Upload
truonganh
View
215
Download
1
Embed Size (px)
Citation preview
Internet Society © 1992–2016
An Overview & the (Security) Implications
The Internet of Things (IoT)
Shernon Osepa,
Manager Regional Affairs Latin America & the Caribbean
15th Caribbean Ministerial Strategic ICT Seminar
St. John‘s, Antigua & Barbuda
23 March 2017
Presentation title – Client name
• About the Internet Society (ISOC)
• How is the Internet Governed/ The Ecosystem
• The Internet’s “Three Operational Layers”
• IoT Overview: concepts and drivers
• Cybersecurity threats
• IoT implications
• Questions
Agenda
2
•“Cyber security refers to preventative methods to protect
information from being stolen, compromised or attacked in
some other way”;
•For the purposes of this presentation, cyber security is defined as
“anything that includes security problems specific to the Internet
and their technical and non-technical solutions”;
•Not every crime that occurs on the Internet is covered by the term
cyber security. A crime is a crime, and simply moving it to the
Internet doesn’t make it special!
Definitions
7
Cybersecurity mapping
issues can be classified according to three criteria:
1. Type of action (data interception/interference, illegal access, spyware, data
corruption, sabotage, denial of service (DoS), identity theft).
2. Type of perpetrator (criminals, anarchists, hackers, revolutionaries, terrorists,
secret services, defence/military units, Governments?).
3. Type of target (individuals, private companies, civil society organizations,
media entities, public institutions, critical infrastructures etc.
8
Malicious Software (Malware)-viruses, spyware and other unwanted software
Cybersecurity threats(malware)
9
Botnets: networks or hijacked devices that perform remotely commanded tasks without
the knowledge of their owners
Cybersecurity threats(Botnets)
10
Denial of Service (DoS) flooding a computer or website with requests for
information, preventing them functioning properly
Cybersecurity threats(DoS)
11
Phishing a form of social engineering through which a person is tricked
into doing something that they normally should not do
Cybersecurity threats(Phishing)
12
E-scams fraud schemes in which scammers use one or more online
services- such as emails or websites to contact potential victims
Cybersecurity threats(E-scams)
13
Because the scope of cybersecurity is so broad, it is helpful to break
it down into these categories
Cyber Security Themes & Solutions
14
Collaborative Security Approach:
See http://www.internetsociety.org/collaborativesecurity
Fostering Confidence / Protecting
OpportunitiesOpportunities for individuals, business, economy and and society will only be realized if there is
confidence in the Internet, systems, and technologies (including IoT).
Collective ResponsibilityNo security threats or solutions exist in isolation. Requires collective responsibility, a common
understanding of problems, shared solutions, common benefits, and open communication channels.
Uphold Fundamental Properties and
ValuesSecurity solutions should be fully integrated with the important objectives of preserving the fundamental
properties of the Internet and fundamental rights.
Evolution and ConsensusSecurity solutions need to be flexible enough to evolve over time & responsive to new challenges. Focus
needed on defining agreed problems and finding solutions, including incremental ones.
Think Globally, Act LocallyCreating security and trust requires different players (within their respective roles / responsibilities) to take
action and close to where the issues are occurring.
Developing Solutions in the Context of Principles
15
• Despite the buzz, no single definition!
refers to scenarios where network connectivity and computing capability extends to
objects, sensors and everyday items not normally considered computers, allowing
these devices to generate, exchange and consume data with minimal human
intervention.
• Functionally: The extension of network connectivity and computing capability to a variety
of objects, devices, sensors and everyday items allowing them to generate/exchange
data, often with remote with data analytic/management capabilities.
• As Value: Data & what can be done with it.
• As a Vision: The realization of a “hyper-connected” world.
• This is why it matters• This is why it’s hard!
What is IoT really?
16
Internet of Things Beginning
Computers, Networks, and “Things”
17
Machine to Machine” (M2M)(~1970s +)
Carnegie Mellon InternetCoke Machine (1982,
1990)
Trojan Room Coffee Pot
(first webcam) (1991)
Internet Toaster(1990)
If it’s not new, why now?: A confluence of market trends
18
UBIQUITOUS CONNECTIVITY
WIDESPREADADOPTION OF IP
COMPUTING ECONOMICS
MINIATURIZATION
ADVANCES IN DATA ANALYTICSUBIQUITOUS
CONNECTIVITY
WIDESPREAD ADOPTION OF
IP
COMPUTING ECONOMICS
MINIATURIZATION
ADVANCES IN DATA
ANALYTICS
RISE OF CLOUD COMPUTING
• Security
• Privacy
• Interoperability & Standards
• Legal Regulatory & Rights
• Emerging Economies and Development
Key IoT Challenges
19
•Security is the most pressing and important IoT challenge for industry, users, and the Internet.
•Growth in devices increases the surface available for cyberattack
•Poorly secured devices affect the security of the Internet and other devices globally, not just locally
•Developers and users of IoTdevices and systems have a collective obligation to ensure they do not expose others and the Internet itself to potential harm!
The Security
Implications
21
•Cost/Size/Functionality
•Volume of Identical Devices
•Limited Visibility into Internal Workings
•Embedded Devices
•Physical Security Vulnerabilities
A Spectrum of Unique Smart Object Security
Challenges
22
•Unintended Use & BYOIoT
•Deployment at Mass Scale
•Long Service Life
•No / Limited Upgradability
A Spectrum of Unique Smart Object Security
Challenges
23
•Both cybersecurity problems specifically and other criminal
activities carried out using the Internet are not going to be
solved with technology alone!
•Close cooperation and coordination by all stakeholders is key!
•Governments;
•Businesses;
•Academia;
•Organizational and individual users;
•Law enforcement agencies;
•Policy makers worldwide.
It’s All About Cooperation & Collaboration
“Collaborative Security”
24
Visit us at
www.internetsociety.org
Follow us
@internetsociety
Galerie Jean-Malbuisson 15,
CH-1204 Geneva,
Switzerland.
+41 22 807 1444
1775 Wiehle Avenue,
Suite 201, Reston, VA
20190-5108 USA.
+1 703 439 2120
Thank you.
Shernon Osepa
Manager Regional Affairs Latin America & the
Caribbean
25