes that IoT involves connecting many devices which generates large amounts of data. Key risks include lack of security in IoT standards, physical attacks on devices, and ensuring identity and privacy as billions of objects come online. The document recommends approaches like access control, encryption, network segmentation, threat intelligence, and data analytics to help secure the complex IoT environment as it continues to grow dramatically in coming years.

1. Session ID:
Session Classification:
Kim Singletary
McAfee
Advanced
RIOT CONTROL
The Art of Managing Risk for
Internet of Things

2. ► What is IoT and why is it different?
► What are the risks?
► What are the emerging areas that will help provide
security
► What can be done today
Intro

3. The outcome of the application of human creative skills and
imagination.
The Art
http://news.nationalgeographic.com/news/2012/12/pictures/121205-earth-night-science-space/

4. ► 40% projected growth in global data generated year over
year vs. 5% growth in global IT spending 1
► By 2020
► 40% of data will be generated by IoT 2
► Connected Devices (IoT) will represent 24 Billion 3
1. McKinsey, Big Data:The next frontier for innovation, competition and productivity (June 2011)
2. IDC/EMC, Digital Universe (2011)
3. GSMA conducted by Machina Research
IoT is BIG

5. Change in Types of Data
Small
files
Big
files
Constant data
Cyclic or bursty data
Internet
data
Video
IP
Voice
Smart
Health
Smart
Transport
Asset
tracking
Metering
Retail
POS
Signage
Industrial
Controls
CCTV
Smaller Files Bigger Files

6. Connected Devices In The Past

7. Ability to put Sensors in Everything
► Improved Power Management
► Ipv6
Ambient Networking (Everywhere)
► Open Standards
► Increased bandwidth and coverage
Analyze Everything
► Processor Speed
► Big Data
Why IoT?

8. Current Connected Devices

9. Future of IoT

10. Tracking Behavior/Usage
Enhanced Situational Awareness
Sensor Driven Decision Analytics
Process Optimization
Optimized Resource Consumption
Complex Autonomous Systems
IoT Applications
Information and
Analysis
Automation
And Control

11. February 15, 201311
Source: Forbes, 7/23/2012
Will you be ready for the M2M world?
Ray Wang

12. ► Energy & Water Mgmt.
► Smart City/Smart Planet
► Robotics/Industrial Control
► Bldg. Mgmt./Automation
► Transportation
► Healthcare
► Military
► Retail
► Consumer Tech.
Industries
Pockets of
Innovation,
Efficiency,
Automation

13. Compliance
Confidentiality – Integrity - Availability
Intent of Use = Risk
Control
Boundaries
Physical
Interactions
Kinetic
Outcomes

14. Engine or Service?
Power by the Hour

15. The Thing Lifestyle
√ ?
! X

16. The Security Architecture
Access,
Authentication,
Authorization
Data & Privacy
Application Network

17. ► End-to-end security is not yet addressed in all the IoT
related standards
► Attacks at physical layer
► Machine level integrity checks
► Identity linking
► Anonymity
► Secure deployment of credentials for lots of objects
► User interface to control/manage security
Security Issues for Pervasive IoT

18. Network
Network Types
• Shortwave
• Satellite
• LTE/5G
• WiMax/Microwave
• WiFi
• Femtocell
• Bluetooth
• Zigbee
• Dash7
• PLC
Fail-Over Parameters
• Speed
• Error-rate
• Packet Loss
• Price
• Assurance/Reputation
Context Setting
• Policy for Connection
• Duration
• Quality of Service
• Policy for Roaming
• Policy for Fail-Over
• Policy for Compliance

19. ► IPv6
► Management Tools Available?
► Support in organization for dual networks?
► Ready to leave comfort of NAT?
► Is someone squatting in your dark space?
► Open Flow to Software Defined Networks
- Take control out of hands of infrastructure
- ACL’s and routing protocols will not provide enough agility for
security
Emerging Network for IoT

20. ► TRILL
► Possible Spanning Tree Alternative
► Get more efficiency of available bandwidth and meshed
network
► Opportunity to Load Balance
► DNS Sec/DANE
- Prevent DNS cache poisoning
- Obtain Authentication of Named Entities with SSL info
on certs
Emerging Network for IoT

21. ► Boot or Power On Authentication
► Stop unauthorized devices from entering the network
► Proactive Intelligence in the Flow
► IETF REPUTON and IETF 6MAN/Packet Staining WG
► Include suspicious behavior indicator in flow
► Adaptive Information Infrastructure
► Holonic Systems; Dual in Nature
► Wholes in themselves
► Simultaneously integral or larger wholes
► Competitive Learning
► Nodes compete for right to respond
► Increasing specialization of each node of the cluster
IoT Endpoint Control

22. ► Hardware Identification and Access Control
► Specify computing platforms - Intel TXT
► Cloud Security Standards and Metrics
► Zones/Compliance/Service Level for IoT
► Big Data/Analytics/Management
► Access Authority
► Retention Policy
► De-Identification of Context Specific Data
Cloud – Data Center - App

23. ► Integrity Control (Endpoints and Embedded
Systems)
► Hardware Assisted Rootkit Defense
► Global Threat Intelligence integrated at
endpoint and network
► Network IPS and Softswitch IPS
► Asset Detection and Real-time Mgmt.
► Big Security Data Management
Today’s Security Options

24. ► IoT will be everywhere
► IoT will need orchestrators who can design and balance
risk and reward models
► IoT is challenging and will be complex and intriguing
Summary

25. @ksingletary