iot security - canto · isoc “iot trust by design” campaign 1 work with manufacturers and...
TRANSCRIPT
![Page 1: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/1.jpg)
Internet Society © 1992–2016
IoT Security
Shernon Osepa,
Manager Regional Affairs Latin America & the Caribbean
@ShernonOsepa
35th CANTO AGM and Mini Exhibition
28 January 2019
Georgetown, Guyana
Presentation title – Client name
Challenges and Opportunities
![Page 2: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/2.jpg)
“An Open, Globally-Connected, Trustworthy, and Secure Internet for
Everyone”
Why does Internet Society care?
2
![Page 3: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/3.jpg)
• Cyber security
• Threats
• IoT
Some definitions
3
![Page 4: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/4.jpg)
“preventative methods to protect information from being stolen, compromised
or attacked in some other way”;
What is Cybersecurity?
4
![Page 5: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/5.jpg)
Applications
5
![Page 6: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/6.jpg)
Technical
• Malware
• Ransomware
• DDOS
• Botnets
Non technical
• Social
• Economic
Image credit: FileCloud
The Threats
6
![Page 7: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/7.jpg)
What should we do about it?
7
![Page 8: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/8.jpg)
“An Open,
Globally-Connected,
Trustworthy,
and Secure Internet for
Everyone”
IoT Security
8
![Page 9: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/9.jpg)
• Despite the buzz, no single definition!
refers to scenarios where network connectivity and computing capability
extends to objects, sensors and everyday items not normally considered
computers, allowing these devices to generate, exchange and consume
data with minimal human intervention.
• Functionally: The extension of network connectivity and computing capability
to a variety of objects, devices, sensors and everyday items allowing them to
generate/exchange data, often with remote with data analytic/management
capabilities.
• As Value: Data & what can be done with it.
• As a Vision: The realization of a “hyper-connected” world.
What is IoT really?
9
![Page 10: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/10.jpg)
Leaves
Trunk/branches
Roots
A Tree Ecosystem
10
![Page 11: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/11.jpg)
Computers, Networks, and “Things” not new…….
11
![Page 12: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/12.jpg)
If it’s not new, why now?: A Confluence of Market Trends
UBIQUITOUS CONNECTIVITY
WIDESPREADADOPTION OF IP
COMPUTING ECONOMICS
MINIATURIZATION
ADVANCES IN DATA ANALYTICSUBIQUITOUS
CONNECTIVITY
WIDESPREAD ADOPTION OF IP
COMPUTING ECONOMICS
MINIATURIZATION
ADVANCES IN DATA
ANALYTICS
RISE OF CLOUD COMPUTING
12
![Page 13: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/13.jpg)
Applications
Software
(gateways/processors)
Technology (sensors)
The IoT Ecosystem
13
![Page 14: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/14.jpg)
1. Smart home
2. Smart wearables
3. IoT Solutions For Smart City
4. Smart Grids
5. Industrial Internet
6. Smarter Automotive Industry
7. Smart Health Care Systems
8. Smart Retail
9. Smart Supply Chain
10. Agriculture
11. Many more
The IoT Ecosystem (Applications)
14
![Page 15: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/15.jpg)
Software (gateways/processors)
Intel-Edison/Galileo
Qualcomm-Snapdragon
Raspberry Pi 3
Chip RB
Marvell-MW302
Cypress-Bluetooth IoT kit
Samsung ARTIK
And many more….
The IoT Ecosystem Software (gateways)
15
![Page 16: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/16.jpg)
Technology (sensors)
Honeywell
Grayhill
Intel
Qualcomm
Many more…
The IoT Ecosystem (technology)
16
![Page 17: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/17.jpg)
The challenges we face
![Page 18: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/18.jpg)
The number of IoT devices and systems
connected to the Internet will be more
than
2.5x the global population
by 2020 (Gartner).
(Others, 30 - 50 Billion by 2025)
![Page 19: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/19.jpg)
Used with permission. http://www.geekculture.com/joyoftech/joyarchives/2340.html
As more and more
devices are
connected, privacy
and security risks
increase.
![Page 20: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/20.jpg)
• Security
• Privacy
• Interoperability and Standards
• Legal, regulatory and rights
• Emerging economies and
development
Key IoT Challenges
20
![Page 21: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/21.jpg)
Key Challenge: IoT Ecosystem
21
Three Dimensions:
• Combination of devices, apps,
platforms & services
• Data flows, touch points
& disclosures
• Lack of defined standards
Impacts on Sustainability Issues:
• Lifecycle supportability
• Data retention / ownership
![Page 22: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/22.jpg)
Interoperability and Standards
22
![Page 23: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/23.jpg)
New devices, new vulnerabilities
• Device Cost/Size/Functionality
• Volume of identical devices
(homogeneity)
• Long service life (often extending far
beyond supported lifetime)
• No or limited upgradability or patching
• Physical security vulnerabilities
• Access
• Limited user interfaces (UI)
• Limited visibility into, or control over,
internal workings
• Embedded devices
• Unintended uses
• BYOIoT
23
The attributes of many IoT devices present new and unique security challenges
compared to traditional computing systems.
![Page 24: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/24.jpg)
Legal, regulatory and rights
24
![Page 25: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/25.jpg)
Emerging economies and
development
25
![Page 26: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/26.jpg)
Who is responsible?
26
Developers and users of IoT
devices and systems have a
collective obligation to
ensure they do not expose
others and the Internet itself
to potential harm
To scale up we need a
collective approach,
addressing security challenges
on all fronts.
![Page 27: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/27.jpg)
What we’re doing about it
![Page 28: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/28.jpg)
There are two ways to view IoT Security
Outward Security
Focus on potential harms that
compromised devices and systems can
inflict on the Internet and other users
Inward Security
Focus on potential harms to the health,
safety, and privacy of device users and
their property stemming from
compromised IoT devices and systems
28
![Page 29: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/29.jpg)
•OTA was founded in 2004
• developed technical standards to fight spam;
• advance Secure Sockets Layer (SSL) and email authentication
best practices;
• has introduced a foundation for a future IoT certification
programme;
• and has worked on measures to address online fraud.
•An initiative of the Internet Society (ISOC), as of 5
April 2017!
•will help improve security and data privacy for users (ISOC’s trust
agenda)
What is the Online Trust Alliance?
29
![Page 30: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/30.jpg)
•Annual Online Trust Audit;
• Cyber Incident Response Guide;
• Internet of Things (IoT) Trust Framework.
Some OTA’s initiatives
30
![Page 31: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/31.jpg)
• Measureable principles vs. standards
development
• Consumer grade devices (home, office
and wearables)
• Address known vulnerabilities and IoT
threats
• Actionable and vendor neutral
Online Trust Alliance IoT Security & Privacy Trust
Framework
31
https://otalliance.org/iot/
![Page 32: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/32.jpg)
Online Trust Alliance IoT Security Resources
32
![Page 33: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/33.jpg)
ISOC “IoT Trust by Design” Campaign
1
Work with manufacturers
and suppliers to adopt
and implement the OTA
IoT Trust Framework
2
Mobilize consumers to
drive demand for
security and privacy
capabilities as a market
differentiator
3
Encourage policy and
regulations to push for
better security and
privacy features in IoT
33
![Page 34: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/34.jpg)
OTA IoT Trust Framework implementation
- Best practices and toolkits
- Implementation guide
- Training for ISOC and community
34
Activity highlights
Research
- Paper on IoT Security for Policymakers
- Policy research: mapping the IoT policy/regulatory
landscape
- Economic study on IoT security externalities
- Study on “consumer grade” IoT markets, to better
understand manufacturing trends and consumer
behaviour
Outreach to policy makers
- Regional engagement in strategic countries
- Global and regional events
- Workshops and capacity building
- Thought pieces and articles
Global, regional and local partnerships
- Security-minded IoT alliances
- Certification organizations
- Civil society organizations
- Organizations that review consumer products
- Internet Society community
![Page 35: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/35.jpg)
Closing Thoughts
35
![Page 36: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/36.jpg)
36
![Page 37: IoT Security - CANTO · ISOC “IoT Trust by Design” Campaign 1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to](https://reader033.vdocuments.mx/reader033/viewer/2022042321/5f0b467c7e708231d42fb631/html5/thumbnails/37.jpg)
Visit us at
www.internetsociety.org
Follow us
@internetsociety
Galerie Jean-Malbuisson 15,
CH-1204 Geneva,
Switzerland.
+41 22 807 1444
1775 Wiehle Avenue,
Suite 201, Reston, VA
20190-5108 USA.
+1 703 439 2120
Thank you.
Shernon Osepa
Manager Regional Affairs Latin America & the
Caribbean
@ShernonOsepa37