SIX DEGREES OF SEPARATION PLANNING THE IMPACT OF IOT ON YOUR FUTURE AUDITS

Similar documents
Internet of Things (IoT) Vikram Raval GSMA

The Smart Port Vision

Security Challenges in the Internet of Things. Dr. Sigrid Schefer-Wenzl

IoT Challenges & Testing aspects. Alon Linetzki, Founder & CEO QualityWize

How to Categorize Risk in IoT

Internet of Things ( IoT) Luigi Battezzati PhD.

Securing IoT in the Enterprise

DELL: POWERFUL FLEXIBILITY FOR THE IOT EDGE

Internet of Things (IoT)

73% Contents. of companies have yet to make any concrete investments in the Internet of Things. 1. Foreword 4. Key findings 5

The Internet of Things Will You Be Ready to Support a Device-Driven Future? Manish Nathwani SVP, Product Development

INTERNET OF THINGS THE GSMA GUIDE TO THE R A G E C A P A B I L C O V E I T Y T Y U R I E C R S B E C Y. gsma.com/iot

Session Booklet The Internet of Things

IoT in Port of the Future

NDT Meets the Internet of Things (IoT)

THE NEXT GENERATION OF CITY MANAGEMENT INNOVATE TODAY TO MEET THE NEEDS OF TOMORROW

Introduction to Internet of Things Prof. Sudip Misra Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur

RECENT TRENDS AND ISSUES IN IOT

Internet of things (IoT) Regulatory aspects. Trilok Dabeesing, ICT Authority 28 June 2017

IERC Standardization Challenges. Standards for an Internet of Things. 3 and 4 July 2014, ETSI HQ (Sophia Antipolis)

Smart Buildings - Integrating PoE with the IoT

PoE: Adding Power to (IoT)

The Rise of the Internet of Things

Internet of Things: Networking Infrastructure for C.P.S. Wei Zhao University of Macau December 2012

Redefining the Connected Conversation

The Internet of Everything

IoT - Internet of Things. Brokerage event for Innovative ICT November, Varazdin, Croatia

Images for life. Nexxis for video integration in the operating room

Why Connecting to the Internet of Things Project List

The Internet of You: The Ethical, Privacy, and Legal Implications of Connected Devices. Beverly Kracher, Ph.D. Business Ethics Alliance

IoT trends in the Americas and considerations on the importance of National IoT plans

Measuring the Internet of Things (IoT)

A Vision of IoT: Applications, Challenges, and Opportunities With China Perspective

IoThings Milano Maggio 2017 Barbara Pareglio GSMA IoT Technical Director. Mobile IoT: 3GPP standard per reti LPWA e IoT security

Dr. Tanja Rückert EVP Digital Assets and IoT, SAP SE. MSB Conference Oct 11, 2016 Frankfurt. International Electrotechnical Commission

IOT The internet of things by Christopher LaForge

Mobilising the Smart Cities September Barbara Pareglio IoT Technical Director

Introduction to the Internet of Things

What you need to know about IoT platforms. How platforms stack up in IoT

Smart Communities Using GIS

Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges

DRIVING REVENUE FROM THE INTERNET OF THINGS

PoLTE: The GPS Alternative for IoT Location Services

IoT Strategy Roadmap

Kolding June 12, 2018

A Bird s Eye View on Internet of Things

Chapter 2. Analysis of ICT Industrial Trends in the IoT Era. Part 1

F5 Network Security for IoT

Securing the Internet of Things Survey

THE INTERNET OF VISION ENABLED THINGS. Tom Brennan Artemis Vision

HEART ATTACK DETECTION BY HEARTBEAT SENSING USING INTERNET OF THINGS : IOT

BioTechnology. An Indian Journal FULL PAPER. Trade Science Inc.

Internet of Things (IoT): The Big Picture

INTERNET OF THINGS WINNING FORMULA. Rami Avidan Managing Director, Tele2 IoT

Your partner in testing the Internet of Things

IoT and the Implications for Security Inside and Outside the Enterprise. Richard Boyer CISO & Chief Architect, Security

Government of Karnataka Department of Technical Education Bengaluru

IOT TECHNOLOGY AND ITS IMPACT

Internet of Things Trends, Challenges, Opportunities, and Applications

Bridging Legacy Systems & the Internet of Things. Matt Newton Director of Technical Marketing OPTO 22

FOSS PLATFORM FOR CLOUD BASED IOT SOLUTIONS

T : Internet Technologies for Mobile Computing

May 2018 KSA9003A 2018 CAT. NO. K3256-A (ddc) Printed in Japan

ANALYST REPORT MANUFACTURING. Is IoT delivering factory floor efficiency? Analyst Report Prepared by Strategy Analytics.

E-MANUAL. Thank you for purchasing this Samsung product. To receive more complete service, please register your product at.

INTRODUCTION OF INTERNET OF THING TECHNOLOGY BASED ON PROTOTYPE

Home Monitoring System Using RP Device

E-MANUAL. Thank you for purchasing this Samsung product. To receive more complete service, please register your product at.

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

Finnish perspectives for the IOT

Connect 350 UHD. Connect 350 UHD USER MANUAL 3 GEBRAUCHSANLEITUNG GUIDE UTILISATEUR MODO DE EMPLEO MANUALE D ISTRUZIONI GEBRUIKSAANWIJZING

Mark Bugajski ARRIS, USA

Integrating Device Connectivity in IoT & Embedded devices

LONDON: EVENT REPORT, MAY 10-11

INSTRUCTION & INSTALLATION GUIDE

The Internet of Things Where the Cyber meets the Physical

Internet Of Things Meets Digital Signage. Deriving more business value from your displays

Samsung Electronics Presents: Internet of Things: Transforming the Future June 21, 2016

TCM420 Digital Cable Modem

Internet of Things: Cross-cutting Integration Platforms Across Sectors

Expert Reference Series of White Papers. The Internet of Things: A Primer for the Curious

Four steps to IoT success

KPN and the Internet of Things

The Internet of Things (IoT)

USER MANUAL Version 1.5.2

HOW TO DELIVER OMNICHANNEL CUSTOMER ENGAGEMENT, TODAY! , Genesys Telecommunications Laboratories, Inc. All rights reserved.

IoT Egypt Forum A Catalyst for IoT Ecosystem in Egypt

Bezirk. Things plus Cloud does not equal IoT. Saturn 2016, San Diego. IoT that tastes better. IoT by default

Growing the Digital Business: Spotlight on the Internet of Things. Accenture Mobility Research 2015

CLEVER LIGHTING An Emerging New Market

Building Your DLP Strategy & Process. Whitepaper

User Guide. HDMI Fiber Optic Extender. DVI-7350a

User s Manual. 4X1 HDMI Switcher Part #: DL-HDS41

If you have any problems please contact our office at Thank You! And Enjoy! Like us on Facebook /AllenLeighSC

UPDATE ON IOT LANDSCAPING

OMX-HDMI-2-IPV2 4K Multipoint to Multipoint Extender Over IP Single CAT5/5e/6 INSTALLATION & SPECIFICATIONS

ITU-T Y.4552/Y.2078 (02/2016) Application support models of the Internet of things

Vision Standards Bring Sharper View to Medical Imaging

CH-2538TXWPKD 4K UHD HDMI/VGA over HDBaseT Wallplate Transmitter. CH-2527RX 4K UHD HDMI over HDBaseT Receiver. Operation Manual

CHALLENGES WITH MEASURING THE INTERNET OF THINGS IN THE CARIBBEAN

Transcription:

SIX DEGREES OF SEPARATION PLANNING THE IMPACT OF IOT ON YOUR FUTURE AUDITS

AGENDA What is 6 Degrees of Separation What is IoT The Impact of IoT Risks Auditing IoT

WHAT IS 6 DEGREES OF SEPARATION? The idea that all living things and everything else in the world are six or fewer steps away from each other So a chain of "a friend of a friend" statements can be made to connect any two people in a maximum of six steps Idea is you are 1 degree away from someone, 2 degrees from someone they know, 3 from someone these know etc It was originally set out by Frigyes Karinthy in 1929 and popularized in an eponymous 1990 play written by John Guare Courtesy: Wikipedia

WHAT IS 6 DEGREES OF SEPARATION? A 2007 study by Jure Leskovec and Eric Horvitz examined a data set of instant messages composed of 30 billion conversations among 240 million people. They found the average path length among Microsoft Messenger users to be 6 Researchers at Microsoft studied 30 billion electronic conversations in Microsoft Messenger using 180 million people in various countries in June 2006. People were considered acquainted if they send each other a message. The average length of hops was 6.6 78% could be connected with 7 or fewer hops So, you are five people away from connecting with your favorite movie star, Gandhi, the Queen etc

WHAT IS 6 DEGREES OF SEPARATION? So? How does this relate to IoT you ask? You are only 5 people away from connecting with someone or some business, who uses or benefits from an IoT device OR, 5 business away from someone wanting to use an IoT device maliciously against your business* Courtesy: https://upload.wikimedia.org/wikipedia/commons/8/88/six_degrees_of_separation_01.png

WHAT IS IOT? The Internet of Things is a term taken to mean devices connected to the internet 2013 Global Standards Initiative on Internet of Things defined the IoT as: A global infrastructure for the information society, enabling advanced services by interconnecting things based on existing and evolving interoperable information and communication technologies" For these purposes a "thing" is "an object of the physical world or the information world, which is capable of being identified and integrated into communication networks. Courtesy: Wikipedia

WHAT IS IOT?

WHAT IS IOT? What drives IoT? Connectivity IpV6 This internet addressing protocol opens the gate for anything to have a unique identifier. Enough addresses for more items than the world can produce Enhanced sensors Drop in cost combined with increase in capabilities of sensors to capture, analyze, store and transmit data Low-power/wide area communications Ability to transmit from a wide range of sensors across a simplified and secure communication infrastructure with low-power sources Courtesy: https://blog.protiviti.com/tag/auditing-iot-risk/

WHAT IS IOT? IoT Use Cases The taxonomy is arranged around people, and each level moves further away from individual and becomes high level. Different levels are categorized from personal (e.g. wearables) to macro-level control ( smart cities, smart highways). Courtesy: https://iwringer.wordpress.com/2015/10/08/taxonomy-of-iot-usecases-seeing-iot-forest-from-the-trees/

WHAT IS IOT? Amazon Dash Button A Wi-Fi connected device that reorders your favorite product with the press of a button. Can be paired with a product of your choice, using Amazon App during the setup process. When you run out of that product, press the button and it is ordered via Amazon

WHAT IS IOT?

WHAT IS IOT? THE NEXT WAVE!

WHAT IS IOT? Industry Logistics - DHL Vehicle monitoring and maintenance, Real-time tracking of packages, environmental sensors in shipping containers Information-gathering on employees and tools Safety-enhancing features for vehicles and people

WHAT IS IOT? Caterpillar Industry CAT Smartband Activity tracking to monitor operators to determine better operator safety Predict when the wearer s fatigue level will become a safety risk Courtesy: Caterpillar.com

WHAT IS IOT? Captures bar code and auto adds item to your shopping list in the GeniCan app

WHAT IS IOT? A smart wine decanter isommelier promises to soften up the tannins mature wine that normally requires years of cellaring through aerating your wine with highly concentrated purified oxygen. There's also a smart base with a digital screen that shows you the name of the wine, vintage and aeration progress bar There is an app that connects with the decanter to let you control the device, add aeration programs and gather information about different winemakers Courtesy: https://www.wareable.com/smart-home/best-smart-kitchen-devices

WHAT IS IOT? IoT is moving fast Cars Diagnostics, insurance tracking devices Lighting systems Refrigerators Telephones Supervisory Control and Data Acquisition (SCADA) systems POS devices Traffic control systems Home security systems Smart electricity meters Televisions, DVRs Kitchen appliances Instant Pot, Avona sous vide cooker, toasters

IMPACT OF IOT? Perhaps the biggest potential for IoT isn t consumer devices, but: Industrial automation Building automation Smart transportation Power and irrigation systems Environmental & pollution monitoring Courtesy: http://www.advancedmp.com/environmental-impact-of-iot/

IMPACT OF IOT? Environmental impact Not so Good E-waste (waste of electrical and electronic equipment) filling landfill sites Heavy metals and toxic materials Energy consumption. Huge increase in overall consumption to manage all the devices Demand for more as users become accustomed to usefulness Greater packaging waste Courtesy: http://www.advancedmp.com/environmental-impact-of-iot/

IMPACT OF IOT? Environmental impact Good Pocket-sized environmental sensors that provide for monitoring the airborne quality, radiation, water quality, hazardous airborne chemicals etc Airbot, waterbot, Sensordrone, Sensaris, Pressurenet IoT smart grids in the energy sector could save over 2.0 Gt of CO 2 using smart meters and demand-response systems Improved energy efficiency with optimized routes of transportation, IoT could reduce about 1.9Gt of CO 2 in 5 years Courtesy: http://www.advancedmp.com/environmental-impact-of-iot/

IMPACT OF IOT? Other Key Impacts Real-time operational data Performance of individual machines Energy usage in buildings Telematics from your vehicles on the road, connections to field staff or monitoring of remote assets, Richer and faster flow of real-time operational data, yielding deeper, more accurate insights about your business so you make better and timelier decisions Improved operational efficiencies and standards. For example, food and drug manufacturers monitor shipping containers for changes in temperature that could affect product quality and safety

RISKS IoT devices are always on Attackers have all the time they need How will you know they have been hacked? Business risks Compliance, privacy Technical risks Hacking, device vulnerabilities, Operational risks Performance (slowdown or speed up), shadow or rogue use, managing updates

RISKS At the Heart of the matter Dick Cheney has wireless access removed A precaution as he was Vice President of the USA at the time Upon getting a new defibrillator, his doctor Dr. Reiner ordered the manufacturer to disable the wireless feature These devices monitor the heart's electrical activity and, when an arrhythmic event is detected, can induce a shock that resets the heart. They also contain small radio transmitters that let doctors read their monitoring of the heart and even reprogram the device to customize it to the patient

RISKS Medical Risks The recent WannaCry ransomware: Locked down medical records in hospitals, Infected MRI machines, and Hit diagnostic radiology equipment

RISKS Medical Risks Jay Radcliffe, a security researcher at Rapid7 and a diabetic, found that the wireless remote for his Johnson & Johnson Animas OneTouch Ping diabetes pump communicated in an unencrypted fashion "Attackers can trivially sniff the remote/pump key and then spoof being the remote or the pump," he wrote last year. "This can be done without knowledge of how the key is generated. This vulnerability can be used to remotely dispense insulin and potentially cause the patient to have a hypoglycemic reaction." https://www.pcmag.com/news/354582/can-a-hack-give-you-a-heart-attack?utm_source=email&utm_campaign=dailynews&utm_medium=title

RISKS Home Automation Locks, baby monitors, lights etc Executives Car tolls, medical, homes Sensitive positions Admins, HR etc Theft, Kidnapping, Coercion

RISKS Network risks Connected devices may allow unauthorized access to your inside network Courtesy: https://www.forescout.com/wp-content/uploads/2016/10/iot-enterprise-risk-report.pdf

RISKS Network risks Different degrees of risk Courtesy: https://www.forescout.com/wp-content/uploads/2016/10/iot-enterprise-risk-report.pdf

AUDITING IOT Need a survey / questionnaire to users about internet connected devices in the office Is IoT part of a business strategic initiative? Does the business know what IoT data is collected, and stored? Is the data analyzed for business and security related objectives? Has the organization assessed potential implications? Security Privacy Organizational

AUDITING IOT Risk Assessment Conduct an assessment of risk in your organization through the use of IoT enabled devices Technical risks Business risks Perform a vulnerability assessment Conduct penetration tests on IoT systems Assess the adequacy of the encryption used by IoT systems for communication

AUDITING IOT Monitoring Monitor IoT systems to ensure they are functioning as intended Assess whether adequate monitoring controls are in place and whether all such controls have been operating effectively over time. Assess whether exceptions and failures that occur get properly logged Ensure resolutions to incidents are recorded on a timely basis Assess whether a process is in place for incidents to determine their root causes Ensure that someone is accountable for reviewing logs

AUDITING IOT Is someone accountable? Who manages IoT assets, from purchase to disposal? Know what you have Is a list of IoT enabled devices maintained? Part of asset management? Is it broken down by level of connectivity / risk? Connectivity Who authorizes connectivity to the network? Is that a good idea? Segregated on the network?

AUDITING IOT Maintenance Who is accountable and responsible for ensuring regular maintenance? How do you ensure all devices are updated as required? Are stakeholders engaged when considering new devices? Understand risks, benefits, manage rogue use Legal ramifications researched, understood and managed? Compliance, Privacy etc

AUDITING IOT Network properly managed? Denial of Service attacks on IoT devices? Ready for added demand on network bandwidth? Patch management standard updated to include IoT devices? Incident response procedures handling IoT? Insurance updated to include risks associated with IoT?

TACTICS FOR IOT IoT security tactics you might consider: Design a good perimeter protection with a firewall and an intrusion prevention system Implement an emergency incident response program Include a good identity and access management program with your IoT program for central user control. Implement two-factor authentication where practical Have the administrators of your devices use privileged user control Search for standardization. The market will soon define standards for the IoT, including security standards If you have a third-party IoT provider, consider due diligence Stay informed with key sources of security through groups such as the National Institute of Standards and Technology (NIST) Courtesy: https://securityintelligence.com/how-to-protect-yourself-against-iot-risks/

THANK YOU! Barry D. Lewis lewisb@cerberus-isc.com

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback