lighting europe, brussels, 6.11.2018 ul it-security ... · – ddos: distributed denial of service...
Post on 03-Oct-2020
4 Views
Preview:
TRANSCRIPT
UL and the UL logo are trademarks of UL LLC © 2018. Proprietary & Confidential.
Lighting Europe, Brussels, 6.11.2018
UL IT-Security / Cybersecurity
Partnering for growth
Alexander W. Koehler, Dipl.Math, CISSP; BDM Cybersecurity, Neu-Isenburg
Lighting Goes “Smart” – Should We Care About Cybersecurity?
Alexander W. Koehler, Dipl.Math, CISSP, CCSK
Cybersecurity Business Development Manager
UL International Germany GmbH
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
Underwriters Laboratories
Underwriters Laboratories
• Founded in 1894
• Safety, security, quality, sustainability
• 143 countries
– German HQ: Neu-Isenburg (Frankfurt)– Cybersecurity lab for IoT, IIoT, Industry 4.0
• > 20 industries
• > 14,000 FTE– > 400 FTE in information security / cybersecurity
• UL SDO: >1600 standards
• IT-Security Systems House
– IT-security standards development
– IT-security technical specifications development
– IT-security research
– Consulting• Security architectures (design reviews)
• Security processes
– Software development (it-security, test tools)
– Training
– Testing• Pentesting
• Souce Code Analysis
– Certification• All relevant industry standards
– Leadership in IECEE CB certifications
– 5 cybersecurity labs w/w
– > 20 years IT-security / cybersecurity
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
Science and
global expertise
UL operates
in more than
143COUNTRIES
20
and across
more than
INDUSTRIES
UL’S SUSTAINABILITY CERTIFICATIONS are referenced in
sustainable product specifications or
purchasing guidelines around the globe 900+
UL HAS ENHANCED TRANSACTION SECURITY FOR:
500+ banks
20+ payment
schemes
60+ mobile network operators
50+ governments/
transport operators
UL SERVES
Fortune 500 companies
OUT OF 1 3
ORGANIZATIONS inOVER 10 INDUSTRIES
UL software is used by
10,000+
1,600standards defining safety,
security, quality and sustainability
UL has helped to set
MORE THAN
Current 2018 Locations
Certification
Industrial
Lighting IoT
Access Control & Video
Advisory OT Assessment
CHICAGO2015
FRANKFURT, GERMANY2018
Industrial
IoT
Automotive
Lighting
Access Control & Video
Smart Home
Building Automation
Factory Automation
Energy
Energy
SILICON VALLEY2017
LEIDEN, NETHERLANDS
2012
SUZHOU, CHINA2017
Medical
Medical
Lighting Goes “Smart” – Should We Care About Cybersecurity?
Alexander W. Koehler, Dipl.Math, CISSP, CCSK
Cybersecurity Business Development Manager
UL International Germany GmbH
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
Underwriters Laboratories
What Can Cybersecurity Do For Your Business ?
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
Bright Side: Cybersecurity Landscape
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
SMART CITIES
CRITICAL INFRASTRUCTURE
The world is becoming more connected
BUILDING AUTOMATION
& SECURITY
HEALTHCARE
30 BILLIONconnected devices by
2020
AUTOMOTIVE
FACTORY AUTOMATION
SMART HOME
(EMC 2015)
Lighting Systems And Cybersecurity 1
• Two classes of functionality• Light emitting devices with smart control
capabilites (on/off, brightness, color, sequenced)• Central management, usually cloud,
• Resilience, security, safety,
• Cross device communication: ZigBee, BT Mesh
• Light emitting devices with enhancedcapabilities, based on available energy, connectivity
• Sensors: microphones, cameras (pattern recognition)motion, chemical sensors, radar,
• Central management, usually cloud,
• Cross device communication: ZigBee, BT Mesh, 5G, etc.
• Resilience, security, safety: requirements dependon use case.
• „Smart“: added value or the primary added value?
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
Dark Side: Threats And Danger
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
10
>94,000
of companies think83%
CYBERATTACKS ARE ONE OF
THE 3 BIGGEST THREATS
KNOWN PUBLIC VULNERABILITIES
Security is not promised with IoT
(NIST NVD 9/8/17)
to their organization(ISACA, 2015, Global Cybersecurity Status Report);
Lighting Systems And Cybersecurity 2
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
• X percent of lighting devices will become „smart“.
• Amount of devices: y million.
• Revenues & profits generated by „smart“: € z million.
• „Smart“ business models.
• Needs to get protected to prevent malfunction
– Darkness, wrong guidance, wrong data from sensors, extracted data (motion profiles, confidential/privacy data),
• Cybersecurity: limitation or business enabler?
• Anything missing?
• Most important: Misuse of IoT devices
– DDoS: Distributed Denial of Service Attack
– DDoS as ultimate data processing power to attack major sites (German Telekom, Netflix, …)
– Mirai-based IoT botnet, DDoS, 21st October, 2016
– Telekom Germany 2017: turned down 800.000 connected devices
– Liabilities
Outsourcing
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
2 millionUNFILLED GLOBAL
CYBERSECURITY
POSITIONS BY 2019
(ISACA 2016)
Expertise is limited & in high demand
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
The Fundamental Process
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
The Fundamental Process
„Security is not a product, security is a process!“
Bruce Schneier, 2008
NIS Directive, „Cybersecurity Act“, ENISA
PROPOSAL FOR A REGULATION OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL on ENISA, the "EU
Cybersecurity Agency", and repealing Regulation (EU) 526/2013:
“Cybersecurity Act”
Establishment of European Cybersecurity Certification Framework
3 assurance levels,
certification schemes.
Granting permanent mandate to European Union Agency for Network
and Information Security (ENISA).
DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL of 6 July 2016
concerning measures for a high common level of security of
network and information systems across the Union.
Regulation Or Not – Cybersecurity Is Serious Stuff !
Impact of Security Issues
Critical Infrastructures
Electricity
Gas
Water
Financial Services
Cities
Medical operations
Transport
Supply chain
In case of, it does not matter who has done a bad job
Privacy violations
Reliability and sustainability -> Trust
Risk Management, Trust: core business of UL for > 125 years
Regulation Or Not – Cybersecurity Is Serious Stuff !
Self-declaration works for cybersecurity as it does already for product safety?
Wrong. It does not, sorry.
Why:
IoThings: The „Thing“ is something within the perimeter of competence of
the manufacturer or system integrator (machine, toy, …).
Cybersecurity is not (in most cases).
Compromised product safety is limited in doing harm to the product
(hairdryer), the operator (electrical shock) or the close environment (burn
down the house). Cybersecurity is not (always).
The solution:
Do it right: PDCA: Plan, Do, Check, Act.
Check: 3rd party testing, design review, certification.
Regulation Or Not – Cybersecurity Is Serious Stuff !
Self-declaration works for cybersecurity as it does already for product safety?
Dead wrong, it does not! Why:
IoThings: The „Thing“ is something within the perimeter of competence of
the manufacturer or system integrator (machine, toy, …).
Cybersecurity is not (in most cases).
Compromised product safety is limited in doing harm to the product
(hairdryer), the operator (electrical shock) or the close environment (burn
down the house). Cybersecurity is not (always).
The solution:
Do it right: PDCA: Plan, Do, Check, Act.
Check: 3rd party testing, design review, certification.
https://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-explained
Mirai-based IoT botnet, DDoS, 21st October, 2016
Questions?
Answers: alexander.koehler@ul.com
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
Lighting Goes “Smart” – Cybersecurity, a business opportunity.
Questions?
Answers: alexander.koehler@ul.com
UL International Germany GmbH UL and the UL logo are trademarks of UL
LLC © 2018
Lighting Goes “Smart” – Cybersecurity, a business opportunity.
top related