1 Big Data s Potential in Securing the Internet of Things SESSION ID: ANF-W02 James Kobielus IBM Big Data Evangelist
2 The emerging infrastructure of Smarter Planet Cloud Mobile Social Internet of Things
3 Some call this the Internet of Everything
4 So what exactly is the Internet of Things? Vision of a Smarter Planet where sensors, intelligence, and connectivity are embedded into every human artifact, every element of the natural world, and even every physical person. (IBM) A network of physical objects that contain embedded tech to communicate, sense, and interact with internal states or external environment (Gartner) Uniquely identifiable objects (things) and their virtual representations in an Internet-like structure. (Wikipedia) AKA: Machine to Machine (M2M) Internet, Sensor Internet, Ambient Internet, Industrial Internet, Pervasive Computing.
5 What s driving the Internet of Things? Proliferation of low cost, smaller, smarter, embeddable sensors, processors, actuators, and communications components Explosion of mobile devices Rollout of advanced wireless networks Today the connected devices market is dominated by mobile phones, but this will change in the future as a new wave of smartphones, tablets, consumer electronics and M2M devices connect everything from cars to health services and even entire cities GSMA (link) 5 Source: Internet of Things: A 2013 HorizonWatch Trend Report (BP Ready)
6 Current Internet of Things apps are industry-focused Industry sector Applications Automotive and transport Fleet tracking, consumer connected cars Security Consumer connected alarms, commercial connected alarms, consumer connected security sensors, commercial connected security sensors Healthcare Cardiovascular disease monitoring, other disease monitoring, body area networks Government Video surveillance devices, police patrol car first responder devices, paramedic first responder devices, fire fighter first responder devices Utilities Commercial electric meters, commercial water meters, commercial gas meters, residential utility meters Retail Point-of-sale terminals, vending machines Financial services ATMs Source: Analysis Mason, M2M device connections, revenue and ARPU: worldwide forecast , May 2012
7 Emerging Internet of Things apps in consumer world Smart vehicles Smart homes Smart schools Smartphones Smart wearables Smart healthcare
8 How big is the Internet of Things becoming? Approximately 10 billion devices are already permanently connected to the Internet today, with a further 50 billion to 60 billion devices attaching intermittently. These numbers are expected to rise to more than 200 billion by Source: Gartner Volumes: pervasive IoT links driving collection, analysis, transmission, and delivery of increasing volumes of IoT data. Velocities: real-time IoT links driving implementation of lowlatency connections to support continuous, streaming interactions among physical and digital entities Varieties: myriad IoT links driving implementation of standards to support fluid, flexible, contextual, robust, secure interactions among endpoints and infrastructures in diverse consumer, business, and other domains Throughout the Smarter Planet Connecting millions of locations, billions of people, and trillions of devices In real time, continuously, often with guaranteed end-to-end latencies With embedded analytic intelligence at endpoints and in the infrastructure Enterprise IT implications: storage, server/compute capacity, network capacity, connectivity, quality of service, security, etc.
9 Forecasts call for billions of connected things Smart Connected Devices To Reach 13.5 Billion in Harbor Research (link) Ericsson CEO Hans Vestberg estimates 50 billion devices will be connected to the Web by 2020 (link) John Gantz of IDC forecasts 15 billion devices will be communicating over the network by the year 2015 (link) 50 Billion Connections in 2020 Ericsson (from page 18 of 2010 annual report) Source: Internet of Things: A 2013 HorizonWatch Trend Report (BP Ready)
10 The Internet of Things soon will be everywhere Impact on Consumers Top Ten Applications Impact on Business - Industries Soiurce: Internet of Things: A 2013 HorizonWatch Trend Report (BP Ready) The Connected Life will be underpinned by seamless and pervasive connectivity between people and processes, enabling a wealth of valuable context-aware services to be delivered immediately and automatically. Individuals will enjoy personalised experiences whenever, wherever and for whatever they are required. GSMA (link) All of those instrumented and interconnected things are becoming intelligent. They are being linked to powerful new backend systems that can process all that data, and to advanced analytics capable of turning it into real insight, in real time. - IBM (link)
11 From a security perspective, is this Pandora s Box? Surround everybody everywhere with everything we ve got!!!!!!!!!
12 Is the Internet of Things too big, diverse, pervasive, and dynamic to secure comprehensively?
13 What s the problem? Securing everything everywhere forevermore is the ultimate pipe dream. But securing every "thing" is becoming a critical issue as we move into the IoT era. Security is critical to IoT's adoption. How vulnerable are we to security vulnerabilities and privacy violations from the IoT? Can we "trust" the sensors, actuators, rules engines, and other connected thingamabobs that we embed in every element of our existence?
14 How acute is the IoT security problem? Surge of new devices will usher in an unprecedented wave of security concerns. [Gigacom, Aug 2010] The Internet of Things has an impact on the security and privacy of the involved stakeholders Measures ensuring the architecture's resilience to attacks, data authentication, access control and client privacy need to be established. An adequate legal framework must take the underlying technology into account and would best be established by an international legislator, which is supplemented by the private sector. [Computer Law & Security Review, Jan 2010] (emphases added)
15 Does the general public feel exposed to IoT? In the post-snowden age, many people are not reassured by statements such as this from former CIA director David Petraeus, who was discussing the surveillance potential of IoT-equipped "smart homes": "Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters all connected to the next-generation internet using abundant, low-cost, and high-power computing, the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing. Source:http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/
16 How does IoT complicate the security pro s life? So far, nobody has a comprehensive vision for how--or even if--the human race will be able to manage end-to-end security in the coming IoT world. The security devil is always in the details of the attack and the IoT is an endless proliferation of details. Every new "thing"--sensor, actuator, data source, data consumer, routing intermediary, etc--is a new security-relevant detail that stirs up a wide range of collateral security issues. Every new networked IoT endpoint is a new potential attack vector or launching point that the baddies can exploit. 16
17 How does IoT complicate the security pro s life? (continued) Potentially, every time you plug in a new IoT-networked device that is infected with malware or simply open to unauthorized third-party exploitation, the vulnerabilities start. Someone somewhere might exploit the new access point to gain illicit access to sensitive assets, to damage software and data, and to wage distributed denial of service attacks. 17
18 Where do we start to address IoT security? In the past, IT security has been based on establishing secure boundaries and firewalls around internal IT systems. The IoT model is defined by extreme access to many different devices that collect and leverage vast amounts of data. The concept of controlled access is changing with the IoT model to one of controlled trust to enable the wide range of possible solutions. IoT implementations must effectively deal with authorization, authentication, access control, privacy, and trust requirements while not negatively impacting usability objectives. Source: IBM Academy of Technology, Themes White Paper, Internet of Things (April 2012)
19 Are there IoT security standards? Not yet Considering the ever-expanding diversity of IoT endpoints--in scale, features, deployments, etc.--the security standards should be framed in functional terms that are agnostic to underlying physical implementations of the things themselves.
20 Ongoing EU effort to define IoT security To holistically embed effective and efficient security and privacy mechanisms into IoT devices and the protocols and services they utilise.privacy and security are major concerns, in particular to EU citizen. An IoT-A will ensure that appropriate mechanisms are deeply embedded in the IoT architecture, covering the hardware of its devices, communication and interaction protocols and the information level. To implement this goal IoT-A will extensively investigate and take into account service privacy and IoT access security aspects throughout the architecture design activities dealing with service accommodation, indentification and IoT-A platform realisations. Source:
21 IoT security must be comprehensive, multi-level Source: IDC Worldwide Internet of Things (IoT) Forecast: Billions of Things, Trillions of Dollars (October 2013)
22 Overall IoT security reference framework IoT endpoints Do you trust the things themselves? IoT interactions IoT ecosystems Do you trust the things interactions with the world around them? Do you trust the things value chains in the physical and virtual world?
23 Securing IoT endpoints Everybody recognizes that the first line of IoT security must be built into the things themselves. At the very least, we should: rely on standardized IoT interfaces incorporate robust security and attack-protections safeguards in the development of IoT products; leverage widely vetted open security standards in IoT products; embed modular security-aware hardware and software designs in IoT products; and conduct independent review, auditing, and penetration testing of security in IoT products Implement policy-driven bulk IoT device provisioning, configuration, & security patching A big-data repository of thing identities, profiles, configurations, privileges, histories, and other metadata will prove essential for endpoint security.
24 Securing IoT interactions Security vulnerabilities are consequences of how IoT endpoints interact with users, local &remote applications, cloud &other infrastructures, and each other. At the very least, we should: Leverage identity, authentication, access control, message encryption, transport-level security, key exchange, digital signatures, de-identification, privacy, intrusion detection, alerting, auditing, monitoring, malware prevention, DDoS prevention, and other infrastructure services in IoT environments Use analytic and trend-analysis tools to identify threats across the entire IoT cloud under your purview. Monitor and log IoT security-relevant events Embed and continuously update analytics algorithms that detect various security issues, predictively pre-empt attacks, and automatically alert, escalate, and log all priority issues. Escalate exceptional, unprecedented, and undiagnosed IoT issues to human security analysts for further investigation. A big-data security incident & event management repository will be the foundation for logging IoT events for predictive, real-time, & historical analysis.
25 Securing IoT ecosystems Security vulnerabilities may introduced anywhere in the constellation of solution providers, service businesses, certification authorities, and others who build, deploy, test, manage, and vouch for the endpoints and infrastructures. At the very least, we must: Assemble the compliance, legal, contractual, trust, reputation, governance, operational, and risk management frameworks to handle the interlocking responsibilities of all these parties for ensuring end-to-end IoT security. Inspect, certify, vet, monitor, and audit the suppliers of IoT components and life-cycle services for conformance to generally accepted IoT security practices Implement strong authentication, permission management, content encryption, tamperproofing, and other technical safeguards to prevent unauthorized parties in the value chain from gaining access to sensitive data A big-data ecosystem registry will facilitate tracking of all value-chain parties who touch security-sensitive things throughout their life cycles.
26 Summary Comprehensive IoT security is multilayered: device and application endpoints, middleware and infrastructures, vendor ecosystems. Fortunately, the IoT industry and security professionals are beginning to address these challenges on many fronts. As new IoT technologies take hold and new threats reveal themselves, the global security framework will grow more complex. Ongoing refinement of IoT security standards, practices, and tools will go on indefinitely.
Convergence of Social, Mobile and Cloud: 7 Steps to Ensure Success June, 2013 Contents Executive Overview...4 Business Innovation & Transformation...5 Roadmap for Social, Mobile and Cloud Solutions...7
THE PRESIDENT S NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COMMITTEE NSTAC Report to the President on the Internet of Things November 19, 2014 TABLE OF CONTENTS EXECUTIVE SUMMARY... ES-1 1.0 INTRODUCTION...
ISSN 1868-9558 JOURNAL ISSUE 22 // JULY 2014» PAGE 4 Big Data security by Rohde & Schwarz» PAGE 16 Wearables Smart protocols for smart technology by Rutronik The role of Big Data & Data Security in M2M
WHITE PAPER Cybersecurity in Modern Critical Infrastructure Environments SECURE-ICS Be in Control Securing Industrial Automation & Control Systems This document is part of CGI s SECURE-ICS family of cyber
The Internet of Things, big data and the cloud: implications for privacy and trust Russell Craig National Technology Officer, Microsoft NZ email@example.com What are we going to talk about? What
The Future of Mobile Enterprise Security Gearing Up for Ubiquitous Computing August 2014 795 Folsom Street, 1 st Floor San Francisco, CA 94107 Tel.: 415.685.3392 Fax: 415.373.3892 Contents Introduction...
Internet of Things Next-Generation Business and the Internet of Things Opportunities and Challenges Created by a Connected and Real-Time World Table of Contents 3 The Internet of Things Is Redefining Enterprise
Mobile Device Security Information for IT Managers July 2012 Disclaimer: This paper is intended as a general guide only. To the extent permitted by law, the Australian Government makes no representations
12 The Internet of Things (IOT) 12.1 Moving toward a Smarter Internet Imagine a world where billions of objects can sense, communicate and share information, all interconnected over public or private Internet
White Paper The Internet of Things: A CISO and Network Security Perspective By Jon Oltsik, Senior Principal Analyst October 2014 This ESG White Paper was commissioned by Cisco Systems and is distributed
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
Three guiding principles to improve data security and compliance Sarah Cucuz firstname.lastname@example.org IBM Software October 2012 Thought Leadership White Paper Three guiding principles to improve data security
Enabling Big Data by Removing Security and Compliance Barriers A SANS Survey Written by Barbara Filkins Advisor: John Pescatore April 2015 Sponsored by Cloudera 2015 SANS Institute Executive Summary Stage
Securing Microsoft s Cloud Infrastructure This paper introduces the reader to the Online Services Security and Compliance team, a part of the Global Foundation Services division who manages security for
2014 www.tmforum.org GEO- $245 USD / free to TM Forum members ANALYTICS QUICK INSIGHTS ADDING VALUE TO BIG DATA Sponsored by: Report prepared for Kathleen Mitchell of TM Forum. No unauthorised sharing.
ericsson white paper 284 23-3149 Uen February 2011 more than 50 billion connected devices More than 50 billion connected devices taking connected devices to mass market and profitability Everything that
SOFTWARE ENGINEERING Key Enabler for Innovation NESSI White Paper Networked European Software and Services Initiative July 2014 Executive Summary Economy and industry is experiencing a transformation towards
Enterprise Mobility 2nd Edition by Carolyn Fitton, Tom Badgett, and Corey Sandler Enterprise Mobility For Dummies, 2nd Edition Published by: John Wiley & Sons Canada, Ltd. 6045 Freemont Blvd. Mississauga,
NESSI White Paper, December 2012 Big Data A New World of Opportunities Contents 1. Executive Summary... 3 2. Introduction... 4 2.1. Political context... 4 2.2. Research and Big Data... 5 2.3. Purpose of
Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies October 2009 DISCLAIMER This report was prepared as an account of work sponsored by an agency of
Cyber Security Strategy MINISTER S FOREWORD Australians have been quick to embrace the Internet in their lives and businesses. For most of us it is now part of our daily routine for talking to our friends
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
White Paper Secure Network Access for Personal Mobile Devices What You Will Learn People around the globe are enamored with their smartphones and tablet computers, and they feel strongly that they should
EUROPEAN COMMISSION Brussels, 2.7.2014 COM(2014) 442 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE
Best Practices for Cloud-Based Information Governance Autonomy White Paper Index Introduction 1 Evaluating Cloud Deployment 1 Public versus Private Clouds 2 Better Management of Resources 2 Overall Cloud
Checklist to Assess Security in IT Contracts Federal Agencies that outsource or contract IT services or solutions must determine if security is adequate in existing and new contracts. Executive Summary