Embed Size (px)
Citation preview
The Next-Generation of Cybersecurity Innovation:An Approach to Securing Internet of Things (IoT) Enterprise Architectures
June 17-19 Marist CollegeEnterprise Computing Community2018 Conference
Introduction Need for Innovation Focus
Mainframe ERP/M Case Study: ABC Bank
ERP/M Principles Planning Assessment Management
IoT Security Technology Forecast Exploratory Techniques SWOT Analysis Schema
Future Work
Outline
PROBLEMIntroduction
Need for Innovation
• Internet threats are still inhabiting individuals devices
• Unauthorized physical access is considered the greatest security threats
• Cyber security tools are generalized and are not custom per user
• New platforms are growing faster that cyber security innovation
Threat Matrix
Data Consumption
• Internet has developed into becoming a data-driven conduit that society primarily depends upon.
• The use for the internet is increasing daily
• IoT increases data consumption because of the need to always be connected
FOCUSIntroduction
Internet of Things (IoT)
http://www.symplio.com/wp-content/uploads/2011/09/beecham_research_internet_of_things.jpg
Internet of Things (IoT)
• Web 3.0 accommodates the growing number of electronic devices currently connected to the Internet, which already exceeds the number of people on the planet
• The IoT has introduced a tremendous increase in the amount of traffic evaluated by communication protocols
• As network-enabled transmission becomes immensely connected or has the capability of being connected, then how we secure or control network resources are likely to shift
IoT Smart Home
CASE STUDYMainframe ERP/M
ABC Bank Overview
Disadvantages• Cost- The cost in obtaining a new mainframe system every 5 years is upwards of $75,000 per unit for
equipment cost alone. The heftiest cost is associated with MIPS (million instructions per second) and canrange from $6 million to $16 million every 5 years. ABC spends an average of $7.8 million over a 5-yearperiod with all costs combined. Acquiring the needed distributed systems and maintaining them over a5-year period was estimated to be between $100k-$150k in licensing costs every 5 years.
• Ability to Train New Workforce- Mainframes require a highly skilled workforce that is knowledgeable insoftware development, mainframe processing and memory capabilities. An SQL database running on aLinux server would also require a highly skilled workforce; however, it is easier to find employees withthese skills.
• Declining Workforce-Newer generations have a view that the mainframe is a legacy technology andmillennial interest in mainframe technology has rapidly declined.
• The Rise of Big Data- ABC has an interest in collecting large amounts of data for analysis, which requireslarge amounts of storage. The more storage needed on a mainframe the higher the cost.
ERP/M Principles
• Scalability- The current transaction load averages at approximately 3.5 million per day and with the right configuration one single mainframe can process millions per day.
• Security- The mainframe is very secure since 100% of the data is encrypted.
• Availability- Mainframes maintain an average uptime of 99.99%.
Commonly Known Advantages
PLANNINGERP/M Principles
ABC Bank Plan
Immediate Plan: ABC 2025 RoadmapABC developed a roadmap to 2025, which includes the highest priority of migrating away from the mainframe. The ultimatechoice was high performance databases hosted on high availability Linux servers, optimized to handle a load ofapproximately 200 transactions per second. These SQL server databases allowed the bank to move current data from themainframe to a high performance operational data store where all future data would live. This technology would not onlyallow the bank to house its data, but also optimize it for future big data needs. The enterprise service bus implemented thistechnology and was able to match the performance of the mainframe at barely a fraction of the cost. This success was onlythe beginning of the tasks that lie ahead such as determining where real-time debits and credits would live in theforeseeable future.
Future PlanThe future plan for the bank was to evaluate projects and determine how the current project roadmap presented theopportunity to move transactions to a real-time transactional database. It was estimated that it would take the bank about7-8 years to completely decommission the mainframe and fully move to the operational data store (ODS). As new projectsare analyzed the main focus is to determine how the data can be migrated from the legacy mainframe to the ODS.
Workforce PlanABC estimates that 85% of its mainframe technology workforce will be retired by 2030. This timeframe allows the bank toconservatively implement new distributed technologies at a slower pace to keep up with customer and employee demands.ABC plans to focus on attracting new talent with Linux and SQL interests or skills over the next 12 years. Ideally, as onemainframe employee retires a newly trained distributed operating environment platform experienced employee will behired to replace the mainframe expert.
ASSESSMENTERP/M Principles
ICS/CPS Level Architecture
MANAGEMENTERP/M Principles
IoT Connectivity
EXPERT OPINIONIoT Security Technology Forecast
Expert Opinion-based Planning
Short-term Planning: day 1 – 1 year
Foresters “expects that more than 500,000 IoT devices will becompromised in 2017 and that the Internet of Things representsa two-pronged threat in 2017 — potentially exposing businessesto security breaches and IoT devices themselves being turnedinto distributed denial-of-service (DDoS) weapons.”
Expert Opinion-based Planning
Intermediate Planning: year 1 – year 3
IDC - “by 2019, more than 75percent of IoT device manufacturerswill improve their security andprivacy capabilities, making themmore trustworthy partners fortechnology buyers.”
Expert Opinion-based Planning
Long-term Planning: year 3 – year 5+• IoT technology by years 2020 and beyond
• Displays very promising future and longevity for the next-generation of the cyber infrastructure for IoT security
Figure 1
Figure 2
TECHNOLOGY MONITORINGIoT Security Technology Forecast
Technology Monitoring
The technology areas for future development to focus on in regards to addressing the scenario arising in the IoT security domain are the following:
• Software, network and hardware security
• Management and monitoring services
• Identity and access management
• Privacy
• Cyber resilience
TREND ANALYSISIoT Security Technology Forecast
Trend Analysis
The competitors that are making progress with IoT security methods for either proprietary or more open source means are the following:
• Zig Bee Alliance
• OpenFog
• Z-Wave
• Thread Group
• AllJoyn
• IoTivity
• Industrial Internet Consortium (IIC)
SWOT ANALYSISIoT Security Technology Forecast
SWOT Example
• SWOT Analysis diagram expressing the strategic internal and external analysis for a particular domain
• The diagram illustrates the strengths and weaknesses being categorized in the internal analysis
• It also illustrates the opportunities and threats being categorized in the external analysis classification.
Analysis Positive NegativeIn
tern
alStrengths Weaknesses
• Can mitigate most current IoT network compromises • Lack of funding for experimental approaches
• Execute automated security analysis desifned for IoT • Commercialization of the IoT detection / protection services
• Unified user-to-physical system interaction & process-to-communication APIs • Security protocol standardization
• Can better address issues that affect Web 4.0 deployments • No IoT consortium/alliance affiliation
- DDoS Botnet Attacks
- Remote Smart Car Hacks
- Wearable Devices Hacks
• Research team has SMEs from Cybersecurity, Threat Analytics & Physical Computing fields
Exte
rnal
Opportunities Threats
• Market Trends • Competitors w/ similar services
- Ubiquitous operating environments - Zigbee
- Ease of connectivity - OpenFog
- Widespread adoption of wireless and IP-based networking - Zwave
- Continuous use of cloud services - Atomic Mole
- Computing data analytics - IoTivity
• Technology Trends - AllJoyn
- Software, network & hardware security • Alliances that can hinder success if no affiliation is achieved
- Management & monitoring services - Zig Bee Alliance
- Identity and access management - Thread Group
- Privacy - Industrial Internet Consortium (IIC)
- Cyber resilience
NEW FOCUSFuture Work
Thank You!
