Embed Size (px)
Citation preview
© 2015 InterWorks, Page 2
• IoT is NOT BYoD
Defining IoT/What is IoT?
© 2015 InterWorks, Page 3
How Did This Slide Get in Here?!?
© 2015 InterWorks, Page 4
Sentinel Events – Examples we’ve seen to date…
Night Dragon - 2011 Shamoon - 2012 Energetic Bear - 2012
Norwegian
Oil & Gas - 2014
German steel works - 2014 Car Washes - 2015
Insulin Pumps - 2013
© 2015 InterWorks, Page 6
How Things Will Change
© 2015 InterWorks, Page 7
Potential impact & exposures?
© 2015 InterWorks, Page 9
Creating a New Security Framework
© 2015 InterWorks, Page 10
Be as specific as
possible
Identify all components
Note business objectives
Create use cases for
each variant
The “devil will be in the
details”
Start with the worst thing
that can happen
Make sure you include all
relevant externalities
(e.g., consumers,
regulators, public
opinion)
Start with interfaces &
potential attack surfaces
including physical access
Stay just outside the
realm of what is
reasonably foreseeable
Pair the impacts with the
vulnerabilities
New threats will become
apparent
Potential threats may be
considered speculative
Use threats to help define
impacts & vulnerabilities
Threats will evolve as
incentives change
Threats will evolve as IoT
becomes more common
Build the Risk Model
Define Use
Cases
Identify
potential
impact
Define likely
vulnerabilities
Identify
evolving
threats
© 2015 InterWorks, Page 11
The Devices & Risks are Diverseso How Do We Secure Them?
© 2015 InterWorks, Page 12
Useful to Think in Terms of Overall Process
Courtesy: F5 Labs
© 2015 InterWorks, Page 13
NIST smart meter flow diagram (2014)
© 2015 InterWorks, Page 14
Look at the Threat & Pair with Appropriate Controls
Courtesy: ©2015 Leidos. Used with permission.
© 2015 InterWorks, Page 15
Campaign analysis is used to determine
the patterns & behaviors of attackers
Cyber Kill Chain®
Campaign “Heat Map”
Group intrusions together into “Campaigns”
Prioritize & measure against each Campaign
Understand the Threat Landscape
© 2015 InterWorks, Page 16
• Rethink Everything!!!– Reduce the surface!!!
– Tech Selection – Based on Meta Trends!
• Know Your Line-Up!!!– Your Users, Executives & Management – Learn & Teach
– Your Adversaries – Anticipate their Tactics, Techniques
& Procedures
– Your Network (IoP) – Take a Vendor to Lunch
• Use the Resources that Are on Your Side!!!– Leverage Management’s Focus on Security
– Retool your Response Processes
– Measure & Adapt
Creating an IoT security strategy
© 2015 InterWorks, Page 17
Prevention is ideal, but detection is a must.
However, detection without correction has minimal value.
Automate the Response Based on Policies.
MOVE & DISABLERESTRICT ACCESSALERT & REMEDIATE
Deploy a Virtual Firewall around an infected
or non-compliant device
Reassign the device into a VLAN with
restricted access
Update access lists (ACLs) on switches,
firewalls & routers to restrict access
Automatically move device to a pre-
configured guest network
Open trouble ticket
Send email notification
SNMP Traps
Syslog
HTTP browser hijack
Auditable end-user acknowledgement
Self-remediation
Integrate with SMS, WSUS, SCCM,
Lumension, BigFix
Reassign device from production VLAN to
quarantine VLAN
Block access with 802.1X
Alter login credentials to block access
Block access with device authentication
Turn off switch port (802.1X or SNMP)
Terminate unauthorized applications
Disable peripheral device
Rethinking the Technology Components & Responses
© 2015 InterWorks, Page 20
• Next week you should:– Begin identifying the IoT implementations that are in place, planned, or anticipated – not
just inside your organization, but also in possession of your key people & partners
– Identify security policies or procedures that may be impacted by IoT
• In the next 90 days:– Begin applying the risk models & review results with management
– Identify mitigation steps & associated costs to achieve desired state
– Review insurance coverage & applicability
• In the next year:– Implement ongoing security monitoring (real-time with automated response)
– Continue identifying the IoT risks that you don’t control that affect your organization
– Build your IoP to collaborate on your evolution into this new world we’re entering
– Revise risk management model & obtain necessary approvals after each change of
scope (and you better believe that scope will change frequently)
7 or 8 or 9 things we can do to prepare
© 2015 InterWorks, Page 23
Thank You!
And Now…
It’s YOUR Turn!
