security for the internet of things: a call to action
Post on 14-Jan-2017
152 Views
Preview:
TRANSCRIPT
Security Call to Action:Preparing for the Internet of Things
Copyright © 2015 Accenture All rights reserved. 2
The Internet of Things (IoT) is already hereMany industries are now using the IoT, which integrates people, data and intelligent machines—to introduce new products and services, boost customer relationships and improve operations.
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 3
The IoT extends an enterprise’s reach
• New applications, digital services and business models
• Cost savings from process automation
• Increased precision from software controls
• Informed decision making regarding physical assets
• Real-time process optimization
IoT technology is fundamentally changing how industries operate by making possible:
The IoT will transform organizations and countries alike, stimulating economic expansions, boosting competitiveness and increasing productivity and growth in industries worldwide.
#IoTSecurity
Real-time optimization
Improved asset utilization
Reasoning and taking complex action
Informed decision making by physical assets
Copyright © 2015 Accenture All rights reserved. 4
The IoT offers many industries significant new opportunities, but it also exposes them and their customers to a host of security issues:
For the IoT to succeed, organizations and consumers need to believe that its benefits outweigh its risks.
Today’s connected world presents new security issues
*World Economic Forum, in collaboration with Accenture, “Industrial Internet of Things: Unleashing the Potential of Connected Products and Services”
• Executives list cyber attack vulnerability as their most important IoT concern, followed closely by personal data breaches*
• Previously secure closed systems now offer remote access and control, potentially enabling hostile parties to take control of appliances, machines, finances and identities
• Press reports indicate hackers have already breached everything from major corporate databases to thousands of everyday consumer devices
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 5
What security issues do organizations face?
IoT-based services (such as medical devices, control systems and vehicles) require continuity and high availability
Operational security
Privacy
Digital identities
Software patching
Access management
Time services
Communication protocol diversity
Valuable data require protection
Many IoT devices lack human users who can install security updates
Diverse protocols for IoT devices complicate security
Many IoT devices depend on hard-coded access keys, making them vulnerable to attacks
In the absence of universal standards, each implementation requires unique approaches to managing authentication and access
Logging systems must identify events without relying on time-of-day data
Securing the IoT requires new ways of thinking that can defend the enterprise and its customers against attackers and privacy abuses.
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 6
Understanding the IoT threats that applications, networks and devices face
• Accessing passwords in plain text• Sending unencrypted confidential
information enables eavesdropping• Social engineering attacks that trick
users into revealing confidential information
Attacks on applications Attacks on networks Attacks on devices
• Exploiting vulnerabilities in protocols• Impersonating devices• Inserting rogue devices to gain
unauthorized network access• Accessing error information to identify
unmonitored information
• Targeting end-user devices like TVs and household appliances, or industrial infrastructure such as supervisory control and data acquisition (SCADA) systems
• Attacking devices that depend on hard-coded access keys
Exam
ples
Thre
ats
• Household heating and power units• Malicious software loaded on point-of-
sale terminals to steal credit card and payment information and cause financial, privacy and confidentiality issues
• Medical devices, such as insulin pumps and defibrillators with embedded web servers connected to the Internet or hospital networks
• Universal plug and play protocol vulnerability
• Industrial control systems (SCADA)• Smart meters• Medical devices• Traffic flow sensors• Connected vehicle control systems
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 7
Many industrial control systems employ highly intricate and precise mechanisms that automate complex industrial processes Malicious programming could alter control settings and cause catastrophic failure.
Exploring four security scenarios:
#1 Industrial control systems
Copyright © 2015 Accenture All rights reserved. 7
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 8
Attacks on connected cars can affect on-board diagnostics and other systems such as the anti-lock brakes.
Research firm IHS Automotive estimates that globally, 23 million cars are connected to the Internet in some capacity. By 2020 it expects that figure to rise to 152 million.
Exploring four security scenarios:
#2 Connected vehicles
Copyright © 2015 Accenture All rights reserved. 8
*McCarthy, Niall. “Connected Cars bye the Numbers [Infographic].” Jan 27, 2015. http://www.forbes.com/sites/niallmccarthy/2015/01/27/connected-cars-by-the-numbers-infographic/
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 9
Exploring four security scenarios:
#3 Unmanned aerial vehicles
Attacks on unmanned aerial vehicles (drones) could lead to intentional crashes or vehicle theft.
Copyright © 2015 Accenture All rights reserved. 9
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 10
The IoT has enabled the enterprise to connect with suppliers and customers intimately, providing retailers with more information about their consumers than ever – but what does this mean for consumer privacy?
Exploring four security scenarios:
#4 Connected retail
Copyright © 2015 Accenture All rights reserved. 10
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 11
Security call to action: Gauge security readiness
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 12
• Engineer trust into connected products—Apply secure-by-design principles to components
• Adopt a new operational mindset—Continuously monitor the IoT’s operational and security health
• Develop contextualized threat models—Incorporate key business goals, the underlying technical infrastructure, and potential threats that can disrupt the business into the models.
• Apply mobile and cyber-physical system (CPS) security lessons—Consider the lessons learned in mobile and CPS arenas
• Adopt privacy-by-design principles—Maintain access and authorization rights to data sets
• Track and use emerging standards—Understand emerging standards and consider joining standards bodies
• Continue to educate systems users—Improve recognition of and response to increasingly sophisticated attacks
Getting started on the path to increased IoT security
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 13
Share best security practices through a
global security commons
Broad IoT actions for stakeholders
Clarify and simplify data protection and
liability policies
Collaborate on long-term, strategic R&D to
solve security challenges
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 14
#IoTSecurity
www.accenture.com/securityIoT
Join the conversation
#IoTSecurity
Copyright © 2015 Accenture All rights reserved. 15
Contacts
#IoTSecurity
top related