bringing intelligence into the cloudfiles.iccmedia.com/events/iotcon15/pdf/franz/15h00_wind.pdf ·...

Bringing Intelligenceinto the cloud

Michael Gaudlitz, Field Application Engineer

Agenda

IoT Drivers for IoT Cloud Security

2 | © 2015 Wind River. All Rights Reserved.

Agenda



Internet of Things IoT

provides a network of sensors and actuators attached to objects and communications devices provides data for analysis used to initiate automated actions (aka “smart”) generates intelligence for planning, management and

policy (business optimization)


PrivateClouds

Device DeviceSensor Sensor

INTERNETApp

Generic Network Topology for Connect Devices

LAN

GATEWAY Data Aggregation

Data Acquisition

“The Cloud”

App Data Representation

Sensor

Sensor

| © 2015 Wind River. All Rights Reserved.5

Wind RiverHelix Device Cloud

Wind RiverApplication Ready

Platform

App

Didn’t we already had this all?

What‘s new? Standards Communication stacks Mobile infrastructure API

Cloud access Improved interoperability Security awareness Business ideas



We are here

More Than 60% of Electronics Makers Say the Internet of Things is Already Impacting Their Business Models, According to VDC Research Survey

IoT Hype Curve

Agenda



The Two Business Interests Driving IoT Demand


Business Optimization Maximizing value of existing assets

and investments Introduction of new efficiencies Incremental shifts in OpEx

Business Transformation Access to new revenue streams Transitioning Business Models Positive shifts in value creation and

value capture


Airlines demand „power by the hour“ Profitable aftermarket not to be left to 3rd party vendors=> 50% of revenues from services

Example for Business Transformation

App Store for industrial applications Secure Cloud Platforms

„We will never allow that we are marginalized to a hardware vendor“

Peter Leibinger, Vice president Trumpf


New Revenue Streams

Agenda



Cloud offerings

Mostly IT driven Watch out for device management

capabilities: Alarms Secure software updates Secure remote maintenance Interoperability


Helix Device Cloud Agent

API

Ope

ratin

g Sy

stem

API

Helix Device Cloud

Embedded Software

Cloud-Side AppBig Data and Enterprise IT

Wind River Tools

Agenda



ICS-CERT Alerts Oct. 2012 – Jan. 2014

ICS-ALERT-13-304-01 : Nordex NC2 – Cross-Site Scripting Vulnerability ICS-ALERT-13-259-01 : Mitsubishi MC-WorkX Suite Insecure ActiveX Control ICS-ALERT-13-256-01 : WellinTech KingView ActiveX Vulnerabilities ICS-ALERT-13-164-01 : Medical Devices Hard-Coded Passwords ICS-ALERT-13-091-01 : Mitsubishi MX Overflow Vulnerability ICS-ALERT-13-091-02 : Clorius Controls ICS SCADA Information Disclosure ICS-ALERT-13-016-01A : Schneider Electric Product Vulnerabilities (Update A) ICS-ALERT-13-016-02 : Offline Brute-Force Password Tool Targeting Siemens S7 ICS-ALERT-13-009-01 : Advantech WebAccess Cross Site Scripting Vulnerability ICS-ALERT-13-004-01 : Advantech Studio Directory Traversal ICS-ALERT-12-039-01 : Advantech Broadwin RPC Server Vulnerability ICS-ALERT-12-097-02A : 3S CoDeSys Improper Access Control (Update A) ICS-ALERT-12-046-01A : Increasing Threat to Industrial Control Systems (Update A)

19

Source: http://ics-cert.us-cert.gov/alerts

| © 2015 Wind River. All Rights Reserved.

Security – what to do? Define and analyse your thread scenario

– Access points– Environment– Storage

Follow the standards: – IEC 62443: Security for industrial automation and control systems

Software development process Communication robustness testing Penetration testing

Toolbox of security functions– Secure boot– Secure access and operation– Secure updates


Summary

IoT advances fast Watch out for cloud support for embedded devices Security is a must Key driver are new business ideas


IoT happens -


Thank you!

bringing intelligence into the cloudfiles.iccmedia.com/events/iotcon15/pdf/franz/15h00_wind.pdf ·...

Documents