Internet of Energy Things IERC 2015
-
Upload
paul-malone -
Category
Technology
-
view
30 -
download
2
Transcript of Internet of Energy Things IERC 2015
![Page 1: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/1.jpg)
IERC Conference 2015
Paul Malone 13th May 2015
12/05/2015 www.tssg.org
![Page 2: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/2.jpg)
The internet of energy things will deliver a secure, cheap and
sustainable energy future
12/05/2015 www.tssg.org 2
![Page 3: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/3.jpg)
The internet of energy things will deliver a secure?, cheap and
sustainable energy future
14/05/2015 www.tssg.org 3
![Page 4: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/4.jpg)
• Increased attack surface
• Difficulty of patching devices
• Lack of data governance frameworks
12/05/2015 www.tssg.org 4
![Page 5: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/5.jpg)
Increased attack surface
12/05/2015 www.tssg.org 5
![Page 6: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/6.jpg)
12/05/2015 www.tssg.org 6
Source: Cisco
![Page 7: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/7.jpg)
2014 Verizon Data Breach Inves6ga6ons Report
12/05/2015 www.tssg.org 7
Source: Verizon
![Page 8: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/8.jpg)
The OWASP Internet of Things Top 10
1. Insecure Web Interface
2. Insufficient Authentication/Authorization 3. Insecure Network Services
4. Lack of Transport Encryption
5. Privacy Concerns
6. Insecure Cloud Interface
7. Insecure Mobile Interface 8. Insufficient Security Configurability
9. Insecure Software/Firmware
10. Poor Physical Security
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project
12/05/2015 www.tssg.org 8
![Page 9: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/9.jpg)
Difficulty of patching devices
12/05/2015 www.tssg.org 9
![Page 10: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/10.jpg)
HP Report 2014
“70 percent of the most commonly used Internet of
Things (IoT) devices contain vulnerabilities,
including password security, encryption and general
lack of granular user access permissions.”
“IoT devices averaged 25 vulnerabilities per
product, indicating expanding attack surface for
adversaries” 12/05/2015 www.tssg.org 10
![Page 11: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/11.jpg)
“The challenge is, you see all of these devices coming
online at a rapid clip, without robust security. … Trying to
apply a patch to a thermostat in the home is going to be
much more challenging.”
- Gary Davis, Intel Security
12/05/2015 www.tssg.org 11
![Page 12: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/12.jpg)
Foscam Baby Monitor
• Multiple vulnerabilities
• 100,000 cameras in the wild (easy to find)
• 20% default user “admin” no password
• Vendor generated a patch (for some of the
vulnerabilities)
• 99% of cameras still ran the older firmware
12/05/2015 www.tssg.org 12
![Page 13: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/13.jpg)
Lack of agreed Data Governance Frameworks
12/05/2015 www.tssg.org 13
![Page 14: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/14.jpg)
• Huge amounts of data
• Regulatory and compliance complexities
• Assurances with regard to PII
– Where is my data?
– Who has access?
• What assurances does the consumer have?
– How is my data being used?
• What is the value to me?
• What is the value to 3rd parties?
12/05/2015 www.tssg.org 14
![Page 15: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/15.jpg)
12/05/2015 www.tssg.org 15
What about Surveillance?
![Page 16: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/16.jpg)
“If privacy and confidentiality isn’t designed in up front, on
top of the security capabilities provided by the enabling
M2M infrastructure (including authentication, access
control, data protection), the benefits of the IoT cannot be
fully realized.”
- Tim Carey, Alcatel Lucent
12/05/2015 www.tssg.org 16
![Page 17: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/17.jpg)
The internet of energy things will deliver a secure, cheap and
sustainable energy future
14/05/2015 www.tssg.org 17
![Page 18: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/18.jpg)
The internet of energy things will deliver a secure, cheap and
sustainable energy future can
12/05/2015 www.tssg.org 18
![Page 19: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/19.jpg)
The internet of energy things will deliver a secure, cheap and
sustainable energy future can
14/05/2015 www.tssg.org 19
But only if security is addressed first!
![Page 20: Internet of Energy Things IERC 2015](https://reader033.fdocuments.us/reader033/viewer/2022042819/55ca254abb61eb9e068b46ab/html5/thumbnails/20.jpg)
“You cannot escape the responsibility of tomorrow by
evading it today.”
- Abraham Lincoln
12/05/2015 www.tssg.org 20