M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC

Transcription

1 M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security Mihai Voicu CIO/CSO ILS Technology LLC

2 Topics 1 What is the role of standardization in security for M2M solutions? 2 How are TIA and other M2M standards bodies addressing the issue today? 3 What can we expect relative to Cyber Security as standards are defined and adopted? 2013 ILS Technology LLC 2

3 Enabling Smart Services through Secure Remote Access, Monitoring and Connectivity 2013 ILS Technology LLC 3 3

4 2013 ILS Technology LLC 4 4

5 Who am I? Chief Information / Security ILS Technology LLC CISM/CRISC/CEH certifications Responsible for the infrastructure and security of the securewise and devicewise M2M solutions. TIA TR-50 M2M Smart Device Communication Engineering Committee Chair of the WG5 Capabilities Group Vice-Chair of the WG3 Security Group TIA Interview ( Editor of the WG2 Protocol Group Articles/Whitepapers devicewise M2M Application Framework Security White Paper ( Remote Access Management for IC makers ( Contacts: E: [email protected] P: ILS Technology LLC 5

6 What is the role of standardization in security for M2M solutions? ILS Technology LLC 6

7 Anything Anywhere to Any Application Fleet Tracking Industrial Machines Building Automa9on Smart Energy BIG data 2013 ILS Technology LLC 7

8 Space Definition 2013 ILS Technology LLC 8

9 Where is M2M / IoT today? by English ar5st William Hogarth which depicts a comic scene of a violinist driven to distrac5on by the cacophony outside his window 2013 ILS Technology LLC 9

10 Security Pillars 2013 ILS Technology LLC 10

11 M2M Components HW SW Data Hardware, sofware and data/informa5on main ingredients of M2M solu5ons 2013 ILS Technology LLC 11

12 How to protect the data? 2013 ILS Technology LLC 12

13 Security Areas for M2M Solutions Authorization and Authentication RBAC - Role-based Access Control Data Validation Session Management Data Integrity and Confidentiality Auditing and Monitoring Trusted Environment 2013 ILS Technology LLC 13

14 Architecture Incorporate security features / capabili5es into the architecture as early as possible 2013 ILS Technology LLC 14

15 Device(s) Inden5fy en55es, interconnec5vity protocols and deployment/implementa5on should be considered by any M2M standards organiza5ons 2013 ILS Technology LLC 15

16 CIA To fulfill the security pillars, standards should be able to deal with authen5ca5on, authoriza5on, accountability, encryp5on and/or privacy ILS Technology LLC 16

17 How are TIA and other M2M standards bodies addressing the issue today? ILS Technology LLC 17

18 GSC- MSTF 160 organiza5ons ac5vely interested in M2M 2013 ILS Technology LLC 18

19 IUT-T NGN CEN Smart Metering ISO/IEC JTC1 UWSN CENELEC Smart Metering ESMIG Metering HGI Home Gateway Initiative W3C IPSO IPV6 Hardware and Protocols OMA ISO ZCL OASIS NIST IETF ROLL Routing over Low Power Lossy Networks ZigBee Alliance. ZB Application Profiles IETF 6LowPAN Phy-Mac Over IPV6 3GPP SA1, SA3,, GSMA SCAG, IEEE 802.xx.x W-Mbus WOSA KNX EPCGlobal GS1 Utilities Metering OPC Industry based standards organiza5ons are very ac5ve on their ver5cals 2013 ILS Technology LLC 19

20 M2M Market and Standards Organizations USA - Telecommunications Industry Association (TIA) Switzerland - ITU USA Eclipse Foundation EU - European Telecommunications Standards Institute (ETSI) USA - ATIS - Alliance for Telecommunications Industry Solutions JAPAN - Association of Radio Industries and Businesses (ARIB) CHINA - China Communications Standards Association (CCSA) JAPAN - Telecommunication Technology Committee (TTC) South KOREA - Telecommunications Technology Association (TTA) USA - IEEE - USA NIST ILS Technology LLC 20

21 WG1 Architecture Conformance and Tes5ng WG6 WG2 Protocol TR-50 Capabili5es WG5 WG3 Security WG4 Informa5on Models and Standard Objects 2013 ILS Technology LLC 21

22 Technical Committee Machine-to-Machine communications WG1 - Requirements & Use Cases WG2 Functional Architecture WG3 Protocols WG4 Security TR Threat analysis & counter measures to M2M service layer WG5 Management Working Groups: WG1 - Requirements WG2 Architecture WG3 Protocols WG4 Security WG5 Management, Abstraction and Semantics 2013 ILS Technology LLC 22

23 OMA Applica5on Layer Security Common Func5ons V1.1 M2M service layer: Requirements and architectural framework - M2M- O- 034 Machine to Machine (M2M) Communica5ons Technical Report - IEEE 's Machine- to- Machine (M2M) Task Group MQTT - Protocol M2M & the Internet of Things (IoT) - ISO/IEC/IEEE P first joint ISO/IEC/IEEE P XMPP Interface Standard and its built- in capabili5es against cyber- adack 2013 ILS Technology LLC 23

24 What can we expect relative to cybersecurity as standards are defined and adopted? ILS Technology LLC 24

25 Risks Increasing the complexity could introduce vulnerabilities and increase exposure to potential attackers Interconnected networks can introduce common vulnerabilities Increasing vulnerabilities to communication disruptions and the introduction of malicious software/ firmware or compromised hardware could result in denial of service (DoS) or other malicious attacks Increased number of entry points and paths are available for potential paths to exploit Interconnected systems can increase the amount of private information exposed and increase the risk when data is aggregated Increased use of new technologies can introduce new vulnerabilities Expansion of the amount of data that will be collected that can lead to the potential for compromise of data confidentiality, including the breach of customer privacy 2013 ILS Technology LLC 25

26 IT Cloud M2M Security Telco SW HW These sectors have exis5ng cyber security standards to address vulnerabili5es and assessment programs to iden5fy known vulnerabili5es in their systems 2013 ILS Technology LLC 26

27 Regulations Standards Cyber Security Preven5on, detec5on, response and recovery will determine what M2M solu5ons will need from standards and regula5ons 2013 ILS Technology LLC 27

28 Thank You! 2013 ILS Technology LLC 28