Conference2017

Securing The IoTsDr. Musfiq RahmanThompson Rivers University

Conference 2017

Roadmap

• Flavors of the Internet of Things• Benefits of IoT• Security challenges of IoT• Secure Architecture for IoT• Conclusion

2

Conference 2017

Flavor of the Internet of Things

3

Theclockchecksthetraintimesonlineand letsyousleep5minsmore

Inyourkitchen,ablinkinglight remindsyou,itstimetotakemedicine

Incaseyouforget,itsendsanemailtoyourdoctor

Conference 2017

Flavor of the Internet of Things

4

Onyourwayoutofthehouse,yourumbrellahandleislit up,whichmeansthatithascheckedthetoday’sweatherreport andpredictsrain.

Conference 2017

Flavor of the Internet of Things

5

Onthewaytostation,alargeLCDwithflashingdisplay“BUS23:ARRIVINGIN30SECS”

Conference 2017

Flavor of the Internet of Things

6

When you get to the train station, your phone checks you in automatically…

Your family also gets a text notification…

Conference 2017

Flavor of the Internet of Things

7

On your lunch break, run and track your runusing a pedometer in your shoes and a heart monitor in your wrist band…

Conference 2017

Flavor of the Internet of Things

8

Integrates with your online supermarket shopping accountto compare with how many calories you’ve eaten.

All the data is automatically uploaded to your sports tracking site

Conference 2017

What is IoT?

9

Physical Object+

Controller, Sensor, and Actuators

+Internet

=Internet of

Things

Conference 2017

IoT is Growing!

10

7.26.8 7.6

Rapid Adoption Rate of Digital Infrastructure:5X Faster Than Electricity and Telephony

50Billion

“Smart Objects”

50

2010 2015 2020

0

40

30

20

10

BIL

LIO

NS

OF

DEV

ICES

25

12.5

InflectionPoint

TIMELINE

Source: Cisco IBSG, 2011

World Population

Conference 2017 11

IoT Delivers Extraordinary Benefits

Conference 2017

Connected Train

12

PassengerSecurity

RouteOptimization

CriticalSensing

Conference 2017

Smart City

13

ConnectedTrafficSignals• ReduceCongestion• Improveemergency

servicesresponsetimes• Lowerfuelusage

ParkingandLighting• Increasedefficiency• Powerandcostsavings• Newrevenueopportunities

CityServices• Efficientservicedelivery• Increasedrevenues• Enhancedenvironmental

monitoring

Conference 2017

The Connected Car

14

WirelessRouters• Onlineentertainment• Mapping,dynamicre-

routing,safety,andsecurity

ConnectedSensors• Transform“data”to

“actionableintelligence”• Enableproactive

maintenance

UrbanConnectivity• Reducecongestion• Increaseefficiency

Conference 2017

…but it adds also adds complexity

15

••Smaller, more self-contained switches, routers••Operates in challenging environments

Connectivity tools be added to the platform

••Networked together, yet independent••Invisible, NOT owned or control by IT

Billions of “smart objects” share IT infrastructure

••Value from the data intelligence••Application provides a way to access intelligence

Applications are different

Conference 2017

What Comprises IoT Networks?

16

InformationTechnology

(IT)

OperationalTechnology

(OT)

SmartObjects

Conference 2017 17

The Flip Side: Major SecurityChallenges

Conference 2017

Iot expands security needs…

18

IoT SecurityIncreasedAttackSurface

ThreatDiversity

ImpactandRisk

Remediation

Protocols

ComplianceandRegulations

Conference 2017

What Can Go Wrong…

19

What can’t?

Billions of connected devicesSecure and insecure locationsSecurity may or may not be built in … Not owned or controlled by IT … but data flows through the network

Any node on your network can potentially provide access to the core

Conference 2017

Some Security Incidents

20

FirmFeedingSystemintheU.S.

HackersTakeControlofCars

IoT BotnetDDoSAttacks

*Src:http://www.zdnet.com/article/hackers-in-the-house-why-your-iot-devices-may-have-already-joined-a-botnet/https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/

Conference 2017 21

Delivering Security Across theExtended Network

Conference 2017

The Secure IoT Architecture

22

Services

Application Interfaces

Infrastructure Interfaces

New Business Models Partner Ecosystem

Applications

Smart Devices and Sensors

ApplicationPlatform

Infrastructure

Security

APPLICATION AND BUSINESS INNOVATION

DataIntegration BigData Analytics Control

SystemsApplicationIntegration

Network and Perimeter Security

Physical Security

Device-level Security /

Anti-tampering

Cloud-based Threat Analysis

/ Protection

End-to-End Data

Encryption

Services

Conference 2017

Conclusion: Securely Embrace IoT!

23

Newchallengesrequirenewthinking!

avoid operational siloes

networking and convergence are key

a sound security solution is integrated

throughout

build for the future

Securitymustbepervasive

inside and outside the network

device- and data-agnostic

proactive and intelligent

Intelligence,notdata

convergence, plus analytics

speed is essential for real-time decisions

Conference 2017

Thankyou!

24