IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Gerald Faulhaber
Professor Emeritus, Business Economics & Public Policy, Wharton School
https://www.cablelabs.com/informed/
With rapid growth of science and information technology, Internet of things (IoT) becomes as an integral part of daily life. The applications of IoT are expanded starting from connected cars, wearables, connected health, smart retail and healthcare. However, security issues are increasing with the increase of its use. Lack of compliances on the part of IoT manufacturers, lack of user knowledge and awareness, device update and management, lack of physical hardening and botnet attacks are considered as the major reasons for security issues in IoT based applications. In this aspect, it becomes important to analyze security issues involved with IoT and its impact on the users that has been performed in the present study
Internet of Things (IoT) is becoming an emerging trend superseding other technologies and researchers considered it as the future of internet. As now the connectivity to the World Wide Web is becoming highly available cost is drastically decreasing so everyone can afford the technology. As Internet of Things provides a great opportunity to develop an important industrial systems and applications with the help of various kind of sensors that can sense out the environment using number of devices that is connected to the internet, usage of IoT is drastically increasing and becoming a common thing. With this sky-rocketed usage and the demand, Communication and storing of the information faces serious security issues as the security of IoT devices become just an afterthought when manufacturing most of the devices. This study tries to summarize this IoT security issues in terms of primary information security concepts confidentiality, integrity and availability with regards to its architecture.
Iot Cyber Security & Vulnerabilities Challenges and Opportunities in Security of Internet of Things
Security is the Key
Inherent Security Challenges
Threat Spectrum – Trends
Securing the “Things”
IoT Cybersecurity – Security Triad
Threat Model
Availability threats
Integrity threats
Authenticity threats
Confidentiality threats
Non-repudiation/accountability threats
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
Internet Society (ISOC) aims are:
make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ;
increase the consumer demand for security and privacy in the IoT devices they purchase;
create government policies and regulations that promote better security and privacy features in IoT devices.
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
https://www.cablelabs.com/informed/
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Gerald Faulhaber
Professor Emeritus, Business Economics & Public Policy, Wharton School
https://www.cablelabs.com/informed/
With rapid growth of science and information technology, Internet of things (IoT) becomes as an integral part of daily life. The applications of IoT are expanded starting from connected cars, wearables, connected health, smart retail and healthcare. However, security issues are increasing with the increase of its use. Lack of compliances on the part of IoT manufacturers, lack of user knowledge and awareness, device update and management, lack of physical hardening and botnet attacks are considered as the major reasons for security issues in IoT based applications. In this aspect, it becomes important to analyze security issues involved with IoT and its impact on the users that has been performed in the present study
Internet of Things (IoT) is becoming an emerging trend superseding other technologies and researchers considered it as the future of internet. As now the connectivity to the World Wide Web is becoming highly available cost is drastically decreasing so everyone can afford the technology. As Internet of Things provides a great opportunity to develop an important industrial systems and applications with the help of various kind of sensors that can sense out the environment using number of devices that is connected to the internet, usage of IoT is drastically increasing and becoming a common thing. With this sky-rocketed usage and the demand, Communication and storing of the information faces serious security issues as the security of IoT devices become just an afterthought when manufacturing most of the devices. This study tries to summarize this IoT security issues in terms of primary information security concepts confidentiality, integrity and availability with regards to its architecture.
Iot Cyber Security & Vulnerabilities Challenges and Opportunities in Security of Internet of Things
Security is the Key
Inherent Security Challenges
Threat Spectrum – Trends
Securing the “Things”
IoT Cybersecurity – Security Triad
Threat Model
Availability threats
Integrity threats
Authenticity threats
Confidentiality threats
Non-repudiation/accountability threats
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
Internet Society (ISOC) aims are:
make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ;
increase the consumer demand for security and privacy in the IoT devices they purchase;
create government policies and regulations that promote better security and privacy features in IoT devices.
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
https://www.cablelabs.com/informed/
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
Watch this previously recorded webinar event with special guest Karthik Sundaram of Frost & Sullivan as he expands on his recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Rob Alderfer, Moderator
Vice President Technology Policy, CableLabs
Gerald Faulhaber
Professor Emeritus, Business Economics & Public Policy, Wharton School
Chaz Lever
Lead Reseacher, Georgia Tech
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
Wearables are small electronic devices, often comprising one or more sensors and having computational capability. Devices such as wrist watches, pens, and glasses with installed cameras are now available at cheap prices for user to purchase to monitor or securing themselves. The Nigerian state at this period is faced with a lot of kidnapping activities in schools, homes and abduction for the purpose of ransomed collection and other illegal activities necessitate these reviews. The success of the wearable technology in medical uses prompted the research into application into security uses. The method of research is the use of case studies and literature search. This paper takes a look at the possible applications of the wearable technology to combat the cases of abduction and kidnapping in Nigeria.
A survey on Internet of Things (IoT) security : Challenges and Current statusvivatechijri
When Internet of Things (IoT) applications become a part of people’s daily life, security issues in IoT have caught substantial attention in both academia and industry. Compared to traditional computing systems, IoT systems have more inherent vulnerabilities, and in the intervening time, could have higher security requirements. However, the current design of IoT does not successfully address the higher security requirements postured by those vulnerabilities. Many recent attacks on IoT systems have shown that novel security solutions are needed to defend this emerging system. This paper purposes to examine security challenges resulted from the special characteristics of the IoT systems and the new features of the IoT applications. This could help pave the road to better security solution design. Furthermore, three architectural security designs are suggested and analyzed. Examples of how to implement these designs are discussed. Finally, for each layer in IoT architecture, open issues are also identified.
Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.
Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.
A Novel Security Approach for Communication using IOTIJEACS
The Internet of Things (IOT) is the arrangement of physical articles or "things" introduced with equipment, programming, sensors, and framework accessibility, which enables these things to accumulate and exchange data. Here outlining security convention for the Internet of Things, and execution of this relating security convention on the inserted gadgets. This convention will cover the honesty of messages and verification of every customer by giving a productive confirmation component. By this venture the protected correspondence is executed on implanted gadgets.
DEDA: An algorithm for early detection of topology attacks in the internet of...IJECEIAES
The internet of things (IoT) is used in domestic, industrial as well as mission-critical systems including homes, transports, power plants, industrial manufacturing and health-care applications. Security of data generated by such systems and IoT systems itself is very critical in such applications. Early detection of any attack targeting IoT system is necessary to minimize the damage. This paper reviews security attack detection methods for IoT Infrastructure presented in the state-of-the-art. One of the major entry points for attacks in IoT system is topology exploitation. This paper proposes a distributed algorithm for early detection of such attacks with the help of predictive descriptor tables. This paper also presents feature selection from topology control packet fields. The performance of the proposed algorithm is evaluated using an extensive simulation carried out in OMNeT++. Performance parameter includes accuracy and time required for detection. Simulation results presented in this paper show that the proposed algorithm is effective in detecting attacks ahead in time.
IIoT solutions are providing operators with massive volumes of data while making it easier to apply them to improvements in quality and efficiency. However, the cybersecurity risk to IIoT solutions is often overlooked. Many IIoT devices reside on networks that use open connections such as Wi-Fi, cellular, or satellite. Those could inadvertently increase an ICS threat surface.
Participants in this session will learn how to configure new and existing IIoT devices in a manner that will continue providing the value of the IIoT solution while reducing the exposure to cyberattacks. Guidelines will also be provided in cases of IIoT devices, which do provide inherent security configuration options.
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
Watch this previously recorded webinar event with special guest Karthik Sundaram of Frost & Sullivan as he expands on his recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Rob Alderfer, Moderator
Vice President Technology Policy, CableLabs
Gerald Faulhaber
Professor Emeritus, Business Economics & Public Policy, Wharton School
Chaz Lever
Lead Reseacher, Georgia Tech
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
Wearables are small electronic devices, often comprising one or more sensors and having computational capability. Devices such as wrist watches, pens, and glasses with installed cameras are now available at cheap prices for user to purchase to monitor or securing themselves. The Nigerian state at this period is faced with a lot of kidnapping activities in schools, homes and abduction for the purpose of ransomed collection and other illegal activities necessitate these reviews. The success of the wearable technology in medical uses prompted the research into application into security uses. The method of research is the use of case studies and literature search. This paper takes a look at the possible applications of the wearable technology to combat the cases of abduction and kidnapping in Nigeria.
A survey on Internet of Things (IoT) security : Challenges and Current statusvivatechijri
When Internet of Things (IoT) applications become a part of people’s daily life, security issues in IoT have caught substantial attention in both academia and industry. Compared to traditional computing systems, IoT systems have more inherent vulnerabilities, and in the intervening time, could have higher security requirements. However, the current design of IoT does not successfully address the higher security requirements postured by those vulnerabilities. Many recent attacks on IoT systems have shown that novel security solutions are needed to defend this emerging system. This paper purposes to examine security challenges resulted from the special characteristics of the IoT systems and the new features of the IoT applications. This could help pave the road to better security solution design. Furthermore, three architectural security designs are suggested and analyzed. Examples of how to implement these designs are discussed. Finally, for each layer in IoT architecture, open issues are also identified.
Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.
Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.
A Novel Security Approach for Communication using IOTIJEACS
The Internet of Things (IOT) is the arrangement of physical articles or "things" introduced with equipment, programming, sensors, and framework accessibility, which enables these things to accumulate and exchange data. Here outlining security convention for the Internet of Things, and execution of this relating security convention on the inserted gadgets. This convention will cover the honesty of messages and verification of every customer by giving a productive confirmation component. By this venture the protected correspondence is executed on implanted gadgets.
DEDA: An algorithm for early detection of topology attacks in the internet of...IJECEIAES
The internet of things (IoT) is used in domestic, industrial as well as mission-critical systems including homes, transports, power plants, industrial manufacturing and health-care applications. Security of data generated by such systems and IoT systems itself is very critical in such applications. Early detection of any attack targeting IoT system is necessary to minimize the damage. This paper reviews security attack detection methods for IoT Infrastructure presented in the state-of-the-art. One of the major entry points for attacks in IoT system is topology exploitation. This paper proposes a distributed algorithm for early detection of such attacks with the help of predictive descriptor tables. This paper also presents feature selection from topology control packet fields. The performance of the proposed algorithm is evaluated using an extensive simulation carried out in OMNeT++. Performance parameter includes accuracy and time required for detection. Simulation results presented in this paper show that the proposed algorithm is effective in detecting attacks ahead in time.
IIoT solutions are providing operators with massive volumes of data while making it easier to apply them to improvements in quality and efficiency. However, the cybersecurity risk to IIoT solutions is often overlooked. Many IIoT devices reside on networks that use open connections such as Wi-Fi, cellular, or satellite. Those could inadvertently increase an ICS threat surface.
Participants in this session will learn how to configure new and existing IIoT devices in a manner that will continue providing the value of the IIoT solution while reducing the exposure to cyberattacks. Guidelines will also be provided in cases of IIoT devices, which do provide inherent security configuration options.
the world of technology is changing at an unprecedented pace, and th.docxpelise1
the world of technology is changing at an unprecedented pace, and these changes represent business opportunities as well as challenges. Mass connectivity and faster speeds create opportunities for businesses to network more devices, complete more transactions, and enhance transaction quality. Internet Protocol version 6 (IPv6) and Internet of things (IoT) are two such technologies that represent significant opportunities for strategic cybersecurity technology professionals to create lasting value for their organizations.
IoT is the phenomenon of connecting devices used in everyday life. It provides an interactive environment of human users and a myriad of devices in a global information highway, always on and always able to provide information. IoT connections happen among many types of devices — sensors, embedded technologies, machines, appliances, smart phones — all connected through wired and wireless networks.
Cloud architectures such as software as a service have allowed for big data analytics and improved areas such as automated manufacturing. Data and real-time analytics are now available to workers through wearables and mobile devices.
Such pervasive proliferation of IoT devices gives hackers avenues to gain access to personal data and financial information and increases the complexity of data protection. Given the increased risks of data breaches, newer techniques in data loss prevention should be examined.
Increased bandwidth and increased levels of interconnectivity have allowed data to become dispersed, creating issues for big data integrity. In such a world, even the financial transactions of the future are likely to be different — Bitcoin and digital currency may replace a large portion of future financial transactions.
To survive and thrive, organizational technology strategists must develop appropriate technology road maps. These strategists must consider appropriate function, protection, and tamper-proofing of these new communications and transactions.
It will be impossible to protect data by merely concentrating on protecting repositories such as networks or endpoints. Cybersecurity strategists have to concentrate on protecting the data themselves. They will need to ensure that the data are protected no matter where they reside.:
Step2
Select Devices and Technologies
By now, you have an idea of your team members and your role on the team project. Now, it's time to get the details about the devices and technologies needed to be included in the Strategic Technology Plan for Data Loss Prevention.
You should limit the scope of this project by selecting a set of devices and technologies which are most appropriate for data loss prevention for your business mission and future success. Based on your prior knowledge of your company and based on the project roles you agreed upon in the previous step, perform some independent research on the following topics and identify a set of devices and technologies that you propose for.
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
Final Research Project - Securing IoT Devices: What are the Challenges?
Internet security, in general, is a challenge that we have been dealing with for decades. It is a regular topic of discussion and concern, but a relatively new segment of internet security is getting most attention—internet of things (IoT). So why is internet of things security so important?
The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at which new technology goes to market is inversely proportional to the amount of security that gets designed into the product. According to IHS Markit, “The number of connected IoT devices worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125 billion in 2030.”
IoT devices are quite a bit different from other internet-connected devices such as laptops and servers. They are designed with a single purpose in mind, usually running minimal software with minimal resources to serve that purpose. Adding the capability to run and update security software is often not taken into consideration.
Due to the lack of security integrated into IoT devices, they present significant risks that must be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s consider the challenges of IoT security and how we can address them.
Some security practitioners suggest that key IoT security steps include:
1. Make people aware that there is a threat to security;
2. Design a technical solution to reduce security vulnerabilities;
3. Align the legal and regulatory frameworks; and
4. Develop a workforce with the skills to handle IoT security.
Final Assignment - Project Plan (Deliverables):
1) Address each of the FOURIoT security steps listed above in terms of IoT devices.
2) Explain in detail, in a step-by-step guide, how to make people more aware of the problems associated with the use of IoT devices.
Bottom of Form
Top of Form
Bottom of Form
IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20-Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-one-of-the-biggest-problems-of-the-century/
Video Resources:What is the Internet of Things (IoT) and how can we secure it?
https://www.youtube.com/watch?v=H_X6IP1-NDc
What is the problem with IoT security? - Gary explains
https://www.youtube.com/watch?v=D3yrk4TaIQQ
What are the Challenges of IoT Security?
IoT has many of the same security challenges that other systems have. There are, howe.
Final Research Project - Securing IoT Devices What are the Challe.docxlmelaine
Final Research Project - Securing IoT Devices: What are the Challenges?
Internet security, in general, is a challenge that we have been dealing with for decades. It is a regular topic of discussion and concern, but a relatively new segment of internet security is getting most attention—internet of things (IoT). So why is internet of things security so important?
The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at which new technology goes to market is inversely proportional to the amount of security that gets designed into the product. According to IHS Markit, “The number of connected IoT devices worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125 billion in 2030.”
IoT devices are quite a bit different from other internet-connected devices such as laptops and servers. They are designed with a single purpose in mind, usually running minimal software with minimal resources to serve that purpose. Adding the capability to run and update security software is often not taken into consideration.
Due to the lack of security integrated into IoT devices, they present significant risks that must be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s consider the challenges of IoT security and how we can address them.
Some security practitioners suggest that key IoT security steps include:
1. Make people aware that there is a threat to security;
2. Design a technical solution to reduce security vulnerabilities;
3. Align the legal and regulatory frameworks; and
4. Develop a workforce with the skills to handle IoT security.
Final Assignment - Project Plan (Deliverables):
1) Address each of the FOURIoT security steps listed above in terms of IoT devices.
2) Explain in detail, in a step-by-step guide, how to make people more aware of the problems associated with the use of IoT devices.
Bottom of Form
Top of Form
Bottom of Form
IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20-Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-one-of-the-biggest-problems-of-the-century/
Video Resources:What is the Internet of Things (IoT) and how can we secure it?
https://www.youtube.com/watch?v=H_X6IP1-NDc
What is the problem with IoT security? - Gary explains
https://www.youtube.com/watch?v=D3yrk4TaIQQ
What are the Challenges of IoT Security?
IoT has many of the same security challenges that other systems have. There are, howe ...
The Internet of Things (IoT) is one of the most active and fascinating innovations in information and communications technology.
https://www.infosectrain.com/courses/iot-bootcamp-certification-training/
The Internet of Things (IoT) hacking is the hacking of IoT devices. IoT is a network of devices embedded with sensors, software, and other technologies to connect and exchange data and information with other devices and systems over the Internet. It primarily refers to the fast-expanding network of linked devices that use embedded sensors to collect and exchange data in real-time. Although IoT hacking is a relatively new phenomenon, it has already shown a vast capacity for destruction in a relatively short period.
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Eswar Publications
The Internet of Things (IoT), is a concept that describes how objects that we are used in daily life will interact and negotiate with other objects over the internet. The amount of devices with Wi-Fi capabilities and built-in sensors keeps on increasing. IoT combines smart devices to provide smart services and applications like smart cities, smart healthcare, smart home, and digital farm etc. But it is very crucial to secure connected IoT devices and networks because of the nature of IoT system. In this paper, the existing works are analyzed and an IoT based
healthcare system architecture is proposed. An authentication scheme to enhance the security of the proposed healthcare system is also present.
Cybersecurity stands as the bedrock of our digital world, safeguarding systems, networks, and data from a rising tide of cyber threats. In the era of the Internet of Things (IoT), wherean ever-expanding array of devices and objects are seamlessly interconnected, the importance of cybersecurity has escalated to unprecedented levels.
The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.
Internet of things is one of the catch words now a day.
It promises a great future for the internet. Today common types
of communications are person to person, machine to person, or
person to machine. But Internet of things brings a new
technology where a type of communication is machine to
machine. Many technology and protocols have been studied for
this new communication. One of the new and emerging
technologies is VMware Pulse IoT center which provides IoT
device management in a pretty manner. It serves as management
glue between hardware. This paper will take a look on features,
benefits and working of VMware pulse IoT center including
summary of IoT solutions by VMware pulse IoT center.
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...DESMOND YUEN
Internet of Things (IoT) is an innovative paradigm
envisioned to provide massive applications that are now part of
our daily lives. Millions of smart devices are deployed within
complex networks to provide vibrant functionalities including
communications, monitoring, and controlling of critical infrastructures. However, this massive growth of IoT devices and the corresponding huge data traffic generated at the edge of the network created additional burdens on the state-of-the-art
centralized cloud computing paradigm due to the bandwidth and
resources scarcity. Hence, edge computing (EC) is emerging as
an innovative strategy that brings data processing and storage
near to the end users, leading to what is called EC-assisted IoT.
Although this paradigm provides unique features and enhanced
quality of service (QoS), it also introduces huge risks in data security and privacy aspects. This paper conducts a comprehensive survey on security and privacy issues in the context of EC-assisted IoT. In particular, we first present an overview of EC-assisted IoT including definitions, applications, architecture, advantages, and challenges. Second, we define security and privacy in the context of EC-assisted IoT. Then, we extensively discuss the major classifications of attacks in EC-assisted IoT and provide possible solutions and countermeasures along with the related research efforts. After that, we further classify some security and privacy issues as discussed in the literature based on security services and based on security objectives and functions. Finally, several open challenges and future research directions for secure EC-assisted IoT paradigm are also extensively provided.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Security and Privacy in IoT and Cyber-physical Systems
1. Security and Privacy in
Cyber-Physical and IoT Systems
Bob Marcus
Co-Chair NIST Big Data PWG
robert.marcus@et-strategies.com
Caveat: This is a rough first cut and will be revised extensively!
2. Definitions
Cyber-Physical System (CPS) - a system in which objects interacting
with their physical environment are controlled or monitored by
software. In cyber-physical systems, physical and software
components are deeply intertwined. A robot is a cyber-physical
system even if not networked.
Internet of Things (IoT) - describes the network of physical objects—
a.k.a. "things"—that are embedded with sensors, software, and
other technologies for the purpose of connecting and exchanging
data with other devices and systems over the Internet. A networked
set of computers is not necessarily part of the Internet of Things.
Internet of Everything (IoE) - is an expansion of the Internet of Things
to include people and possibly future intelligent autonomous devices.
These additional components provide major security risks.
My Suggestion: Toughen end-users by sending them test phishing
messages and links without warning to ensure that they are aware
of the danger of responding to similar attacks. (White Hat Phishing)
3. Outline of Slides
・Recent Development in IoT Security
・IoT Security Issues
・IoT Privacy
・IoTSecurity Frameworks
・Online Trust Alliance (OTA) Trust Framework and Resource Guide
・Open Web Application Security Project (OWASP) Slides
・IoT Use Cases Security
・References
5. IoT Security Foundation
From https://www.iotsecurityfoundation.org
We will support our mission by:
• Composing and maintaining a comprehensive Compliance Framework of
recommended steps for creating secure IoT products and services;
• Promoting the adoption of the Compliance Framework to IoT service and
product providers, IoT system specifiers, purchasers, and policymakers;
• Composing and promoting security best practice guidance;
• Helping to arrange assurance processes to demonstrate that IoT products
and services meet the requirements of the IoTSF Compliance Framework.
Our mission is to help secure the Internet of Things and make it safe to connect.
Establishing Principles for IoT Security
IoTSF is a collaborative, non-profit, international r.esponse to the complex challenges posed
by cybersecurity in the expansive hyper-connected IoT world. As such, IoTSF is the natural
destination for IoT users and technology providers including IoT security professionals, IoT
hardware and software product vendors, network operators, system specifiers, integrators,
distributors, retailers, insurers, local authorities, government agencies and other
stakeholders.
Members
7. IoT Security Foundation
From https://www.iotsecurityfoundation.org
Materials published by IoTSF include contributions from security practitioners,
researchers, industrially experienced staff and other relevant sources from IoTSF’s
membership and partners. IoTSF has a multi-stage process designed to develop
contemporary best practice with a quality assurance peer review prior to publication.
Publications
• Consumer IoT:Vulnerability Disclosure – Expanding theView into 2021
• IoT Security Compliance Framework
• Secure Design Best Practice Guides
• CanYou TrustYour Smart Building?
• IoT Security Reference Architecture for the Healthcare Industry
• HOME IoT Security Architecture and Policy
• ENTERPRISE IoT Security Architecture and Policy
• IoT Cybersecurity: Regulation Ready – FullVersion Nov 2018
• IoT Cybersecurity: Regulation Ready – ConciseVersion Nov 2018
• Vulnerability Disclosure Best Practice Guide
8. Best Practices for Developing Secure Connected Devices (Vdoo)
From https://tinyurl.com/jk8za8rf
9. IoT Security Issues and Challenges from Thales
From https://tinyurl.com/87s3fpf7
Developing a thorough understanding of IoT cybersecurity issues and executing a
strategy to mitigate the related risks will help protect your business and build
confidence in digital transformation processes.
In this new article, we will review six significant IoT security challenges:
• Weak password protection
• Lack of regular patches and updates and weak update mechanism
• Insecure interfaces
• Insufficient data protection
• Poor IoT device management
• The IoT skills gap
We explain the potential threats for each topic, illustrate the issue with IoT attack
examples, and results from recent research papers.
We will also see how to address these risks and move forward.
The IoT Ecosystem in 2021
10. NIST Recommendations for IoT Cybersecurity
From https://csrc.nist.gov/publications/detail/nistir/8259/final
Internet of Things (IoT) devices often lack device cybersecurity capabilities their
customers—organizations and individuals—can use to help mitigate their
cybersecurity risks. Manufacturers can help their customers by improving how
securable the IoT devices they make are by providing necessary cybersecurity
functionality and by providing customers with the cybersecurity-related information
they need.This publication describes recommended activities related to
cybersecurity that manufacturers should consider performing before their IoT
devices are sold to customers.These foundational cybersecurity activities can help
manufacturers lessen the cybersecurity-related efforts needed by customers, which
in turn can reduce the prevalence and severity of IoT device compromises and the
attacks performed using compromised devices.
From Internet of Things Cybersecurity Improvement Act of 2020
https://www.congress.gov/bill/116th-congress/house-bill/1668/text
Not later than 90 days after the date of the enactment of this Act, the Director of the Institute
shall develop and publish under section 20 of the National Institute of Standards andTechnology
Act (15 U.S.C. 278g-3) standards and guidelines for the Federal Government on the appropriate
use and management by agencies of Internet of Things devices owned or controlled by an agency
connected to information systems owned or controlled by an agency, including minimum
information security requirements for managing cybersecurity risks associated with such devices.
11. NIST Recommendations for IoT Cybersecurity
From https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259.pdf
The remainder of this publication is organized into the following sections and
appendices:
• Section 2 provides background on how manufacturers play a key role in
how securable their IoT devices are for their customers, such as which
cybersecurity risk mitigation areas that customers commonly need to
address and understanding how the device may provide support for those
areas.
• Sections 3 and 4 describe activities that manufacturers should consider
performing before their IoT devices are sold to customers in order to
improve how securable the IoT devices are for the customers.
• Section 3 includes activities that primarily impact securability efforts by
the manufacturer before device sale.The Section 3 activities are:
identifying expected customers and defining expected use cases,
researching customer cybersecurity needs and goals, determining how
to address customer needs and goals, and planning for adequate
support of customer needs and goals.
• Section 4 includes activities that primarily impact securability efforts by
the manufacturer after device sale.The Section 4 activities are: defining
approaches for communicating with customers regarding IoT device
cybersecurity
12. NIST Recommendations for IoT Cybersecurity: References
From https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259.pdf
Fagan M, Megas KN, Scarfone K, Smith M (2020) IoT Device Cybersecurity
Capability Core Baseline. (National Institute of Standards and Technology,
Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8259A. https://
doi.org/10.6028/NIST.IR.8259A
Boeckl K, Fagan M, Fisher W, Lefkovitz N, Megas K, Nadeau E, Piccarreta B, Gabel
O’Rourke D, Scarfone K (2019) Considerations for Managing Internet of Things
(IoT) Cybersecurity and Privacy Risks. (National Institute of Standards and
Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8228.
https://doi.org/10.6028/NIST.IR.8228
Cyber-Physical Systems Public Working Group (2017) Framework for Cyber-
Physical Systems:Volume 1, Overview,Version 1.0. (National Institute of
Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP)
1500-201. https://doi.org/10.6028/NIST.SP.1500-201
Internet of Things (IoT) Component Capability Model for Research Testbed
(2020) (National Institute of Standards and Technology, Gaithersburg, MD)
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8316.pdf
13. NIST Recommendations for IoT Cybersecurity
From https://www.nist.gov/video/nist-recommendations-foundational-cybersecurity-guidance-iot-device-manufacturers-presented
14. NIST Cybersecurity for IoT Program
From https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program
NIST’s Cybersecurity for the Internet of Things (IoT) program supports the
development and application of standards, guidelines, and related tools to improve
the cybersecurity of connected devices and the environments in which they are
deployed. By collaborating with stakeholders across government, industry,
international bodies, and academia, the program aims to cultivate trust and foster an
environment that enables innovation on a global scale.
• Published! Four public draft documents providing guidance for federal agencies and IoT device
manufacturers on defining IoT cybersecurity requirements (Overview) (Background Information):
◦ SP 800-213 (DRAFT) IoT Device Cybersecurity Guidance for the Federal Government: Establishing
IoT Device Cybersecurity Requirements [Document]
◦ NISTIR 8259B (DRAFT), IoT Non-Technical Supporting Capability Core Baseline[Document]
◦ NISTIR 8259C (DRAFT), Creating a Profile Using the IoT Core Baseline and Non-Technical
Baseline [Document]
◦ NISTIR 8259D (DRAFT), Profile Using the IoT Core Baseline and Non-Technical Baseline for the
Federal Government [Document]
• Published! Federal Profile of NISTIR 8259A (“Federal Profile”) (June 30, 2020) [FAQs]
NIST is developing a federal profile of the Core Baseline established in NISTIR 8259A (“Federal
Profile”) and seeks feedback from all stakeholders on this initial catalog of proposed IoT device
cybersecurity capabilities and related non-technical capabilities. Also, the IoT for Cybersecurity
Program has instituted a new way to provide feedback and influence the discussion!
•
15. NIST Cybersecurity for IoT Program(cont)
From https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program
• . NISTIR 8259 and NISTIR 8259A promise to have a lasting impact on IoT device
cybersecurity. In a June 1, 2020 blog, NIST IoT Cybersecurity Program Manager Katerina
Megas explains what they mean for manufacturers and consumers—both in the United
States and beyond.
• Published! NISTIR 8259 (FINAL) – Recommendations for IoT Device Manufacturers:
Foundational Activities (May 29, 2020) [Document] [FAQs]
• Published! NISTIR 8259A (FINAL) – Core Device Cybersecurity Capability Baseline
(May 29, 2020) [Document] [FAQs]
• The Final Public Draft of NIST SP 800-53 Revision 5: Security and
Privacy Controls for Information Systems and Organizations was
released on March 16. NIST SP 800-53 presents a proactive and systemic approach to
developing comprehensive safeguarding measures for all types of computing platforms,
including general purpose computing systems, cyber-physical systems, cloud and mobile
systems, industrial/process control systems, and Internet of Things (IoT) devices. NIST
seeks comment on this draft through May 15, 2020.
• Published! NISTIR 8259 (DRAFT) Core Cybersecurity Feature Baseline for Securable
IoT Devices:A Starting Point for IoT Device Manufacturers [Document] [Background
Information]
• Published! NISTIR 8228: Considerations for Managing Internet of Things (IoT)
Cybersecurity and Privacy Risks now available.
16. National Cybersecurity Center of Excellence(NCCoE) for IoT
From https://www.nccoe.nist.gov/projects/building-blocks/iot
Trusted IoT Device Network-Layer Onboarding and Lifecycle Management
Network-layer onboarding of an IoT device is the provisioning of network credentials to that device.The current lack of trusted IoT device
onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to
being taken over by networks that are not authorized to onboard them.This project focuses on approaches to trusted network-layer
onboarding of IoT devices over IP networks and lifecycle management of the devices. Learn more about this project.
Securing Wireless Infusion Pumps
Medical facilities are more connected than ever before, making the delivery of healthcare more efficient and convenient for patients.The
wireless infusion pump device is present in nearly every medical setting. Tampering with the wireless infusion pump ecosystem can expose a
healthcare delivery organization (HDO) enterprise, and by extension its patients, to serious risks.This project resulted in defense-in-depth
cybersecurity guidance applicable to any connected medical device to help HDOs protect their networks. Learn more about this
project.
Mitigating IoT-Based DDoS
This project aims to improve the resiliency of IoT devices against network-based attacks by using the Internet Engineering Task Force’s
Manufacturer Usage Description (MUD) architecture.When MUD is used, the network will automatically permit IoT devices to send and
receive only the traffic they require to perform as intended, and the network will prohibit all other communication with the devices. Learn
more about this project
The Internet of Things has unlimited possibilities for home and business use.Appliances from refrigerators to sensor networks are now
available in models that interact with a wireless network, making them easier to control with a computer or smartphone. Estimates suggest
that there will be more than 75 billion IoT devices in use by 2025, according to IHS Markit. Along with this massive market adoption of IoT,
though, comes a trove of security concerns that necessitate attention and action.The National Institute of Standards and Technology's (NIST)
National Cybersecurity Center of Excellence (NCCoE) is striving to make IoT more secure. NCCoE’s work is done in conjunction with and
informed by NIST’s Cybersecurity for the Internet of Things (IoT) Program.This program supports the development and application of
standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed.
Below are the IoT projects that are currently underway at the NCCoE.
17. National Cybersecurity Center of Excellence(NCCoE) for IoT(cont)
From https://www.nccoe.nist.gov/projects/building-blocks/iot
Securing the Industrial Internet of Things
This project focuses on data integrity and malware prevention, detection, and mitigation within industrial control systems (ICS). Major
consideration is given to distributed energy resources (DERs)—particularly commercial-scale and utility-scale solar power installations—and
their interconnection with the electricity distribution grid. Distributed energy resources introduce information exchanges between a utility’s
distribution control system and the DERs, or an aggregator, to manage the flow of energy in the distribution grid.These information
exchanges often employ Industrial Internet of Things (IIoT) technologies that lack the communications security present in traditional utility
systems. Learn more about this project.
Consumer Home Internet of Things Product Security
This project aims to provide data-driven cybersecurity information about the state of the consumer smart home market.This project
provides technical security assessments of consumer home IoT products, with the aim of identifying security capabilities and
recommendations for IoT device manufacturers.These technical assessments will also help the NCCoE better address consumer home IoT
security in a holistic manner in future projects. In addition, the technical assessments informs the security tenets for IoT devices outlined in
NISTIR 8259 (Draft), Core Cybersecurity Feature Baseline for Securable IoT Devices. Learn more about this project.
Security for IoT Sensor Networks
This project aims to demonstrate how resource-constrained sensors can have their firmware securely updated over the air (OTA).This
project will align with draft NISTIR 8259, Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity
Capability Baseline and seeks to utilize industry standards for interoperability. Learn more about this effort.
Securing Telehealth Remote Patient Monitoring Ecosystem
Telehealth is one of the fastest growing sectors within healthcare. It leverages network-connected devices to monitor and treat patients
outside of a healthcare delivery organization’s (HDOs) closed environment. HDOs are leveraging a combination of telehealth capabilities,
such as remote patient monitoring (RPM) and videoconferencing, to treat patients in their homes.These modalities are used to treat
numerous conditions, such as patients battling chronic illness or requiring postoperative monitoring.As use of these capabilities continues to
grow, it is important to ensure that the infrastructure supporting them can protect patient data.The NCCoE healthcare team and NIST
Privacy teams are working together on this project. Learn more about this project.
18. IoT Security Discussion from ARM
From https://www.arm.com/glossary/iot-security
IoT security covers both physical device security and network security, and impacts the
processes, technologies, and measures necessary to protect IoT devices and networks. It
spans industrial machines, smart energy grids, building automation systems, entertainment
devices, and more, including devices that often aren’t designed for network security. IoT
device security must protect systems, networks, and data from a broad spectrum of IoT
security attacks, which target four types of vulnerabilities:
• Communication attacks on the data transmitted between IoT devices and servers.
• Lifecycle attacks on the IoT device as it changes hands from user to maintenance.
• Attacks on the device software.
• Physical attacks, which directly target the chip in the device.
Key Security Goals
19. ATT’s List of IoT Security Technologies
From https://cybersecurity.att.com/blogs/security-essentials/internet-of-things-security-explained
1. IoT network security - This is all about protecting and securing the network that connects IoT devices
to the internet. The sheer number of devices, combined with the complexity of communication protocols,
make IoT network security a primary concern within IoT networks.
2. IoT authentication -The mechanism with which users authenticate an IoT device, which may include
multiple users on one device (such as a connected car). Mechanisms range from a static password or PIN
to more robust authentication mechanisms like multi factor authentication (MFA), biometrics, and digital
certificates
3. IoT encryption -The communication channels between edge devices and back-end systems require
that encryption technologies are implemented across various IoT devices hardware platforms. As such,
data integrity is maintained and hackers trying to intercept data are thwarted.
4. IoT Public Key Infrastructure (PKI) - Provides complete X.509 digital certificate, cryptographic key
and life-cycle capabilities, including public/private key generation, distribution, management, and
revocation. With PKI, digital certificates can be securely loaded onto devices at the time of manufacturing.
Not only that, but they can be activated at the point of development, providing a means for an effective PKI
application across a
5. IoT security analytics - Much like other analytics, IoT device data is collected, monitored, aggregated
and normalized to provide actionable alerts and reports when abnormal activity is detected. Recently,
analytics have leveraged more sophisticated AI, machine learning, and big data to help with predictive
modeling and reduce false positives.
23. Intellectsoft Top 10 IoT Security Issues
From https://www.intellectsoft.net/blog/biggest-iot-security-issues/
Lack Of Compliance On The Part Of Iot Manufacturers
Lack Of User Knowledge & Awareness
Iot Security Problems In Device Update Management
Lack Of Physical Hardening
Botnet Attacks
Industrial Espionage & Eavesdropping
HighjackingYour Iot Devices
Data Integrity Risks Of Iot Security In Healthcare
Rogue Iot Devices
Cryptomining With Iot Bots
24. IoT Security Issues
From https://www.linkedin.com/pulse/convergence-iot-quantum-computing-ahmed-banafa
IoT system’s diverse security issues include:
• Data breaches – IoT applications collect a lot of user data, and most of it sensitive or
personal, to operate and function correctly. As such, it needs encryption protection.
• Data authentication – Some devices may have adequate encryption in place but it can still
be open to hackers if the authenticity of the data that is communicated to and from the
IoT device cannot be authenticated.
• Side-channel attacks – Certain attacks focus on the data and information it can gain from
a system’s implementation rather than vulnerabilities in the implementation’s algorithms.
• Irregular updates – Due to the rapid advances in the IoT industry, a device that may have
been secure on its release may not be secure anymore if its software does not get
updated regularly. Add to that the famous SolarWinds’s Supply Chain attack of 2020 which
infected over 18,000 companies and government agencies using updates of office
applications, and network monitoring tools.
• Malware and ransomware – Malware refers to the multitude of malicious programs that
typically infects a device and influences its functioning whereas ransomware has the
capabilities to lock a user out of their device, usually requesting a “ransom” to gain full
use back again paid by cryptocurrency “Bitcoin”.
25. Operational and Information Technology Security for IoT
From http://www.corporateperformancemanagement-hq.com/how-should-you-consider-the-iot-security-management-better-secure-the-application-layer/
26. CPS System of Systems Security Characteristics
From http://www.slideshare.net/pfroberts/cyber-physical-systems-boston-2015-1
27. CPS Security Topics
From http://icsd.i2r.a-star.edu.sg/cpss15/
• Adaptive attack mitigation for CPS
• Authentication and access control for CPS
• Availability, recovery and auditing for CPS
• Data security and privacy for CPS
• Embedded systems security
• EV charging system security
• Intrusion detection for CPS
• Key management in CPS
• Legacy CPS system protection
• Lightweight crypto and security
• SCADA security
• Security of industrial control systems
• Smart grid security
• Threat modeling for CPS
• Urban transportation system security
• Vulnerability analysis for CPS
• Wireless sensor network security
28. IoT Security Levels
From http://www.slideshare.net/DrDavidProbert/integrated-cybersecurity-and-the-internet-of-things
29. Recommended Interdisciplinary Design Areas from NIST
From https://s3.amazonaws.com/nist-sgcps/cpspwg/pwgglobal/CPS_PWG_Draft_Framework_for_Cyber-Physical_Systems_Release_0_8_September_2015.pdf
30. Cyber-Physical and Analog Design Layers from NIST
From https://s3.amazonaws.com/nist-sgcps/cpspwg/pwgglobal/CPS_PWG_Draft_Framework_for_Cyber-Physical_Systems_Release_0_8_September_2015.pdf
31. Recommended Design Considerations for CPS Security
From https://s3.amazonaws.com/nist-sgcps/cpspwg/pwgglobal/CPS_PWG_Draft_Framework_for_Cyber-Physical_Systems_Release_0_8_September_2015.pdf
32. Design Considerations for CPS Security continued
From https://s3.amazonaws.com/nist-sgcps/cpspwg/pwgglobal/CPS_PWG_Draft_Framework_for_Cyber-Physical_Systems_Release_0_8_September_2015.pdf
34. Responses toChallenges to Cyber-Physical System Security
From http://tinyurl.com/gv38c78
mPCDs = Mobile Personal Communication Device
SNSS = Smart Networked Systems and Society
35. Online Trust Alliance’s (OTA)Vendor Best Practices for IoT Security
From https://otalliance.org/news-events/press-releases/internet-things-lacks-safety-today-opening-door-major-threats-tomorrow
• Making privacy policies readily available for review prior to product purchase,
download or activation.
• Encrypting or hashing all personally identifiable data both at rest and in motion.
• Disclosing prior to purchase a device’s data collection policies, as well as the impact
on the device’s key features if consumers choose not to share their data.
• Disclosing if the user has the ability to remove or make anonymous all personal
data upon discontinuing device or device end-of-life.
• Publishing a timeframe for support after the device/app is discontinued or replaced
by newer version.
36. From http://iot-datamodels.blogspot.com/2014/05/design-patterns-for-internet-of-things.html
Design Patterns for IoT Security from Michael Koster
• Access control using data models: semantic hyperlinks control access to resources
based on the embedded metadata
• Social to physical graph relationship: well defined concepts of ownership and
access delegation between people, entities, and things
• PGP and asymmetric public-key cryptography on devices: ways of creating SSL
sessions and signing data between devices and applications
• DTLS over UDP: security for resource constrained devices
• End-to-end encryption: transmitting and storing encrypted data independent of
channel encryption
• Device Management: using device identity, registration, and secure key exchange
37. Device Level Security Requirements
From www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf
• Secure Booting
• Access Control
• Device Authentication
• Firewalls or Intrusion Prevention System (IPS)
• Updates and Patches
38. Security for IoT in IERC
From www.internet-of-things-research.eu/pdf/IERC_Cluster_Book_2014_Ch.3_SRIA_WEB.pdf
DoS/DDOS attacks are already well understood for the current Internet, but the IoT is also
susceptible to such attacks and will require specific techniques and mechanisms to ensure that
transport, energy, city infrastructures cannot be disabled or subverted.
General attack detection and recovery/resilience to cope with IoT-specific threats, such as
compromised nodes, malicious code hacking attacks.
Cyber situation awareness tools/techniques will need to be developed to enable IoT-based
infrastructures to be monitored.Advances are required to enable operators to adapt the
protection of the IoT during the lifecycle
of the system and assist operators to take the most appropriate protective action during attacks.
The IoT requires a variety of access control and associated accounting schemes to support the
various authorisation and usage models that are required by users.The heterogeneity and diversity
of the devices/gateways that require access control will require new lightweight schemes to be
developed.
The IoT needs to handle virtually all modes of operation by itself without relying on human
control. New techniques and approaches e.g. from machine learning, are required to lead to a self-
managed IoT
39. Privacy for IoT from IERC
From www.internet-of-things-research.eu/pdf/IERC_Cluster_Book_2014_Ch.3_SRIA_WEB.pdf
Cryptographic techniques that enable protected data to be stored processed and shared, without the
information content being accessible to other parties. Technologies such as homomorphic and
searchable encryption are potential candidates for developing such approaches.
Techniques to support Privacy by Design concepts, including data minimisation, identification,
authentication and anonymity.
Fine-grain and self-configuring access control mechanism emulating the real world. There are a
number of privacy implications arising from the ubiquity and pervasiveness of IoT devices where
further research is required, including
Preserving location privacy, where location can be inferred from things associated with people.
Prevention of personal information inference, that individuals would wish to keep private, through
the observation of IoT-related exchanges.
Keeping information as local as possible using decentralised computing and key management.
Use of soft Identities, where the real identity of the user can be used to generate various soft
identities for specific applications.Each soft identity can be designed for a specific context or
application without revealing unnecessary information, which can lead to privacy breaches
40. Trust for IoT from IERC
From www.internet-of-things-research.eu/pdf/IERC_Cluster_Book_2014_Ch.3_SRIA_WEB.pdf
Lightweight Public Key Infrastructures (PKI) as a basis for trust management.Advances are expected in
hierarchical and cross certification concepts to enable solutions to address the scalability requirements.
Lightweight key management systems to enable trust relationships to be established and the distribution
of encryption materials using minimum communications and processing resources, as is consistent with
the resource constrained nature of many IoT devices.
Quality of Information is a requirement for many IoT-based systems where metadata can be used to
provide an assessment of the reliability of IoT data.
Decentralised and self-configuring systems as alternatives to PKI for establishing trust e.g. identity
federation, peer to peer.
Novel methods for assessing trust in people, devices and data, beyond reputation systems. One example
is Trust Negotiation.Trust Negotiation is a mechanism that allows two parties to automatically negotiate,
on the basis of a chain of trust policies, the minimum level of trust required to grant access to a service
or to a piece of information.
Assurance methods for trusted platforms including hardware, software, protocols, etc.
Access Control to prevent data breaches. One example is Usage Control, which is the process of
ensuring the correct usage of certain information according to a predefined policy after the access to
information is granted
41. IoT Security Concerns from HP
From http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf
42. Security Threats for IoT from Infineon
From http://www.slideshare.net/infineon/infineon-the-root-of-trust-for-the-internet-of-things
43. Attacks on IoT Devices
From https://www.researchgate.net/publication/252013823_Proposed_embedded_security_framework_for_Internet_of_Things_IoT
44. Potential Security Risks in IoT to Cloud Networks
From http://blog.imgtec.com/powervr/bringing-better-security-to-mobile-automotive-or-iot
45. Device Level Security Levels
From http://viodi.com/2015/04/26/summary-of-iot-sessions-at-2015-gsa-silicon-summit-part-i/
46. IoT Security Chain (Device to Data Center) from PRPL
From http://www.slideshare.net/axroh/cie-io-tsecurityarfinal
47. IoT Products Security Comparison by Veracode
From https://www.veracode.com/sites/default/files/Resources/Whitepapers/internet-of-things-whitepaper.pdf
1. User Facing Services Security
2. Device Facing Services Security
3. Mobile Application Interface Security
4. Device Debugging Interface Security
48. 1. User Facing Cloud Services Security Comparison
From https://www.veracode.com/sites/default/files/Resources/Whitepapers/internet-of-things-whitepaper.pdf
49. 2. Device Facing Cloud Services Security Comparison
From https://www.veracode.com/sites/default/files/Resources/Whitepapers/internet-of-things-whitepaper.pdf
50. 3. Mobile Application Interface Security Comparison
From https://www.veracode.com/sites/default/files/Resources/Whitepapers/internet-of-things-whitepaper.pdf
51. 4. Device Debugging Interface Security Comparison
From https://www.veracode.com/sites/default/files/Resources/Whitepapers/internet-of-things-whitepaper.pdf
53. Privacy Risks with IoT
From www.computerworld.com/article/3010626/internet-of-things/a-privacy-standard-for-internet-of-things-suppliers.html
• Prospective buyers of connected cars have heard the reports of hackers taking over
control of the vehicle, putting passengers at risk of an accident.They also worry about
others being able to remotely monitor conversations inside the vehicle, monitor
compliance with traffic regulations and predict when and where they will be.
• Future consumers of smart homes — houses containing interconnected appliances,
smart meters and smart TVs — similarly worry about outside parties being able to
assume remote control of their living space, monitor activity, predict whereabouts and
also draw conclusions about what type of people they are based on their living
patterns.
• As wearables expand beyond tracking the number of steps per day into more
comprehensive health and wellness profiles integrated with smartphones and social
networks, users’ commentary and concern about the use and disclosure of their data
dossiers are increasing.
54. Industry Specific Privacy Standards with IoT
From www.computerworld.com/article/3010626/internet-of-things/a-privacy-standard-for-internet-of-things-suppliers.html
• Mobile-marketing industry’s Mobile Application Privacy Policy Framework
http://tinyurl.com/hjzwfnp
• Automaker’s Consumer Privacy Protection Principles forVehicle Technologies and Services
http://www.autoalliance.org/?objectid=865F3AC0-68FD-11E4-866D000C296BA163
• Agribusiness sector’s Privacy and Security Principles for Farm Data.
http://www.fb.org/tmp/uploads/PrivacyAndSecurityPrinciplesForFarmData.pdf
55. Required Privacy for IoT
From www.computerworld.com/article/3010626/internet-of-things/a-privacy-standard-for-internet-of-things-suppliers.html
1. Tested security. It’s one thing to adopt a set of security controls like the Payment Card Industry
Data Security Standard, designed to reduce credit card fraud. It’s another thing for those controls to
prevail in a sophisticated penetration test.The IoT would need to set the bar at this higher level to earn
maximum user trust.
2. Data minimization. IoT components should maintain default settings that use the minimum
amount of personal data to perform their service. Minimum can mean minimum types of data fields
collected and exposed to other devices as well as minimum periods of data retention.
3. Controlled and transparent disclosure. Law enforcement and national defense around the
world will seek to pursue their legitimate objectives within the IoT.Virtually every industry will seek to
track or analyze their end consumers as they move through the system.Trust in the whole enterprise
will collapse, however, if these pursuits are not counterbalanced with reliable disclosure controls that
are proportionate to the identified threat, and widely known and understood.
4. Data portability. Users won’t want any one node of the IoT ecosystem to accumulate too much
power by storing data in its own proprietary format.To bolster trust in the entire system, adopt a
common data format that allows users to port their data from one platform to the next.
5. Right to be forgotten.The IoT should be safe for the most vulnerable in society: children, victims
of crime and the poor.To protect their safety and thereby make the IoT the largest possible
marketplace, enable users to completely opt out by being able to withdraw their data.
57. CPS Security Framework from China
From www.sersc.org/journals/IJSIA/vol9_no1_2015/17.pdf or
https://www.terraswarm.org/pubs/136/lu_newmultiframe_edge.pdf
58. Security Architecture Service Delivery Framework from Cap Gemini
From http://www.slideshare.net/JohnArnoldSec/security-architecture-frameworks
61. Security Enclaves Management Structure from Cisco
From http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-manager/whitepaper-c07-731204.html
62. IoT Security Environment from Cisco
From http://www.cisco.com/web/about/security/intelligence/iot_framework.html
63. Secure IoT Framework from Cisco
From http://www.cisco.com/web/about/security/intelligence/iot_framework.html
64. Secure Features and Layering from IoT-A
From http://www.iot-a.eu/arm/d1.3/at_download/file
65. Security Framework from iCore Project
From http://www.sciencedirect.com/science/article/pii/S0167404815000887
66. Model-Based Security Kit (SecKit) based on ICore
From http://www.sciencedirect.com/science/article/pii/S0167404815000887
67. SecKit Metamodel and Dependencies
From http://www.internet-of-things-research.eu/pdf/Building_the_Hyperconnected_Society_IERC_2015_Cluster_eBook_978-87-93237-98-8_P_Web.pdf
72. Internet of Secure Things Framework
From http://embedded-computing.com/25942-leveraging-iot-security-to-improve-roi/
73. Floodgate Security Framework from Icon Labs
From http://www.iconlabs.com/prod/product-family/floodgate-security-framework
74. Secure Analytics for IoT Framework from Cisco
From http://www.cisco.com/web/about/security/intelligence/iot_framework.html
• This secure analytics layer defines the services by which all elements (endpoints and
network infrastructure, inclusive of data centers) may participate to provide telemetry
for the purpose of gaining visibility and eventually controlling the IoT/M2M ecosystem.
• With the maturity of big data systems, we can deploy a massive parallel database
(MPP) platform that can process large volumes of data in near real time.When we
combine this technology with analytics, we can do some real statistical analysis on the
security data to pick out anomalies.
• Further, it includes all elements that aggregate and correlate the information,
including telemetry, to provide reconnaissance and threat detection.Threat mitigation
could vary from automatically shutting down the attacker from accessing further
resources to running specialized scripts to initiate proper remediation.
• The data, generated by the IoT devices, is only valuable if the right analytics
algorithms or other security intelligence processes are defined to identify the threat.
We can get better analytical outcome by collecting data from multiple sources and
applying security profiles and statistical models that are built upon various layers of
security algorithms.
75. Security Cloud from Cisco
From https://techradar.cisco.com/pdf/cisco-technology-radar.pdf
Before
After
76. Security Options for Constrained Devices
From http://cnds.eecs.jacobs-university.de/slides/2013-im-iot-management.pdf
77. Security Boundaries from RTI
From http://www.slideshare.net/RealTimeInnovations/build-safe-and-secure-distributed-systems-39944271
78. Data Distribution ServiceTransport Security from RTI
From http://www.slideshare.net/RealTimeInnovations/build-safe-and-secure-distributed-systems-39944271
80. Online Trust Alliance’s (OTA) Trust Framework
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_framework_released_3-2-2016.pdf
81. Online Trust Alliance’s (OTA) Trust Framework
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_framework_released_3-2-2016.pdf
82. Online Trust Alliance’s (OTA) Trust Framework continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_framework_released_3-2-2016.pdf
Security continued
83. Online Trust Alliance’s (OTA) Trust Framework continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_framework_released_3-2-2016.pdf
84. Online Trust Alliance’s (OTA) Trust Framework continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_framework_released_3-2-2016.pdf
85. Online Trust Alliance’s (OTA) Trust Framework continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_framework_released_3-2-2016.pdf
Privacy, Disclosures, and Transparency Continued
86. Online Trust Alliance’s Trust Framework for IoT Resource Guide
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
87. Online Trust Alliance’s Trust Framework for IoT Resource Guide
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
88. OTA Trust Framework for IoT Resource Guide Continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
89. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
90. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
91. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
92. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
93. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
94. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
95. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Security
96. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
User Access and Credentials
97. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
User Access and Credentials
98. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
User Access and Credentials
99. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
User Access and Credentials
100. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
User Access and Credentials
101. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures
102. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures (16 continued)
103. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures (16 continued)
104. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures
105. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures
106. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures
107. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures
108. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures (23 continued)
109. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures
110. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures
111. OTA Trust Framework for IoT Resource Guide continued
From https://otalliance.org/system/files/files/initiative/documents/iot_trust_resource_guide_2-8.pdf
Privacy, Transparency, & Disclosures
129. IoT Use Case and Security from Infineon
From http://www.slideshare.net/infineon/infineon-the-root-of-trust-for-the-internet-of-things
130. Cyber Threats to Critical Infrastructure from GAO
From http://pserc.wisc.edu/documents/general_information/presentations/pserc_seminars/psercwebinars2012/Govindarasu_PSERC_Webinar_Slides_Feb_2012.pdf
131. Smart Grid Security = Info + Infrastructure + Application Security
From http://pserc.wisc.edu/documents/general_information/presentations/pserc_seminars/psercwebinars2012/Govindarasu_PSERC_Webinar_Slides_Feb_2012.pdf
132. Attacks on Smart Grid Cyber-Physical Systems
From http://pserc.wisc.edu/documents/general_information/presentations/pserc_seminars/psercwebinars2012/Govindarasu_PSERC_Webinar_Slides_Feb_2012.pdf
133. Smart City Multi-Layer Security Framework
From www.slideshare.net/DrDavidProbert/integrated-cybersecurity-and-the-internet-of-things
134. References
Inventory of all Bob Marcus CPS Slides on Slideshare
http://www.slideshare.net/bobmarcus/inventory-of-my-cps-slide-sets
135. Reference Links (CPS Security)
Designed-In Cybersecurity for CPS from Cyber-Security Research Alliance
http://www.cybersecurityresearch.org/documents/CSRA_Workshop_Report.pdf
Designed-in Security for CPS from IEEE Panel
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6924670
Security of Cyber-Physical Systems Papers from CMU CyLab
https://www.cylab.cmu.edu/research/projects/research-area/security-cyber-physical.html
CPS Security Research at ADSC in Singapore
http://publish.illinois.edu/cps-security/
NSF/Intel Partnership in CPS Security and Privacy
http://www.nsf.gov/pubs/2014/nsf14571/nsf14571.htm
Challenges for Securing Cyber-Physical Systems from Berkeley CHESS
https://chess.eecs.berkeley.edu/pubs/601/cps-security-challenges.pdf
Secure Control Towards Survivable CPS from Berkeley
https://www.truststc.org/pubs/345/cardenas-SecureControl-v1.pdf
Security Issues and Challenges for Cyber Physical Systems from China
http://people.cis.ksu.edu/~danielwang/Investigation/CPS_Security_threat/05724910.pdf
Challenges in Security from USC
http://cimic.rutgers.edu/positionPapers/CPS-Neuman.pdf
Systems Theoretic Approach to the Security Threats in CPS from MIT
http://web.mit.edu/smadnick/www/wp/2014-13.pdf
136. Reference Links (CPS Security)
CPS Security Challenges and Research Idea from BBN
http://cimic.rutgers.edu/positionPapers/CPSS_BBN.pdf
IoT Botnet
http://internetofthingsagenda.techtarget.com/definition/IoT-botnet-Internet-of-Things-botnet
Privacy Standards for IoT
http://www.computerworld.com/article/3010626/internet-of-things/a-privacy-standard-for-internet-of-things-suppliers.html
Building the Bionic Cloud
http://www.digitalgovernment.com/media/Downloads/asset_upload_file194_5802.pdf
How the Internet of Things could be fatal
http://www.cnbc.com/2016/03/04/how-the-internet-of-things-could-be-fatal.html
Hippocratic Oath for Medical Devices
https://www.iamthecavalry.org/wp-content/uploads/2016/01/I-Am-The-Cavalry-Hippocratic-Oath-for-Connected-Medical-Devices.pdf
Hierarchical Security Architecture for Cyber-Physical Systems
https://inldigitallibrary.inl.gov/sti/5144319.pdf
A Systematic View of Studies in Cyber-Physical System Security
http://www.sersc.org/journals/IJSIA/vol9_no1_2015/17.pdf
Why IoT Security is so Critical
http://techcrunch.com/2015/10/24/why-iot-security-is-so-critical/#.j1xovjh:VRMg
Open Web Application Security Project
https://www.owasp.org/index.php/Main_Page
PRPL Foundation
http://prplfoundation.org/overview/
OpenWrt
https://en.wikipedia.org/wiki/OpenWrt
137. Reference Links (CPS Security) continued
Online Trust Alliance (OTA) IoT Initiatives
https://otalliance.org/initiatives/internet-things
TerraSwarm
http://www.terraswarm.org/
Secure Internet of Things Project Publications
http://iot.stanford.edu/pubs.html
Internet of Things Privacy and Security in a Connected World Report from U.S. Federal Trade Commission(FTC)
https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf
Best Practices in CyberSecurity from the U.S. National Highway Traffic Safety Administration (NHTSA)
http://tinyurl.com/zhpojlp
Cybersecurity through Real-Time Distributed Control System
http://web.ornl.gov/sci/electricdelivery/pdfs/ORNL_Cybersecurity_Through_Real-Time_Distributed_Control_Systems.pdf
ISO/IEC 27108 Privacy Standard and Microsoft Support
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=61498
http://blogs.microsoft.com/on-the-issues/2015/02/16/microsoft-adopts-first-international-cloud-privacy-standard/
Surveillance through IoT
http://www.theregister.co.uk/2016/02/09/clapper_says_iot_good_for_intel/
Nanotechnology, Ubiquitous Computing and the IoT - Challenges to the Rights of Privacy and Data Protection for Council of Europe
https://www.coe.int/t/dghl/standardsetting/dataprotection/Reports/Miller%20Kearnes%20-%20Nano%20privacy%20Draft%20report%20%2017%2005%202013.pdf
NIST supported research on IoT Security for Homes and Transit Systems by Galois
https://galois.com/news/tozny-awarded-nist-grant-to-secure-iot-enabled-smart-homes-and-transit-systems/
Iot and Quantum Computing
https://www.linkedin.com/pulse/convergence-iot-quantum-computing-ahmed-banafa