The Challenges of Securing the Internet of Things (IoT) at Scale

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Challenges of Securing the Internet of Things (IoT) at Scale"

Transcription

1 The Challenges of Securing the Internet of Things (IoT) at Scale Ulf Lindqvist, Ph.D. Program Director, SRI International Chair, IEEE Computer Society s Technical Committee on Security and Privacy Vice Chair, IEEE Cybersecurity Initiative March 16, 2016

2 The Evolution of Connected Things

3 An Unprecedented Scale of Connected Devices By 2018, 10 billion connected devices with no keyboard, no mouse, small or no Screen

4 Today s Future Tech is Tomorrow s Legacy Smartphones Hardware lifetime: 2 years Very frequent interaction with human user Vulnerabilities are managed with frequent software updates IoT devices Hardware lifetime Implanted medical devices: 3-7 years Home appliances: 5-10 years Cars: 10 years Smart meters: >15 years Building sensors: >20 years Limited or no interaction with human user Lack of consistent updates leave devices vulnerable

5 Technology Management Challenges For Industrial Control Systems, we identified a cultural and organizational gap between OT and IT management For the Internet of Things, it can be unclear who is responsible for managing a deployed device The manufacturer The vendor The person/organization who deployed it The cloud/comms provider The user?

6 Security is About Separation Separate the good (authorized) from the bad (unauthorized) Types of separation Physical Logical Cryptographic BUT: Separation is counteracted by the trend to connect everything to everything else Image credit

7 What We Are Doing for IT Will Not Work for IoT Security for today s IT systems depends on Frequent patching Secure configuration Add-on security products Monitoring threat and vulnerability scanning Filtering firewalls, application whitelisting Authentication and access control How much of that can we do effectively and reliably for the distributed autonomous limited-resource devices that make up The Internet of Things?

8 The Time Is Now! IoT security and privacy is critical IoT directly impacts everyone all of the time from public infrastructure to personal wearables IoT security and privacy is especially challenging Developers and integrators lack the knowledge, experience, and standards to provide security and privacy Operating systems, software stacks, and development tools are less mature than web, enterprise, or mobile IoT devices have long life-cycles There is a small and rapidly closing window to grasp the opportunities of IoT in a way that maximizes security and minimizes risk NSTAC Report to the President on the Internet of Things, 2014

9 Safety Requires Security and Privacy Improved health and safety are the main drivers for connectivity and functionality in applications such as vehicles and medical devices BUT that trend also creates vulnerabilities When our health and safety depend on the correct function of an IoT system, security is essential Without security guarantees, there can be no safety guarantees because a compromise of security could manipulate or disable any function including safety-critical controls Privacy violations that let criminals learn the location, habits, or medical information about victims also constitute threats to safety

10 Focus: Help The Developers Make IoT Secure SRI s vision for its strategic initiative: Sustainably Trustworthy IoT Provide IoT developers and integrators with usable and effective tools and methods for building secure and maintainable IoT systems IEEE Cybersecurity Initiative cybersecurity.ieee.org Document: Avoiding the Top Ten Software Security Design Flaws Starting new conference on security for developers Early November 2016, in Boston, MA area See initiative website for updates

11 Immediate R&D Opportunities The U.S. Department of Homeland Security is providing funding for startup companies via Other Transaction Solicitation HSHQDC-16-R-00035, Securing the Internet of Things Detecting IoT Components and Connections Authenticating IoT Components Updating IoT Components SRI is looking for visiting students and researchers Menlo Park, California Arlington, Virginia (Washington DC) New York City

12 Thank You Headquarters 333 Ravenswood Avenue Menlo Park, CA Princeton, NJ 201 Washington Road Princeton, NJ Additional U.S. and international locations 12

Adap%ve Cybersecurity Technologies: Impact

Adap%ve Cybersecurity Technologies: Impact Adap%ve Cybersecurity Technologies: Impact Ulf Lindqvist, Ph.D. Program Director, Infrastructure Security Research Computer Science Laboratory SRI Interna%onal Presented at the Belfast 2013 Summit, March

More information

Driving IoT Adoption with Innovative IoT Cloud Management Ian Khan Manager of Innovation ikhan@solgenia.com

Driving IoT Adoption with Innovative IoT Cloud Management Ian Khan Manager of Innovation ikhan@solgenia.com Driving IoT Adoption with Innovative IoT Cloud Management Ian Khan Manager of Innovation ikhan@solgenia.com www.solgenia.com The State of IoT The State of Cloud Managing & Monetizing IoT The State of IoT

More information

GOVERNMENT AND THE INTERNET OF THINGS (IOT) FINDINGS AND RECOMMENDATION OF ATARC S INTERNET OF THINGS INNOVATION LAB NOVEMBER, 2015

GOVERNMENT AND THE INTERNET OF THINGS (IOT) FINDINGS AND RECOMMENDATION OF ATARC S INTERNET OF THINGS INNOVATION LAB NOVEMBER, 2015 GOVERNMENT AND THE INTERNET OF THINGS (IOT) FINDINGS AND RECOMMENDATION OF ATARC S INTERNET OF THINGS INNOVATION LAB NOVEMBER, 2015 IoT Innovation Lab Sponsors IoT 101 Defining the Internet s Next Big

More information

SECURITY IN THE INTERNET OF THINGS

SECURITY IN THE INTERNET OF THINGS Lessons from the Past for the Connected Future INNOVATORS START HERE. EXECUTIVE SUMMARY Although it has been with us in some form and under different names for many years, the Internet of Things (IoT)

More information

SECURITY IN THE INTERNET OF THINGS

SECURITY IN THE INTERNET OF THINGS The Intelligence in the Internet of Things SECURITY IN THE INTERNET OF THINGS Lessons from the Past for the Connected Future By AJ Shipley, Senior Director, Security Solutions, Wind River INNOVATORS START

More information

The Internet of Things Risks and Challenges

The Internet of Things Risks and Challenges The Internet of Things Risks and Challenges Providing the insight that enables our customers to make informed business decisions. Antony Price 03rd March 2015 Contents Internet of Things - The next threat

More information

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore Great Now We Have to Secure an Internet of Things John Pescatore SANS Director, Emerging Security Trends @John_Pescatore 1 What the Heck is That?? 2 Different Views of the Internet of Things 3 Different

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

Enterprise Application Enablement for the Internet of Things

Enterprise Application Enablement for the Internet of Things Enterprise Application Enablement for the Internet of Things Prof. Dr. Uwe Kubach VP Internet of Things Platform, P&I Technology, SAP SE Public Internet of Things (IoT) Trends 12 50 bn 40 50 % Devices

More information

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc. Cyber Security Presentation Ontario Energy Board Smart Grid Advisory Committee Doug Westlund CEO, N-Dimension Solutions Inc. October 1, 2013 Cyber Security Protection for Critical Infrastructure Assets

More information

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE MACHINE-TO-MACHINE ENABLE AND SECURE A CONNECTED LIFE DRIVEN BY GOVERNMENT REGULATIONS, COMPANY AND CONSUMER NEEDS, PRODUCTS ARE TRANSFORMED INTO INTELLIGENT,

More information

CDM Vulnerability Management (VUL) Capability

CDM Vulnerability Management (VUL) Capability CDM Vulnerability Management (VUL) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Vulnerability Management Continuous Diagnostics and Mitigation

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy

More information

Cybersecurity for Medical Devices

Cybersecurity for Medical Devices Cybersecurity for Medical Devices Suzanne O Shea Kathleen Rice January 29, 2015 Why Is This Important? Security Risks in the Sensors of Implantable Medical Devices Over the last year, we ve seen an uptick

More information

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows

More information

Before the DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Washington, DC 20230 ) ) ) ) )

Before the DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Washington, DC 20230 ) ) ) ) ) Before the DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Washington, DC 20230 In the Matter of Stakeholder Engagement on Cybersecurity in the Digital Ecosystem Docket

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Capabilities for Cybersecurity Resilience

Capabilities for Cybersecurity Resilience Capabilities for Cybersecurity Resilience In the Homeland Security Enterprise May 2012 DHS Cybersecurity Strategy A cyberspace that: Is Secure and Resilient Enables Innovation Protects Public Advances

More information

Management (CSM) Capability

Management (CSM) Capability CDM Configuration Settings Management (CSM) Capability Department of Homeland Security National Cyber Security Division Federal Network Security Network & Infrastructure Security Table of Contents 1 PURPOSE

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

Westcon Presentation on Security Innovation, Opportunity, and Compromise

Westcon Presentation on Security Innovation, Opportunity, and Compromise Westcon Presentation on Security Innovation, Opportunity, and Compromise Christian A. Christiansen Program Vice President IDC Security Products & Services What s Happening with Threats? 1.5B 80% 33% $1.3M

More information

The Evolving Internet of Things Market

The Evolving Internet of Things Market The Evolving Internet of Things Market Key Trends and Implications By Kevin Foley, Todd Bricker and Syed Raza The phrase Internet of Things (IoT) is firmly established in today s business lexicon but no

More information

Managing Vulnerabilities For PCI Compliance

Managing Vulnerabilities For PCI Compliance Managing Vulnerabilities For PCI Compliance Christopher S. Harper Vice President of Technical Services, Secure Enterprise Computing, Inc. June 2012 NOTE CONCERNING INTELLECTUAL PROPERTY AND SOLUTIONS OF

More information

IoT Security & Privacy

IoT Security & Privacy Page 1: IoT Security & Privacy Technical White Paper June 2015 Page 2: Table of Contents The IoT ecosystem 3 A gold rush 3 Two major issues need to be overcome: Usability and Security 4 A centralised IoT

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

Automotive Suppliers and Cybersecurity

Automotive Suppliers and Cybersecurity Automotive Suppliers and Cybersecurity OEMs sometimes specify their security requirements in an incomplete or vague way, but that certainly doesn t mean that Tier 1 automotive suppliers (Tier 1s) should

More information

Seven Macro Developments Reshaping Supply Chain Management DEVELOPMENTS AFFECTING THE THEORY AND PRACTICE OF SUPPLY CHAIN MANAGEMENT

Seven Macro Developments Reshaping Supply Chain Management DEVELOPMENTS AFFECTING THE THEORY AND PRACTICE OF SUPPLY CHAIN MANAGEMENT Seven Macro Developments Reshaping Supply Chain Management DEVELOPMENTS AFFECTING THE THEORY AND PRACTICE OF SUPPLY CHAIN MANAGEMENT Presenter Steven A. Melnyk Department of Supply Chain Management Eli

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

The Leading Provider of Identity Solutions and Services in the U.S.

The Leading Provider of Identity Solutions and Services in the U.S. THE IDENTITY COMPANY The Leading Provider of Identity Solutions and Services in the U.S. MorphoTrust USA MorphoTrust USA Our Value Uniquely Identifying Individuals: MorphoTrust is entrusted to ensure that

More information

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software

More information

Department of Homeland Security Office of Inspector General

Department of Homeland Security Office of Inspector General Department of Homeland Security Office of Inspector General Vulnerabilities Highlight the Need for More Effective Web Security Management (Redacted) OIG-09-101 September 2009 Office of Inspector General

More information

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5

More information

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers

More information

Security for the Internet of Things

Security for the Internet of Things Security for the Internet of Things Moderated by: Robin Duke-Woolley Founder & CEO Beecham Research Sponsored by: Syed Zaeem Hosain Chief Technology Officer Aeris 16 December 2016 Security for the Internet

More information

The Dangers of Consumer Grade File Sharing in a Compliance Driven World

The Dangers of Consumer Grade File Sharing in a Compliance Driven World The Dangers of Consumer Grade File Sharing in a Compliance Driven World Enterprise data access is spiraling out of control owncloud, Inc. 57 Bedford Street Suite 102 Lexington, MA 02420 United States www.owncloud.com/contact

More information

IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 MIKE.ZUSMAN@CARVESYSTEMS.COM

IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 MIKE.ZUSMAN@CARVESYSTEMS.COM IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 SECURITY IS A PROCESS, NOT A STATE CARVE SYSTEMS LLC MIKE.ZUSMAN@CARVESYSTEMS.COM Carve s Roots (tl;dr)

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013 SOFTWARE ASSET MANAGEMENT Continuous Monitoring September 16, 2013 Tim McBride National Cybersecurity Center of Excellence timothy.mcbride@nist.gov David Waltermire Information Technology Laboratory david.waltermire@nist.gov

More information

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything

More information

Verve Security Center

Verve Security Center Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution

More information

Cybersecurity Health Check At A Glance

Cybersecurity Health Check At A Glance This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

More information

Goals. Understanding security testing

Goals. Understanding security testing Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com Internet of Things (IoT): Security Awareness Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com So What is the Internet of Things Network of physical objects embedded with: Electronics, software, sensors

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Beyond Good Practice: Why HIPAA only addresses part of the data security problem

Beyond Good Practice: Why HIPAA only addresses part of the data security problem Beyond Good Practice: Why HIPAA only addresses part of the data security problem Jeff Collmann, Ph.D. ISIS Center, Georgetown University Medical Center Beyond Good Practice HIPAA: the difficulties of good

More information

Alliance AES Key Management

Alliance AES Key Management Alliance AES Key Management Solution Brief www.patownsend.com Patrick Townsend Security Solutions Criteria for selecting a key management solution for the System i Key Management is as important to your

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Symantec IT Management Suite 8.0

Symantec IT Management Suite 8.0 IT Flexibility. User Freedom. Data Sheet: Endpoint Management Overview of Symantec IT Management Suite Symantec IT Management Suite enables IT administrators to securely manage the entire lifecycle of

More information

The monsters under the bed are real... 2004 World Tour

The monsters under the bed are real... 2004 World Tour Web Hacking LIVE! The monsters under the bed are real... 2004 World Tour Agenda Wichita ISSA August 6 th, 2004 The Application Security Dilemma How Bad is it, Really? Overview of Application Architectures

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Firewall Administration and Management

Firewall Administration and Management Firewall Administration and Management Preventing unauthorised access and costly breaches G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Protects Systems and data... 2 Optimise firewall

More information

Airports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions

Airports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions Airports and their SCADA Systems Dr Leigh Armistead, CISSP Peregrine Technical Solutions What We May Face For an attack to be successful it only has to cause disruption not loss of life to a significant

More information

Connected Vehicles: New Directions and Opportunities. AASHTO Connected Vehicle Task Force December 3, 2014 Irvine, CA. Leidos. All rights reserved.

Connected Vehicles: New Directions and Opportunities. AASHTO Connected Vehicle Task Force December 3, 2014 Irvine, CA. Leidos. All rights reserved. Connected Vehicles: New Directions and Opportunities AASHTO Connected Vehicle Task Force December 3, 2014 Irvine, CA N A T I O N A L S E C U R I T Y E N G I N E E R I N G H E A L T H S O L U T I O N S

More information

Secure Mail Suite: Enterprise Security, Unparalleled Performance

Secure Mail Suite: Enterprise Security, Unparalleled Performance Enterprise Security, Unparalleled Performance The Guardian Digital Secure Mail Suite provides a hassle free and cost effective solution for all corporate email messaging needs. Integrated features provide

More information

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates

More information

PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS

PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS TABLE OF CONTENTS 2 EXECUTIVE SUMMARY 3 THE EMERGENCE OF THE INTERNET OF THINGS 4 SECURITY RISKS IN NETWORKED DEVICES 6 PKI S FOUNDATION OF STRONG

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

Participants: Introduction:

Participants: Introduction: National Conversation A Trusted Cyber Future Discussion Led by Dan Massey, CSD Program Manager Moderator: Joe Gersch (Secure 64) Department of Homeland Security Science and Technology Directorate (DHS

More information

Dr. György Kálmán gyorgy@mnemonic.no

Dr. György Kálmán gyorgy@mnemonic.no COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats

More information

Network Security in Building Networks

Network Security in Building Networks Network Security in Building Networks Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.if-is.net Content

More information

Software Inventory Management Greater Boston District

Software Inventory Management Greater Boston District Software Inventory Management Greater Boston District Audit Report Report Number IT-AR-15-007 July 13, 2015 Highlights Effective software management practices are not in place to adequately protect and

More information

Internet of Things... Let's Not Forget Security Please!

Internet of Things... Let's Not Forget Security Please! Internet of Things... Let's Not Forget Security Please! Distinguished Engineer Cisco @evyncke Eric Vyncke 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 2014 Cisco and/or its affiliates.

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public. Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM

More information

The Internet of Things (IoT) Opportunities and Risks

The Internet of Things (IoT) Opportunities and Risks Session No. 744 The Internet of Things (IoT) Opportunities and Risks David Loomis, CSP Risk Specialist Chubb Group of Insurance Companies Brian Wohnsiedler, CSP Risk Specialist Chubb Group of Insurance

More information

Security Information & Event Management (SIEM)

Security Information & Event Management (SIEM) Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting

More information

Facilitated Self-Evaluation v1.0

Facilitated Self-Evaluation v1.0 Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.

More information

CDM Hardware Asset Management (HWAM) Capability

CDM Hardware Asset Management (HWAM) Capability CDM Hardware Asset Management (HWAM) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Table of Contents 1 PURPOSE AND SCOPE... 2 2 THREAT

More information

Operating System Security

Operating System Security Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

SCOTT input. Focus in SCOTT

SCOTT input. Focus in SCOTT SCOTT input Focus in SCOTT 1 SCOTT - our comments! Use cases of interest (harmonisation)! technology blocks (which technologies do we need, and how can they concentrate)! Concepts (secure and distributed

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

N-Dimension Solutions Cyber Security for Utilities

N-Dimension Solutions Cyber Security for Utilities AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential

More information

Reducing the Threat Window

Reducing the Threat Window INFONETICS RESEARCH WHITE PAPER The Importance of Security Orchestration and Automation January 2015 695 Campbell Technology Parkway Suite 200 Campbell California 95008 t 408.583.0011 f 408.583.0031 www.infonetics.com

More information

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single

More information

Top virtualization security risks and how to prevent them

Top virtualization security risks and how to prevent them E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced

More information

Security for the Industrial Internet of Things

Security for the Industrial Internet of Things Accenture Labs Security for the Industrial Internet of Things Security framework for IT and OT optimizes security architecture and capabilities 2 The Industrial Internet of Things (IIoT) introduces various

More information

Network Access Control in Virtual Environments. Technical Note

Network Access Control in Virtual Environments. Technical Note Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved

More information

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07 EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014

More information

Protecting Legacy Host Systems with Enterprise Authentication and Authorization Technologies

Protecting Legacy Host Systems with Enterprise Authentication and Authorization Technologies Protecting Legacy Host Systems with Enterprise Authentication and Authorization Technologies WHITE PAPER Protecting Legacy Host Systems with Enterprise Authentication and Authorization Technologies Under

More information

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy. Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy. The number of Internet-connected smart devices is growing at a rapid pace. According to Gartner, the

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

OPEN SOURCE SECURITY

OPEN SOURCE SECURITY OPEN SOURCE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn 4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A 0 2 4 5 1 7 8 1. 8 1 0. 4 3 2 0 w w w. v i e w f i n i t y. c o m Viewfinity Privilege Management Integration with Microsoft System Center Configuration

More information

Gabriel Coimbra Research & Consulting Director IDC Portugal. Porto, 29 de Maio 2008. www.idc.com

Gabriel Coimbra Research & Consulting Director IDC Portugal. Porto, 29 de Maio 2008. www.idc.com IT Security Market Overview Gabriel Coimbra Research & Consulting Director IDC Portugal Porto, 29 de Maio 2008 www.idc.com Agenda Market context IT Security context CSO Agenda IT Security market Conclusion

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

SRA International Managed Information Systems Internal Audit Report

SRA International Managed Information Systems Internal Audit Report SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget How Companies Can Improve Website & Web Application Security Even with a Tight IT Budget Website and web application security is no longer a luxury it s a necessity. We live in the age of cyber warfare

More information

Security Software Engineering: Do it the right way

Security Software Engineering: Do it the right way Proceedings of the 6th WSEAS Int. Conf. on Software Engineering, Parallel and Distributed Systems, Corfu Island, Greece, February 16-19, 2007 19 Security Software Engineering: Do it the right way Ahmad

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

exceet Secure Solutions Smart & Secure Network From Vision to Reality

exceet Secure Solutions Smart & Secure Network From Vision to Reality exceet Secure Solutions Smart & Secure Network From Vision to Reality Agenda 1. About exceet 2. Entering the World of Smart Connected Products 3. exceet s Transformation Developing New Competencies 4.

More information