Dr. Shawn P. Murray, C|CISO, CISSP, CRISC

The Internet of Things New Challenges in Cyber Crime ISSA Cyber Focus Day - 25 March 2015

Agenda – Internet of Things (IoT) Defined – Emerging Technologies – 5-10 years – 10-20 years – Challenges

• Cyber Crime, Terrorism and Laws – Balancing Technology with Security – Cyber Security Professionals (short falls) – Questions/Open Discussion

Internet of Things Defined – The Internet of Things (IoT) is a scenario in which objects, animals or

people are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

– IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS) and the Internet.

– A thing, in the Internet of Things, can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low -- or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.

Source: http://whatis.techtarget.com/definition/Internet-of-Things

IoT & IoE

“The Internet of Things (IoT/IoE) is here today in the devices, sensors, cloud services and data your business uses. Begin with what matters most to your company: the Internet of Your Things. Making the seemingly impossible possible.” Microsoft

“The IoE is expanding our understanding and enriching our experiences. Our goal is to connect the remaining everything. And not just to connect, but to change everything for the better.” Cisco “The Internet of Things (IoT) has enormous potential to drive economic value and social change. But with 85% of things still unconnected and security threats pervasive, the industry has yet to tap IoT’s enormous potential.” Intel

We already have more devices that connect to the internet than we have people

IoT & IoE Google’s Person Finder, or a Facebook application – Could evolve into a system that, with permission,

• identifies all that information as connected, much like a digital private detective,

• piecing it together to come to conclusions on behalf of human “clients,” whether they be doctors, friends, or government agencies.

The implications are that your digital footprint would be used for positive things.

Source: http://techonomy.com/2013/04/everything-changes-with-the-internet-of-everything

Emerging Technologies – New Heartbeat Detector May Save Lives After

Disasters – Portable technology will help search and rescue

teams find people more quickly.

Source: http://news.nationalgeographic.com/news/2013/09/130925-heartbeat-finder-search-rescue-technology-science/

Researchers with the Jet Propulsion Laboratory (JPL) in Pasadena, California, have developed a device the size of a small carry-on bag that uses microwaves to detect human heartbeats in piles of rubble, which can bury people following natural disasters such as earthquakes.

Emerging Technologies – In 10-15 Years, it is predicted that there will be no

more life expectancy due to medical technology advances

– 3D Printing technology will allow doctors to print human body parts

– Holographic technologies and imbedded bio-transmitters will allow extended virtual environments where people can manage anything

– Solar technology will help power and integrate global communications in new ways

Emerging Technologies – Now & 5-10 years

• Traffic Management Systems • Parking Solutions – 30% of traffic congestion is caused

by people looking for a parking space

Solar Technology & Roadways • Will integrate communications • Provide power • Connect everything….

– New ISP capabilities even for rural areas

There will be 11.8 million driverless cars on the road by 2035 and nearly all American on-the-road vehicles will become driverless by 2050. Source: Inferse

– Emerging Technologies – 10-20 years

• Space Travel • Floating Cities

Space picture - the Virgin Galactic spacecraft SpaceShipTwo in flight Space Tourism by 2023? Innovative spacecraft may be ferrying tourists to and from space within the next decade.

From an underwater "oceanscraper" to floating apartments, these fantastical green building designs could be immune to sea level rise. Source: http://science.nationalgeographic.com/science/innovation/the-future/

– Challenges • Cyber Crime • Terrorism • Cyber Laws • Cyber Security • Cyber Security Professionals

– Hackers Can Take Over Cars and Drive Them With a Nintendo Controller

A pair of security experts demonstrated to the BBC that some ordinary models of cars can be overridden—despite whatever the driver is doing behind the wheel—using a laptop, some software, and an old Nintendo Entertainment System gamepad

Cyber Crime • Hacked fridge sends out malicious emails in unprecedented

cyber attack

Internet of Things cyber attack has shown, our appliances are being made to turn against us.

• According to the security firm Proofpoint, a number of so-called smart appliances were compromised what they're calling one of the first orchestrated Internet of Things cyber attacks.

• Appliances included in the attack included smart TVs, wireless speaker systems, connected multi-media centers, home-networking routers — and at least one refrigerator.

Cyber Crime Cyber crime: 1st online murder will happen by end of year, warns US firm The rapidly evolving Internet of Everything will leave us more vulnerable to cyber criminals, according to a worried Europol • Governments are ill-prepared to combat the looming threat of "online murder" as cyber criminals

exploit internet technology to target victims, the European policing agency warned. In its most alarming assessment of the physical danger posed by online crime, Europol said it expected a rise in "injury and possible deaths" caused by computer attacks on critical safety equipment.

• The concept is behind the likely development of smart homes, cars and even cities, but police warned that the failure to protect devices properly could see them open to being hacked by outsiders to make money or to attack opponents.

• The former US vice-president Dick Cheney – who has a long history of heart problems – revealed last year that the wireless function had been disabled on his implanted defibrillator because of concerns that outsiders could hack the network and provoke a heart attack.

Scammers May Use Paris Terrorist Attack to Solicit Fraudulent Donations Tue, 10 Feb 2015 Business E-mail Compromise Thu, 22 Jan 2015 University Employee Payroll Scam Tue, 13 Jan 2015 New Twist to the Telephone Tech Support Scam Thu, 13 Nov 2014

Sources: http://www.independent.co.uk/life-style/gadgets-and-tech/news/first-online-murder-will-happen-by-end-of-year-warns-us-firm-9774955.html

1.New Twist to the Telephone Tech Support ScamThu, 13 Nov 2014

Cyber Terror - 100 Military Personnel on ISIS 'kill list‘

ISISv"kill list" created by alleged sympathizers of the Islamic State group, according to reports.

The list, which was posted online and reported over the weekend, includes the identities of 100 pilots, airmen, sailors and commanders involved in the U.S.-led airstrikes against the group in Iraq and Syria, a Pentagon official told USA TODAY on Monday.

The group that posted the information identified itself as the Islamic State Hacking Division. Its list features the photographs of service members along with their names, rank and home addresses. That information, Warren said, was publicly available and did not come from a data breach.

In many cases, the troops' identities are on military web sites and social media pages.

(Photo: Getty Images)

Challenges - FBI • We are building our lives around our wired and wireless networks. The

question is, are we ready to work together to defend them? • The FBI certainly is. We lead the national effort to investigate high-tech

crimes, including cyber-based terrorism, espionage, computer intrusions, and major cyber fraud.

• To stay in front of current and emerging trends, we gather and share information and intelligence with public and private sector partners worldwide.

• Cases & Takedowns - Operation Ghost Click - Coreflood Botnet - 2,100 ATMs Hit at Once - Operation Phish Fry - Dark Market

Sources: http://www.fbi.gov/about-us/investigate/cyber

Balancing Technology with Security • Laws need to coincide with capabilities

• Holding developers accountable to specific standards • Tougher sentences for those that commit serious cyber crime • Ensuring consumers are using technologies securely

• Conveniences should not overcome security when the risk is to great.

• Assessment criteria needs to be established to establish security standards at an international level

• Connected devices should have various classifications • Encryption standards should be mandatory for classification of

devices

Cyber Security Professionals (short falls) • The numbers are startling: The U.S. Cyber Command seeks 5,000

cybersecurity pros. • Federal government needs 10,000 cybersecurity experts in the near future. • Department of Homeland Security's comparatively small yet urgent demand

for 600 new cybersecurity employees is dizzying once the logistics are considered.

• Talk to any recruiter in the Washington region and they will tell you cybersecurity jobs are among the most difficult for them to fill. Workers with the right skills are relatively hard to come by, and in a labor market dominated by the federal government and its contractors, they are in especially high demand.

• Companies, universities and government entities are all focused on finding ways to close the gap: Educational partnerships. Hackathon competitions. Internal corporate training programs. A regional task force

Source: http://fcw.com/articles/2013/10/15/cybersecurity-workforce-crisis.aspx Soufrce: http://www.washingtonpost.com/business/capitalbusiness/an-argument-that-the-shortage-of-cyber-workers-is-a-problem-that-will-solve-itself/2014/06/27/dbab364a-fe00-11e3-8176-f2c941cf35f1_story.html

Cyber Security Professionals - Reaping the Benefits Given that a significant portion of the up-and-coming workforce is less concerned about pay than other things, here's a list of some of the most outrageous and awesome benefits that some IT companies offer. The government probably can't match most of them, but a good federal job can mean a solid foothold in industry later, and plentiful cyber pros with broad experience can benefit both the public and private sectors. * Cisco Systems: An on-site health care center offers a full suite of medical services that include primary care, physical therapy, a pharmacy and more. Child-care services are also available. * Google: Well-known as the big kahuna of perks, Google offers free food, bocce courts, bowling alleys, gyms, an organic kitchen, on-site vehicle maintenance services and an indoor slide, among other benefits. * Microsoft: Employees enjoy generous paid maternity and paternity leave, with up to 10 weeks for new moms. The Redmond, Wash., headquarters has an organic spa on site, and mentoring programs are available as well. * Yahoo: Despite a recent ban on telework, employees still enjoy discounts at ski resorts and California theme parks, and up to 16 weeks of paid maternity leave and eight weeks of paid paternity leave. * Boeing: In addition to 12 paid holidays, employees also enjoy a winter recess between Christmas and New Year's Day. Source: http://fcw.com/articles/2013/10/15/cybersecurity-workforce-crisis.aspx

Cyber Security Professionals – Challenges • Professional Skills • Professional Attitude • Qualified

– IT experience first – Cyber security always

• Criminal and Background Checks • Certifications vs education • Mentorship

– Mentors – Professional Organizations – Peer accountability

References & Resources: Microsoft http://www.microsoft.com/en-us/server-cloud/internet-of-things.aspx#Fragment_Scenario1

Azure IoT suite will provide finished applications to speed deployment of common scenarios, such as remote monitoring, asset management and predictive maintenance, while providing the ability to grow and scale solutions to millions of “things.”

Cisco http://www.cisco.com/web/offers/iot-solutions/lopez-iot-whitepaper/index.html

The Internet of Things (IoT) is increasing the connectedness of people and things on a scale that once was unimaginable. Connected devices outnumber the world's population by 1.5 to 1.

Intel http://www.intel.com/content/www/us/en/internet-of-things/overview.html?cid=sem132p41890g-c&gclid=CjwKEAjwucmoBRDmysGsgbDr5j0SJAAxL9abqs1oZvWWs3ex4l_hM5Yv5bE2y5h6mQMaY7RRpBEkwhoCGAnw_wcB The Internet of Things (IoT) is taking shape. Intel helps connect things to the cloud, integrate with existing infrastructure, and securely manage data.

References & Resources:

More Resources - DOJ Computer Crime & Intellectual Property Section - National Strategy to Secure Cyberspace - Secret Service Electronic Crimes Task Forces - Stop.Think.Connect. Campaign

Questions? Open Discussion