M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC



Similar documents
Machine-to-Machine Technologies

ETSI M2M / onem2m and the need for semantics. Joerg Swetina (NEC) (joerg.swetina@neclab.eu)

MACHINE TO MACHINE COMMUNICATIONS. ETSI TC M2M Overview June 2011

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

Main Research Gaps in Cyber Security

ISO/IEC JTC 1/WG 10 Working Group on Internet of Things. Sangkeun YOO, Convenor

Management and Provisioning of M2M Devices and Applications

ITU WORK ON INTERNET OF THINGS

Security testing the Internet-of-things

Attacking the roadblocks preventing aggressive adoption of Cloud Standards:

How To Create An Internet Of Things (Iot) Platform For A Smartwatch And Other Devices

Achievements and ongoing work in the ITU-T standardization of the Internet of Things

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

SMART IoT PROTOCOLS. Creating the Living Network. Chonggang Wang Innovation Lab, InterDigital Communications. December 8, 2014

Reduce Cost and Complexity of M2M and IoT Solutions via Embedded IP and Application Layer Interoperability for Smart Objects

Securing Smart City Platforms IoT, M2M, Cloud and Big Data

How To Protect Your Network From Attack

COSC 472 Network Security

Bellevue University Cybersecurity Programs & Courses

Guiding principles for security in a networked society

Smart Cities are the Internet of Things

Cybersecurity informa1on security exchange framework (CYBEX): importance and current developments

ZigBee IP Stack Overview Don Sturek Pacific Gas and Electric (PG&E) 2009 ZigBee Alliance. All rights reserved. 1

M2M Standardization and its perspectives

Disrup've Innova'ons Track

Key requirements for Interoperable IoT systems

M2M and the IT Infrastructure

Secure Machine to Machine Communication on the example of Smart Grids

INTERNATIONAL TELECOMMUNICATION UNION

Building an Effec.ve Cloud Security Program

External Supplier Control Requirements

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

The Internet of ANYthing

Network Security Administrator

RIOT CONTROL The Art of Managing Risk for Internet of Things

Introduc)on to the IoT- A methodology

UPnP Internet of Things

M2M Technology: Challenges and Opportunities

Secure, Efficient, and Open Standard Internet of Things

Capabilities for Cybersecurity Resilience

Preface Introduction

Machine-to-Machine Communication (M2M) Devices, Networks, and Applications (DNA)

Smart Grid Information Security

Threat Intel Fail. The eroding threat intelligence landscape in the age of Internet of Things (IoT)

Cloud Standards - A Telco Perspective

This is a preview - click here to buy the full publication

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Introduction to Security

Computer Security Incident Handling Detec6on and Analysis

Huawei Technologies ERC Position Statement: Towards a Future Internet Public Private Partnership

GSM v. CDMA: Technical Comparison of M2M Technologies

Cloud Security & Standardization. Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

How Do You Secure An Environment Without a Perimeter?

ITU-T Security Standard Activities

Cloud Computing Standards: Overview and ITU-T positioning

future data and infrastructure

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

A Scenario of Machine-to-Machine (M2M) Health Care Service

MAX DOLGICER THE INTERNET OF THINGS NAVIGATING THE FUTURE OF INFORMATION TECHNOLOGY

Securing the Interconnect Signaling Network Security

Future Directions for Internet of Things Work

Embedded Java & Secure Element for high security in IoT systems

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Device Management for Internet of Things Constrained Devices OMA Lightweight M2M. Duncan Purves Connect2 Systems

Enterprise Cybersecurity: Building an Effective Defense

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD

M2M/IoT standards in ETSI and onem2m

Security Controls What Works. Southside Virginia Community College: Security Awareness

Attachment A. Identification of Risks/Cybersecurity Governance

Dr. György Kálmán

Security issues in Voice over IP: A Review

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

Cloud Computing Governance & Security. Security Risks in the Cloud

AWS Security & Compliance

Pilvipalveluiden tietoturvan standardisointi

How To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook

Transcription:

M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security Mihai Voicu CIO/CSO ILS Technology LLC

Topics 1 What is the role of standardization in security for M2M solutions? 2 How are TIA and other M2M standards bodies addressing the issue today? 3 What can we expect relative to Cyber Security as standards are defined and adopted? 2013 ILS Technology LLC 2

Enabling Smart Services through Secure Remote Access, Monitoring and Connectivity 2013 ILS Technology LLC 3 3

2013 ILS Technology LLC 4 4

Who am I? Chief Information / Security Officer @ ILS Technology LLC CISM/CRISC/CEH certifications Responsible for the infrastructure and security of the securewise and devicewise M2M solutions. TIA TR-50 M2M Smart Device Communication Engineering Committee Chair of the WG5 Capabilities Group Vice-Chair of the WG3 Security Group TIA Interview (http://tiaonline.org/standards_/videos.cfm?video=tr50_tsb4940) Editor of the WG2 Protocol Group Articles/Whitepapers devicewise M2M Application Framework Security White Paper (http://www.ilstechnology.com/resource-library/file/66-m2msecurity) Remote Access Management for IC makers (http://www.ilstechnology.com/resource-library/file/50-remote-access-management-for-ic-makers) Contacts: E: mvoicu@ilstechnology.com P:+1.561.214.4559 2013 ILS Technology LLC 5

What is the role of standardization in security for M2M solutions? 1 2013 ILS Technology LLC 6

Anything Anywhere to Any Application Fleet Tracking Industrial Machines Building Automa9on Smart Energy BIG data 2013 ILS Technology LLC 7

Space Definition 2013 ILS Technology LLC 8

Where is M2M / IoT today? by English ar5st William Hogarth which depicts a comic scene of a violinist driven to distrac5on by the cacophony outside his window 2013 ILS Technology LLC 9

Security Pillars 2013 ILS Technology LLC 10

M2M Components HW SW Data Hardware, sofware and data/informa5on main ingredients of M2M solu5ons 2013 ILS Technology LLC 11

How to protect the data? 2013 ILS Technology LLC 12

Security Areas for M2M Solutions Authorization and Authentication RBAC - Role-based Access Control Data Validation Session Management Data Integrity and Confidentiality Auditing and Monitoring Trusted Environment 2013 ILS Technology LLC 13

Architecture Incorporate security features / capabili5es into the architecture as early as possible 2013 ILS Technology LLC 14

Device(s) Inden5fy en55es, interconnec5vity protocols and deployment/implementa5on should be considered by any M2M standards organiza5ons 2013 ILS Technology LLC 15

CIA To fulfill the security pillars, standards should be able to deal with authen5ca5on, authoriza5on, accountability, encryp5on and/or privacy. 2013 ILS Technology LLC 16

How are TIA and other M2M standards bodies addressing the issue today? 2 2013 ILS Technology LLC 17

GSC- MSTF 160 organiza5ons ac5vely interested in M2M 2013 ILS Technology LLC 18

IUT-T NGN CEN Smart Metering ISO/IEC JTC1 UWSN CENELEC Smart Metering ESMIG Metering HGI Home Gateway Initiative W3C IPSO IPV6 Hardware and Protocols OMA ISO ZCL OASIS NIST IETF ROLL Routing over Low Power Lossy Networks ZigBee Alliance. ZB Application Profiles IETF 6LowPAN Phy-Mac Over IPV6 3GPP SA1, SA3,, GSMA SCAG, IEEE 802.xx.x W-Mbus WOSA KNX EPCGlobal GS1 Utilities Metering OPC Industry based standards organiza5ons are very ac5ve on their ver5cals 2013 ILS Technology LLC 19

M2M Market and Standards Organizations USA - Telecommunications Industry Association (TIA) http://www.tiaonline.org/all-standards/committees/tr-50 Switzerland - ITU http://www.itu.int/en/itu-t/focusgroups/m2m/pages/default.aspx USA Eclipse Foundation http://www.eclipse.org/org/industry-workgroups/m2miwg_charter.php EU - European Telecommunications Standards Institute (ETSI) http://portal.etsi.org/m2m USA - ATIS - Alliance for Telecommunications Industry Solutions http://www.atis.org/m2m/index.asp JAPAN - Association of Radio Industries and Businesses (ARIB) CHINA - China Communications Standards Association (CCSA) JAPAN - Telecommunication Technology Committee (TTC) South KOREA - Telecommunications Technology Association (TTA) USA - IEEE - http://grouper.ieee.org/groups/802/16/m2m/index.html USA NIST www.nist.gov 2013 ILS Technology LLC 20

WG1 Architecture Conformance and Tes5ng WG6 WG2 Protocol TR-50 Capabili5es WG5 WG3 Security WG4 Informa5on Models and Standard Objects 2013 ILS Technology LLC 21

Technical Committee Machine-to-Machine communications WG1 - Requirements & Use Cases WG2 Functional Architecture WG3 Protocols WG4 Security TR 102 167 Threat analysis & counter measures to M2M service layer WG5 Management Working Groups: WG1 - Requirements WG2 Architecture WG3 Protocols WG4 Security WG5 Management, Abstraction and Semantics 2013 ILS Technology LLC 22

OMA Applica5on Layer Security Common Func5ons V1.1 M2M service layer: Requirements and architectural framework - M2M- O- 034 Machine to Machine (M2M) Communica5ons Technical Report - IEEE 802.16's Machine- to- Machine (M2M) Task Group MQTT - Protocol M2M & the Internet of Things (IoT) - ISO/IEC/IEEE P21451-1- 4 - first joint ISO/IEC/IEEE P21451-1- 4 XMPP Interface Standard and its built- in capabili5es against cyber- adack 2013 ILS Technology LLC 23

What can we expect relative to cybersecurity as standards are defined and adopted? 3 2013 ILS Technology LLC 24

Risks Increasing the complexity could introduce vulnerabilities and increase exposure to potential attackers Interconnected networks can introduce common vulnerabilities Increasing vulnerabilities to communication disruptions and the introduction of malicious software/ firmware or compromised hardware could result in denial of service (DoS) or other malicious attacks Increased number of entry points and paths are available for potential paths to exploit Interconnected systems can increase the amount of private information exposed and increase the risk when data is aggregated Increased use of new technologies can introduce new vulnerabilities Expansion of the amount of data that will be collected that can lead to the potential for compromise of data confidentiality, including the breach of customer privacy 2013 ILS Technology LLC 25

IT Cloud M2M Security Telco SW HW These sectors have exis5ng cyber security standards to address vulnerabili5es and assessment programs to iden5fy known vulnerabili5es in their systems 2013 ILS Technology LLC 26

Regulations Standards Cyber Security Preven5on, detec5on, response and recovery will determine what M2M solu5ons will need from standards and regula5ons 2013 ILS Technology LLC 27

Thank You! 2013 ILS Technology LLC 28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information