The Internet of Things (IoT) Opportunities and Risks



Similar documents
What is Really Needed to Secure the Internet of Things?

The Internet of Things (IoT)

How To Understand The Power Of The Internet Of Things

The Industrial Internet of Things. Overcoming Adoption Challenges to Release the Value Within IIoT

FWD. What the Internet of Things will mean for business

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Connecting things. Creating possibilities. A point of view

Bring Your Own Device (BYOD) and Mobile Device Management

Bring Your Own Device (BYOD) and Mobile Device Management.

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Data Security Concerns for the Electric Grid

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

Security and the Internet of Things (IoT)

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

The Impact of the Internet of Things on Enterprises

PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS

Industrial Internet of Things - Transformation of Products to Services and new Business Models. Frank Schinzel Managing Director Accenture Digital

In the pursuit of becoming smart

Internet of Things: Consumerisation of Technology.

Bring Your Own Internet of Things: BYO IoT

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Wireless Security Strategies for ac and the Internet of Things

Security Issues with Integrated Smart Buildings

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Enterprise Application Enablement for the Internet of Things

External Supplier Control Requirements

Connected Intelligence and the 21 st Century Digital Enterprise

Why Encryption is Essential to the Safety of Your Business

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Managed Security Services for Data

Cyber Security Awareness. Internet Safety Intro.

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

HIPAA Security Alert

Westcon Presentation on Security Innovation, Opportunity, and Compromise

Affordable Building Automation System Enabled by the Internet of Things (IoT)

Transforming industries: energy and utilities. How the Internet of Things will transform the utilities industry

Summer projects for Dept. of IT students in the summer 2015

Internet threats: steps to security for your small business

The Internet of Things Risks and Challenges

Nuclear Security Requires Cyber Security

The Internet of Things: Opportunities & Challenges

Cyber Essentials Scheme

2012 Endpoint Security Best Practices Survey

Defending Against Data Beaches: Internal Controls for Cybersecurity

Innovative Security for an Accelerating World New Approaches for Chief Security Officers

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Common Cyber Threats. Common cyber threats include:

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

BEHIND OUR DIGITAL DOORS: CYBERSECURITY & THE CONNECTED HOME. Executive Summary

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

A New Approach to IoT Security

Leveraging the Internet of Things in Marketing

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Mobile Device Management for CFAES

IBM Security Strategy

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Security Defense Strategy Basics

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

WHITEPAPER BEST PRACTICES

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

PRIVATE NETWORK Take control of your network with Verizon Wireless Private Network and 4G LTE.

Mobile Devices Policy

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE

INTERNET OF THINGS: SCIENCE FICTION OR BUSINESS FACT?

Assuring Application Security: Deploying Code that Keeps Data Safe

Don t Let A Security Breach Put You Out of Business

Information Blue Valley Schools FEBRUARY 2015

PCI DSS Requirements - Security Controls and Processes

A ZK Research Whitepaper. November e t. It s INTERNET OF THINGS

Security and the Internet of Things

FINRA Publishes its 2015 Report on Cybersecurity Practices

Jort Kollerie SonicWALL

Cyber Security: Confronting the Threat

Information Technology Security Review April 16, 2012

Secure Data Transmission Solutions for the Management and Control of Big Data

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Securing the Internet of Things WHITEPAPER

Module 1: Facilitated e-learning

Microsoft s cybersecurity commitment

What Data? I m A Trucking Company!

Transcription:

Session No. 744 The Internet of Things (IoT) Opportunities and Risks David Loomis, CSP Risk Specialist Chubb Group of Insurance Companies Brian Wohnsiedler, CSP Risk Specialist Chubb Group of Insurance Companies Introduction With recent developments in connectivity, technologies have spurred the adoption of internetconnected smart devices for remote sensing, actuating, and intelligent monitoring using advanced analytics and real-time data processing, often referred to as the Internet of Things (IoT). The Internet of Things has the power to streamline our jobs, our lives, and ultimately save our company s and society money, but it also brings with it new operational exposures ranging from privacy to property protection. Gartner, Inc. estimates that the IOT, which excludes PCs, tablets and smartphones, will grow to 26 billion units installed in 2020 representing an almost 30- fold increase from 0.9 billion in 2009. 1 Stuxnet, a 500-kilobyte computer worm that infected at least 14 industrial sites in Iran, was the wakeup call for many on the potential vulnerabilities associated with connected technologies. However, recent incidents have demonstrated that vulnerabilities still exist, in a world that is more connected than it was in 2010. A German steel factory in 2014 experienced a cyber-attack initiated after system information was obtained as a result of spear phishing, resulting in numerous failures that led to the improper shutdown of a blast furnace, causing extensive property damage. Google s Sydney, Australia office building management system was successfully attacked by security firm Cylance, giving Cylance the ability to control all building. Consumer products, such as baby monitors, have frequently been the target of attacks, providing access to both voice and video to the cyber attacker. Risk management is a core business activity of all enterprises, large and small. Safety professionals are often directly responsible for operational risk management or are consulted on operational issues by senior management. Therefore, the modern safety professional must be educated on emerging hazards, the Internet of Things being foremost among them. The safety professional must be able to work with the business and IT to understand, assess, and manage the risks associated with the Internet of Things. 1 Stephen Prentice, The Five SMART Technologies to Watch, February 2014, www.gartner.com

Internet of Things Breadth and Depth The Internet of Things is more than just a buzz word; it is a transformative blending of technology,, sensors, connectivity and users. A common technical definition of the IoT is the networking of physical objects through the use of embedded sensors, actuators, and other devices that can collect or transmit information about the objects. The IoT system has the ability to amass data from these devices that can be analyzed to optimize products, services, and operations. One of the earliest and best-known applications of connected technology has occurred in energy optimization, with sensors deployed across the electricity grid to help utilities remotely monitor energy usage and adjust generation and distribution flows to account for peak times and downtimes. Today, the list of devices and that leverage the IoT is substantial and growing, to include: Connected Homes thermostats appliances HVAC lighting Security Wearables Fitness bands watches glasses Action cameras Fitness bands Industrial Systems Real time analytics Factory automation Robotics Supply Chain Efficiency Municipalities meter technology traffic lights parking meters Electric vehicle charging Real time analytics Transportation Medical Collision avoidance Vehicle diagnostics Information and navigation Fleet management Pill shaped micro-cameras Connected implantable devices Vital signs monitoring From consumers to industry to municipalities, connected devices and have become an necessity of modern society. A very useful way to further refine our thinking about IoT applications is to break them down into two broad categories, Information and Analysis and Automation and Control. 2 Under those broad categories, there are 3 subcategories that further refined the understanding of the application. 2 McKinsey Quarterly, The Internet of Things, March 2010, http://www.mckinsey.com/insights/high_tech_telecoms_internet/the_internet_of_things

Source: http://www.mckinsey.com The IoT holds great promise, and appears poised to transform our society, but caution is warranted as there are many potential security legal and societal pitfalls to consider. Internet of Things Risks A report was recently released by HP Research found substantial security and privacy concerns with IOT sensors and other devices. The findings included: Privacy concerns: Eight of the 10 devices tested collected and retained some personal data. Insufficient authorization: 80 percent of IoT devices tested, including their cloud and mobile components, failed to require passwords of sufficient complexity and length, with most devices allowing password such as 1234. Lack of transport encryption: 70 percent of IoT devices analyzed did not encrypt communications to the internet and local network. Insecure web interface: Six of the 10 devices evaluated raised security concerns. Inadequate software protection: 60 percent of devices did not use encryption when downloading software updates. System Security By definition, product and that leverage the IoT are connected, not just to their various components, but to the networks and IT infrastructure of their users. This connectivity very often provides a possible connection pathway that is outside the control of the user, either through the internet or through a vulnerable means of transmission such as wireless. Recent security failures, such as the German steel factory incident in 2010, highlight the complexity and urgency of security in an IoT world, as this incident included combined social engineering and security exploits.

Security, regardless of the complexity of the, comes down to the same basic fundamentals: Culture of Security You should expect imperfect users, but the user base can be improved and hardened through training and enforced security procedures. Assess the Risk Understand what sensitive data and are vulnerable and the consequences if the security of those is compromised. Evaluate the vulnerabilities in your system and the potential breach pathways. Defense in Depth Security measures should be implemented at multiple levels. Audit Utilize both internal and external resources to evaluate the adequacy of your system security. This could include intrusion detections, patch management, data flow analysis and external penetration testing. Product Design The Federal Trade Commission (FTC) recently released a booklet directed at manufacturers of connected consumer products, titled Careful Connections: Building Security in the Internet of Things. The fact that a federal government agency released this booklet should be considered a clear indication that there are widespread security problems with IoT devices, that the federal government is looking at regulations to address these problems, and that the legal community is also aware of the issues. There have been numerous documented IoT consumer product security failures, from BMW s remote entry system to Foscam s baby monitor. The FTC booklet provides solid general guidance worth repeating: Start with security fundamentals Design your product with authentication in mind Protect the interfaces between your product and other devices or services Consider how to limit permissions Test the security measures before launching your product Select the secure choice as your default setting Use your initial communications with customers to educate them about the safest use of your product Establish an effective approach for updating your security procedures Keep current on changing security environment. Privacy As the IoT exponentially expands the number of devices gathering, storing, transmitting and analyzing information about us, there is a predictable increased interest in the privacy issues surrounding the security, use and misuse of this data. meters store information on electricity usage, smart watches store and transmit personal health and fitness information and smart retail surveillance incorporate a facial recognition system to recognize and track shoppers, all creating data streams that could be used to violate the privacy of someone if not secured. The ubiquitous data collection and the unexpected use of consumer data has drawn the attention of the FTC, with the FTC suggesting the following: Security by Design Incorporate the security measures suggested in the FTC booklet Careful Connections: Building Security in the Internet of Things.

Data Minimization Collect only the data that is needed, and maintain strict protocols for deletion after use. In the era of big data and cheap data storage, it is likely that the opposite will occur. Notice and Choice for Unexpected Uses Provide the consumer the opportunity to limit the unexpected use of their data, for example selling smart meter information to a marketing firm. Privacy in the workplace can also present a challenge, as employees are both wearing smart devices by choice (Google glasses recording other employees) or are required to wear smart devices (badges with wireless sensors) for the purpose of improving efficiency and production. Human Resources and IT will need to develop new policies and procedures, in conjunction with legal, to address properly address the privacy concerns. Conclusion The Internet of Things (IoT) is impacting every aspect of our society, bringing with it improvements in life style, productivity, efficiency and situational awareness. The IoT also introduces new risks as connected and products are exposed to a host of cyber security threats. The safety professional, armed with a basic understanding of the IoT, is in a unique position to assist their company in understanding and evaluating the risks. Bibliography Federal Trade Commission (FTC), 2015. Careful Connections: Building Security in to the Internet of Things (http://www.ftc.gov/system/files/documents/plain-language/pdf0199- carefulconnections-buildingsecurityinternetofthings.pdf)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information