IoT Security
Andy Thurai/ (@andythurai)SaneIoT.com
"Bringing sanity to the IoT/API chaos"
"Smaht" Things...Ya Baby!
We will Internet ("IP") enable our sensitive devices and call them "Wicked Smaht"
IoT infestation...
Photo courtsety Intel
SmartTraffic, SmartCity, SmartGrid, SmartHome, SmartToilet,SmartEnergy .....SmarterPlanet
IoT in the news lately...
Are you worried?
Pure Numbers
• Billions of devices. – Currently we are about 10 B devices*– Expected to grow to 50 B devices in 2020*
• Trillions of dollars.– Revenue by IoT is expected to be $9 T**– That doesn't include the monetization of the
data that these IoTs help collect
* Cisco estimation** IDC estimation - Cisco estimation is $19 T
Data Economy
Data is the new commodity
End to End Data Economy
• Data need to be collected (IoT, Devices, Sensors)
• Data need to be securely transported• Data needs to be sanitized• Data needs to be processed (Big Data)• Data needs to be stored• Data needs to be exposed (API)• Actionable results from Data (Analytics)
Pain or Gain?
• Monetization attack - Gain– Disrupt the supply chain– Disrupt the food/water supply chain– Disrupt the manufacturing chain
• Cause disruption and Chaos - Pain– (Cyber) terrorism
Maginot Line
Strategy or Execution?
Smart Energy/ Smart Grid
Control Freak!!!
photo courtesy of rtcmagazine
Stuxnet
So what now?
• With Billions of devices end point protection is not easy.
• Доверяй, но проверяй doveryai no proveryai (russian) - Trust, but Verify.
• Dont trust always verify.
Defense in Depth
Advise• Design with failure and vulnerability in mind• Data quality matters, not just quantity. • Clean, Trusted data should be weighted more.• Digitally sign device firmware. • Dont run anything from untrusted source,
especially firmware updates.• New generation of nano scanners.• Vouch for data integrity.
Different planes
IoT Security
Andy Thurai/ (@andythurai)SaneIoT.com
"Bringing sanity to the IoT/API chaos"