Internet Society © 1992–2016

An Overview & the (Security) Implications

The Internet of Things (IoT)

Shernon Osepa,

Manager Regional Affairs Latin America & the Caribbean

osepa@isoc.org

15th Caribbean Ministerial Strategic ICT Seminar

St. John‘s, Antigua & Barbuda

23 March 2017

Presentation title – Client name

• About the Internet Society (ISOC)

• How is the Internet Governed/ The Ecosystem

• The Internet’s “Three Operational Layers”

• IoT Overview: concepts and drivers

• Cybersecurity threats

• IoT implications

• Questions

Agenda

2

About the Internet Society

3

The Internet ”Three Operational Layers”

4

How is the Internet governed?

5

Cybersecurity

6

•“Cyber security refers to preventative methods to protect

information from being stolen, compromised or attacked in

some other way”;

•For the purposes of this presentation, cyber security is defined as

“anything that includes security problems specific to the Internet

and their technical and non-technical solutions”;

•Not every crime that occurs on the Internet is covered by the term

cyber security. A crime is a crime, and simply moving it to the

Internet doesn’t make it special!

Definitions

7

Cybersecurity mapping

issues can be classified according to three criteria:

1. Type of action (data interception/interference, illegal access, spyware, data

corruption, sabotage, denial of service (DoS), identity theft).

2. Type of perpetrator (criminals, anarchists, hackers, revolutionaries, terrorists,

secret services, defence/military units, Governments?).

3. Type of target (individuals, private companies, civil society organizations,

media entities, public institutions, critical infrastructures etc.

8

Malicious Software (Malware)-viruses, spyware and other unwanted software

Cybersecurity threats(malware)

9

Botnets: networks or hijacked devices that perform remotely commanded tasks without

the knowledge of their owners

Cybersecurity threats(Botnets)

10

Denial of Service (DoS) flooding a computer or website with requests for

information, preventing them functioning properly

Cybersecurity threats(DoS)

11

Phishing a form of social engineering through which a person is tricked

into doing something that they normally should not do

Cybersecurity threats(Phishing)

12

E-scams fraud schemes in which scammers use one or more online

services- such as emails or websites to contact potential victims

Cybersecurity threats(E-scams)

13

Because the scope of cybersecurity is so broad, it is helpful to break

it down into these categories

Cyber Security Themes & Solutions

14

Collaborative Security Approach:

See http://www.internetsociety.org/collaborativesecurity

Fostering Confidence / Protecting

OpportunitiesOpportunities for individuals, business, economy and and society will only be realized if there is

confidence in the Internet, systems, and technologies (including IoT).

Collective ResponsibilityNo security threats or solutions exist in isolation. Requires collective responsibility, a common

understanding of problems, shared solutions, common benefits, and open communication channels.

Uphold Fundamental Properties and

ValuesSecurity solutions should be fully integrated with the important objectives of preserving the fundamental

properties of the Internet and fundamental rights.

Evolution and ConsensusSecurity solutions need to be flexible enough to evolve over time & responsive to new challenges. Focus

needed on defining agreed problems and finding solutions, including incremental ones.

Think Globally, Act LocallyCreating security and trust requires different players (within their respective roles / responsibilities) to take

action and close to where the issues are occurring.

Developing Solutions in the Context of Principles

15

• Despite the buzz, no single definition!

refers to scenarios where network connectivity and computing capability extends to

objects, sensors and everyday items not normally considered computers, allowing

these devices to generate, exchange and consume data with minimal human

intervention.

• Functionally: The extension of network connectivity and computing capability to a variety

of objects, devices, sensors and everyday items allowing them to generate/exchange

data, often with remote with data analytic/management capabilities.

• As Value: Data & what can be done with it.

• As a Vision: The realization of a “hyper-connected” world.

• This is why it matters• This is why it’s hard!

What is IoT really?

16

Internet of Things Beginning

Computers, Networks, and “Things”

17

Machine to Machine” (M2M)(~1970s +)

Carnegie Mellon InternetCoke Machine (1982,

1990)

Trojan Room Coffee Pot

(first webcam) (1991)

Internet Toaster(1990)

If it’s not new, why now?: A confluence of market trends

18

UBIQUITOUS CONNECTIVITY

WIDESPREADADOPTION OF IP

COMPUTING ECONOMICS

MINIATURIZATION

ADVANCES IN DATA ANALYTICSUBIQUITOUS

CONNECTIVITY

WIDESPREAD ADOPTION OF

IP

COMPUTING ECONOMICS

MINIATURIZATION

ADVANCES IN DATA

ANALYTICS

RISE OF CLOUD COMPUTING

• Security

• Privacy

• Interoperability & Standards

• Legal Regulatory & Rights

• Emerging Economies and Development

Key IoT Challenges

19

The Security

Implications

20

•Security is the most pressing and important IoT challenge for industry, users, and the Internet.

•Growth in devices increases the surface available for cyberattack

•Poorly secured devices affect the security of the Internet and other devices globally, not just locally

•Developers and users of IoTdevices and systems have a collective obligation to ensure they do not expose others and the Internet itself to potential harm!

The Security

Implications

21

•Cost/Size/Functionality

•Volume of Identical Devices

•Limited Visibility into Internal Workings

•Embedded Devices

•Physical Security Vulnerabilities

A Spectrum of Unique Smart Object Security

Challenges

22

•Unintended Use & BYOIoT

•Deployment at Mass Scale

•Long Service Life

•No / Limited Upgradability

A Spectrum of Unique Smart Object Security

Challenges

23

•Both cybersecurity problems specifically and other criminal

activities carried out using the Internet are not going to be

solved with technology alone!

•Close cooperation and coordination by all stakeholders is key!

•Governments;

•Businesses;

•Academia;

•Organizational and individual users;

•Law enforcement agencies;

•Policy makers worldwide.

It’s All About Cooperation & Collaboration

“Collaborative Security”

24

Visit us at

www.internetsociety.org

Follow us

@internetsociety

Galerie Jean-Malbuisson 15,

CH-1204 Geneva,

Switzerland.

+41 22 807 1444

1775 Wiehle Avenue,

Suite 201, Reston, VA

20190-5108 USA.

+1 703 439 2120

Thank you.

Shernon Osepa

Manager Regional Affairs Latin America & the

Caribbean

osepa@isoc.org

25