GIC@CeBIT 2017 – International Cyber Security Conference
Axel Deininger
20.03.2017
Scalable Security solutions to enable Cyber Security and to manage Digital Identities It’s all about managing identities
The digital transformation challenge –
Major increase in connected devices
2015
15bn
4.2
1.7
7.1
1.3
0.4
Business
Industrial
28bn
2021
1.5
14.2
1.8
8.6
1.4 Landline phones PC/Laptops/Tablets
Mobile phones
Non-cellular IoT
Cellular IoT
Source: Ericsson Mobility Report, June 2016
New security threats
New devices
New services and
use cases
New business models
Consumer
0 5 1 4 3
3 April 2017 G+D Mobile Security | EUROPEAN CYBER SECURITY CONFERENCE 2
The Internet of Things is a heterogeneous and complex world
Despite pricing and numbers – there is always a risk
1
10
100
1.000
10.000
100.000
1.000.000
10.000.000
100.000.000
Smart Sensor Wearable Smart Device Business
IoT
Health
Device
Public
IoT
Automotive
IoT
Industrial
IoT
IoT Device Value and Risk Taxonomy
Consumer IoT
Very high
High
Medium
Low
Very low Industrial IoT
Typical Business Risk
G+
D s
erv
ice
are
a
Co
st o
f d
evic
e in
EU
R
3 April 2017 G+D Mobile Security | EUROPEAN CYBER SECURITY CONFERENCE 3
Cyber attacks limit IoT adoption in the industry
Allianz Risk Barometer Top Business Risks 2016
• The figure of unreported cases is even bigger
• Many attacks are detected late or not at all
• The risk for Cyber-Attacks is growing fast, this requires
effective countermeasures or higher capital surplus
• Adversaries and attackers get more aggressive,
knowledgeable, organized and funded.
Cyber-Attacks against the industry
Malicious computer worm (stuxnet)
destroys a fifth of Iran’s nuclear
centrifuges
2010
Encrypted malware (ransomware)
found in German nuclear power
plant
2015
Hack attack causes massive
damage at German steel works
2014 Cyber attack on US power grid
causes “black out”
German hospital blackmailed after
“ransomware” based attack
Canadian biscuit factory
blackmailed
Cyber incidents 2014 12% (8)
2015 17% (5)
2016 28% (3)
2010 2014 2015
2016 2015 2015
3 April 2017 G+D Mobile Security | EUROPEAN CYBER SECURITY CONFERENCE 4
Managing billions of connected
digital identities today
100 million authentication cards protecting access for customers worldwide
+1.5 billion EMV cards provisioned over the past 5 years
660 million contactless and dual interface cards issued over the past 6 years
8 of the top 10 car manufacturers trust in G+D Mobile Security’s connected car solutions
>100 mobile payment solutions provided to leading financial institutions
+1 billion mobile devices managed globally
2.9 billion SIM cards managed in over 80 countries
#1 in eSIM management
Scalable IoT Security
for Enterprises and OEMs
Managed connectivity for
telecommunication industries
SECURING
MOBILE
LIFE
Digital Banking for financial institutions
3 April 2017 G+D Mobile Security | EUROPEAN CYBER SECURITY CONFERENCE 5
Common denominator in the IoT world: Identities
You can mange the IoT cyber security complexity by managing identities
At the core of IoT security
(regardless of industries) lies a secure basis for
a trustworthy identity
Digital banking for financial institutions – eWallets and wearable payment
Managed connectivity for mobile network operators – classical devices meet IoT
Onboarding
Verify identity for new users and
devices
Provisioning
Set up new services in the system
Management
Dynamic user, software, and policy updates
Discontinuation
Revoke access rights, keys and
certificates
Data exchange for privileged users
and devices
Usage
Enabling appealing value-added services for OEMs
Scalable security for the Internet of Things – industrial grade security
Automotive – Managing the road to digitization
3 April 2017 G+D Mobile Security | EUROPEAN CYBER SECURITY CONFERENCE 6
Success story: cyber secyourity for industrial IoT
Scalable security for the Internet of Things – industry grade
The key to managing industrial identities, workflows, Industry 4.0 connectivity and lifecycle lies in:
Secure Industrial Visibility building on secure devices, approved crypto and authentication mechanisms, M2M communication, integration of security features directly in the production area and a segmentation of critical areas connecting them over a secure platform.
IoT device and user ID assignment
ID card, device, OTP token, and policy
Confidential communication with IoT devices
CPS ID/policy management and
service hotline
ID revocation, CPS remote deactivation
0 5 1 4
3
Onboarding
Provisioning
Management
Discontinuation
Usage
3 April 2017 G+D Mobile Security | EUROPEAN CYBER SECURITY CONFERENCE 7
Success story: cyber secyourity for industrial IoT
Simplified view of a secure industrial IoT environment
High secure access
High secure connectivity
Anomaly Monitoring
Manufacturer independent Service
partner portal
“Anytime anywhere paradigm”
Security as a Service (SOC)
Authentication services
Security Lifecycle management
Production Cell
DMZ
Technical Service
Hotline
Machine
Management & Support
Service
Technician
SMART SECURITY by G+D SMART MACHINE
SMART PRODUCTION
Industrial Remote Management according BSI CS-108
Administration
Secure IIoT Cloud Security Portal
Integration
Security Service
Policy
Management
Anomaly
Detection
Access
3 April 2017 G+D Mobile Security | EUROPEAN CYBER SECURITY CONFERENCE 8
Success story: cyber secyourity for industrial IoT
G+D enables I4.0 with identity-based industrial grade security solutions
JUNIPER – Future Digital Award 2016
for G+Ds “Secure Industrial Visibility” solution in the category:
Emerging & Disruptive – Best Technology/Platform
3 April 2017 G+D Mobile Security | EUROPEAN CYBER SECURITY CONFERENCE 9
Thank you for
your attention!
G+D Mobile Security
© Giesecke & Devrient GmbH, 2017.
Subject to change without notice.
3 April 2017 G+D Mobile Security | Identity Journey 10
www.twitter.com/GI_DE_com
www.gi-de.com
www.linkedin.com/company/giesecke-&-devrient
www.gi-de.com/youtube