bringing intelligence into the cloudfiles.iccmedia.com/events/iotcon15/pdf/franz/15h00_wind.pdf ·...
TRANSCRIPT
Bringing Intelligenceinto the cloud
Michael Gaudlitz, Field Application Engineer
Agenda
IoT Drivers for IoT Cloud Security
2 | © 2015 Wind River. All Rights Reserved.
Agenda
IoT Drivers for IoT Cloud Security
3 | © 2015 Wind River. All Rights Reserved.
Internet of Things IoT
provides a network of sensors and actuators attached to objects and communications devices provides data for analysis used to initiate automated actions (aka “smart”) generates intelligence for planning, management and
policy (business optimization)
4 | © 2015 Wind River. All Rights Reserved.
PrivateClouds
Device DeviceSensor Sensor
INTERNETApp
Generic Network Topology for Connect Devices
LAN
GATEWAY Data Aggregation
Data Acquisition
“The Cloud”
App Data Representation
Sensor
Sensor
| © 2015 Wind River. All Rights Reserved.5
Wind RiverHelix Device Cloud
Wind RiverApplication Ready
Platform
App
Didn’t we already had this all?
What‘s new? Standards Communication stacks Mobile infrastructure API
Cloud access Improved interoperability Security awareness Business ideas
6 | © 2015 Wind River. All Rights Reserved.
7 | © 2015 Wind River. All Rights Reserved.
We are here
More Than 60% of Electronics Makers Say the Internet of Things is Already Impacting Their Business Models, According to VDC Research Survey
IoT Hype Curve
Agenda
IoT Drivers for IoT Cloud Security
9 | © 2015 Wind River. All Rights Reserved.
The Two Business Interests Driving IoT Demand
10 | © 2015 Wind River. All Rights Reserved.
Business Optimization Maximizing value of existing assets
and investments Introduction of new efficiencies Incremental shifts in OpEx
Business Transformation Access to new revenue streams Transitioning Business Models Positive shifts in value creation and
value capture
13 | © 2015 Wind River. All Rights Reserved.
Airlines demand „power by the hour“ Profitable aftermarket not to be left to 3rd party vendors=> 50% of revenues from services
Example for Business Transformation
App Store for industrial applications Secure Cloud Platforms
„We will never allow that we are marginalized to a hardware vendor“
Peter Leibinger, Vice president Trumpf
14 | © 2015 Wind River. All Rights Reserved.
New Revenue Streams
Agenda
IoT Drivers for IoT Cloud Security
15 | © 2015 Wind River. All Rights Reserved.
Cloud offerings
Mostly IT driven Watch out for device management
capabilities: Alarms Secure software updates Secure remote maintenance Interoperability
16 | © 2015 Wind River. All Rights Reserved.
Helix Device Cloud Agent
API
Ope
ratin
g Sy
stem
API
Helix Device Cloud
Embedded Software
Cloud-Side AppBig Data and Enterprise IT
Wind River Tools
Agenda
IoT Drivers for IoT Cloud Security
17 | © 2015 Wind River. All Rights Reserved.
ICS-CERT Alerts Oct. 2012 – Jan. 2014
ICS-ALERT-13-304-01 : Nordex NC2 – Cross-Site Scripting Vulnerability ICS-ALERT-13-259-01 : Mitsubishi MC-WorkX Suite Insecure ActiveX Control ICS-ALERT-13-256-01 : WellinTech KingView ActiveX Vulnerabilities ICS-ALERT-13-164-01 : Medical Devices Hard-Coded Passwords ICS-ALERT-13-091-01 : Mitsubishi MX Overflow Vulnerability ICS-ALERT-13-091-02 : Clorius Controls ICS SCADA Information Disclosure ICS-ALERT-13-016-01A : Schneider Electric Product Vulnerabilities (Update A) ICS-ALERT-13-016-02 : Offline Brute-Force Password Tool Targeting Siemens S7 ICS-ALERT-13-009-01 : Advantech WebAccess Cross Site Scripting Vulnerability ICS-ALERT-13-004-01 : Advantech Studio Directory Traversal ICS-ALERT-12-039-01 : Advantech Broadwin RPC Server Vulnerability ICS-ALERT-12-097-02A : 3S CoDeSys Improper Access Control (Update A) ICS-ALERT-12-046-01A : Increasing Threat to Industrial Control Systems (Update A)
19
Source: http://ics-cert.us-cert.gov/alerts
| © 2015 Wind River. All Rights Reserved.
Security – what to do? Define and analyse your thread scenario
– Access points– Environment– Storage
Follow the standards: – IEC 62443: Security for industrial automation and control systems
Software development process Communication robustness testing Penetration testing
Toolbox of security functions– Secure boot– Secure access and operation– Secure updates
20 | © 2015 Wind River. All Rights Reserved.
Summary
IoT advances fast Watch out for cloud support for embedded devices Security is a must Key driver are new business ideas
21 | © 2015 Wind River. All Rights Reserved.
IoT happens -
22 | © 2015 Wind River. All Rights Reserved.
Thank you!