Internet of Things and new security challenges for the IT industry

670 views

Published on

My presentation on Internet of Things and new security challenges for the IT industry at Dansk IT annual conference on IT Security 6 February 2014

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
670
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Internet of Things and new security challenges for the IT industry

  1. 1. Internet of Things It-sikkerhed 2014 Copenhagen 5-6. February 2014
  2. 2. Agenda 1.  Introduction 2.  Protecting the PC 3.  Cloud security 4.  Internet of things 5.  New security risks  6.  Openness and transparency 7.  Legal responses 8.  Conclusions 9.  Debate Page 2 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  3. 3. 1. Introduction ●  Martin von Haller Grønbæk •  Partner, Bird & Bird •  Bird & Bird – only international law firm in Denmark •  Leading law firm on Cyber- and network security •  Former member of Danish IT Security Council •  "Open source advocate" Page 3 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  4. 4. 2. PC as the node in the network ●  PC revolution brought “power to the people” ●  And to businesses and government – small and large ●  Rise of the general purpose computer ●  Open for attack ●  Defence of the home front ●  Internet and the network effects ●  PC as the attacked and tool for the attacker Page 4 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  5. 5. 2. The birth of the IT Security industry ●  ●  ●  ●  ●  ●  ●  ●  ●  Critical mass market Large number of new customers Large losses looming Loss of data and downtime Inconvenience and lost productivity (and big corporate monetary losses) Malware Spam Date theft Page 5 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  6. 6. 2. “Thou Shall Protect Thyself” ●  Self-protection ●  Liability rests with the PC-user ●  Hardware and software comes with no warranties ●  No legal protection ●  Little market for “safe IT” among consumers ●  Large market for add-on IT security software ●  Large numbers of small payments makes big profits ●  Many small and large providers Page 6 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  7. 7. 3. New market conditions ●  ●  ●  ●  ●  ●  ●  ●  Cloud computing! No more local applications Computing takes places in the cloud Less asymmetric information Much fewer customers Dramatic shift in bargaining power And technical challenges! Goodbye, many small and large IT-security firms Page 7 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  8. 8. 3. Is the cloud more “secure”? ●  ●  ●  ●  ●  ●  ●  Fewer amateurs and more professionals Very specialized cloud service providers Cloud as “the fog” An “oligopoly” of Clouds User has even less bargaining power Very little control of data Very little contractual and legal protection Page 8 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  9. 9. 4. Internet of Things ●  ●  ●  ●  ●  ●  ●  Not everything is moving into the Cloud Moore Law Mobile devices Quantified self Health, Energy, Automotive etc. Nano Gartner: $1.9 trillion to the global economy by 2020 ●  Nest acquired for $3.2 billion in cash Page 9 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  10. 10. 4. The “true” Internet ●  ●  ●  ●  ●  ●  ●  The Internet today is asymmetric More download, less upload New medium for broadcasting The Internet is decentralized by nature Read/Write Social media: Blogs before Facebook Mesh or Grid computing Page 10 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  11. 11. 4. Towards the “real” Internet? ●  ●  ●  ●  ●  ●  ●  ●  ●  Free software vs. cloud computing (Cloud is based on open source software) Plug servers Every device = a server = a node = equal Cloud computing backlash New computing models Peer2Peer data and processor sharing Mesh or Grid computing Innovation! Page 11 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  12. 12. 5. Before Cloud computing revisited ●  ●  ●  ●  ●  ●  ●  ●  ●  Computing moves from cloud to devices Devicesn Processing Powern Internet enabled Always on AI or Autonomous Remotely accessed and controlled Who’s the user? Self-protection? Page 12 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  13. 13. 5. Same but bigger security risks ●  ●  ●  ●  ●  ●  ●  ●  ●  Bigger threats than PC Obvious network effects Inconvenience and lost productivity? Critical functions: Health, Auto etc. No checks on AI and automatic functions Life and death Systemic risks DDoS attacks “To Big to Fail” Page 13 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  14. 14. 5. Unsecure today! ●  ●  ●  ●  ●  ●  ●  ●  ●  Starting point: Very unsecure Devices are shamelessly unpatched No standards Little press attention Before tipping point But it’ll come! Industry initiatives AllSeen, OpenDaylight Open Auto Alliance, Genivi Page 14 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  15. 15. 6. Open and transparent ●  ●  ●  ●  ●  ●  ●  ●  ●  Most devices run on open source software “Closed” is not an option One platform: Linux Less diversity Economies of scale for malware Open access promotes discovery Open use lower barriers of entry for fixes Huge user advantages from open platforms Closed options where appropriate Page 15 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  16. 16. 7. Legislation ●  ●  ●  ●  ●  ●  ●  ●  ●  Starting point: No legislation Industry standards Contractual demands Open source security services Industry and device specific legislation Heath care Transportation Privacy Service provider, not “technology” Page 16 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  17. 17. 7. Liability ●  ●  ●  ●  ●  ●  ●  ●  ●  ●  Who assume the risk of loss? Who is the better at prevention? Consumer? Reversed burden of proof Strict liability Who should liable? Vendor, producer, provider? Don’t kill innovation! More disclosure of insecurity and breach Standards of “Good IoT IT security practices” Strict liability of certain types of devises Page 17 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  18. 18. 7. Conclusions ●  The IT security industry as we know it will change dramatically ●  Cloud computed will see a backlash ●  Internet of Things will increase number of Internet connected computers ●  Old type security threats will re-emerge with a vengeance ●  Solutions will be based on open source software ●  Maybe new legislation on disclosure and strict liability for certain devices ●  Invest your money in new IT security start-ups with IoT solutions! Page 18 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  19. 19. 8. Questions ●  And maybe some answers… Page 19 © Bird & Bird LLP 2014 Dansk IT – IT-Sikkerhed 2014 (6 February 2014)
  20. 20. Thank You Martin von Haller Grønbæk Mobile: +45 40 73 19 14 Email: Martin.vonhaller@twobirds.com Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses. Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address. twobirds.com

×