Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT Security and Privacy

Published byAnni Aro Modified over 6 years ago

Similar presentations

Presentation on theme: "IoT Security and Privacy"— Presentation transcript:

1 IoT Security and Privacy
Assessing the impact on networks and the consumer Rajnesh Singh Regional Bureau Director for Asia-Pacific For ISOC External Use

2 The number of IoT devices and systems connected to the Internet will be more than 2.5x the global population by 2020 (Gartner).

3 As more and more devices are connected, privacy and security risks increase.
Used with permission. 

4 The challenges we face

5 New devices, new vulnerabilities
The Internet Society 1/1/2019 New devices, new vulnerabilities The attributes of many IoT devices present new and unique security challenges compared to traditional computing systems. Device Cost/Size/Functionality Volume of identical devices (homogeneity) Long service life (often extending far beyond supported lifetime) No or limited upgradability or patching Physical security vulnerabilities Access Limited user interfaces (UI) Limited visibility into, or control over, internal workings Embedded devices Unintended uses BYOIoT Industry is not adequately addressing fundamental security, privacy and life-safety issues. Many manufacturers are new to the networking and Internet arena, and lack experience. There are STRONG competitive pressures for speed to market and cost reduction. Security and privacy cost money, require specialized skills, and slow down the development process. The proliferation of devices, and corresponding interactions with other devices, increase the “surface” available for cyberattack. Poorly secured devices affect the security of the Internet and other devices globally, not just locally.

6 Key Challenge: IoT Ecosystem
Three Dimensions: Combination of devices, apps, platforms & services Data flows, touch points & disclosures Lack of defined standards Impacts on Sustainability Issues: Lifecycle supportability Data retention / ownership

7 Who is responsible? Developers and users of IoT devices and systems have a collective obligation to ensure they do not expose others and the Internet itself to potential harm To scale up we need a collective approach, addressing security challenges on all fronts.

8 What we’re doing about it

9 There are two ways to view IoT Security
Inward Security Focus on potential harms to the health, safety, and privacy of device users and their property stemming from compromised IoT devices and systems Outward Security Focus on potential harms that compromised devices and systems can inflict on the Internet and other users Example of outward risk: A home appliance may continue to function well as far as the direct user is concerned, and s/he may be unaware that it is part of a botnet participating in a DDoS attack Toaster example: - Someone may use it against you, and remotely decide to burn your hands our even your house (inward security related issue) Your toaster works ok but is being used for a major DDOS attack (outward) At ISOC,  our focus is on the impact that IoT security and privacy has on the Internet and other users.

10 Online Trust Alliance IoT Security & Privacy Trust Framework
Measureable principles vs. standards development Consumer grade devices (home, office and wearables) Address known vulnerabilities and IoT threats Actionable and vendor neutral June 2015 kick off, consensus driven process with input from industry and policy-makers Multi-stakeholder working group – 100 plus participants Face-To-Face meetings / Public Call for Comments Ongoing refinement Working Group Focus

11 Online Trust Alliance IoT Security Resources
The Framework is broken down into 4 key areas: Security Principles (1-12) – Applicable to any device or sensor and all applications and back-end cloud services. These range from the application of a rigorous software development security process to adhering to data security principles for data stored and transmitted by the device, to supply chain management, penetration testing and vulnerability reporting programs. Further principles outline the requirement for life-cycle security patching. User Access & Credentials (13-17) – Requirement of encryption of all passwords and user names, shipment of devices with unique passwords, implementation of generally accepted password reset processes and integration of mechanisms to help prevent “brute force” login attempts. Privacy, Disclosures & Transparency (18-33) – Requirements consistent with generally accepted privacy principles, including prominent disclosures on packaging, point of sale and/or posted online, capability for users to have the ability to reset devices to factory settings, and compliance with applicable regulatory requirements including the EU GDPR and children’s privacy regulations. Also addresses disclosures on the impact to product features or functionality if connectivity is disabled. Notifications & Related Best Practices (34-40) - Key to maintaining device security is having mechanisms and processes to promptly notify a user of threats and action(s) required. Principles include requiring authentication for security notifications and that messages must be communicated clearly for users of all reading levels. In addition, tamper-proof packaging and accessibility requirements are highlighted.

12 ISOC “IoT Trust by Design” Campaign
1 Work with manufacturers and suppliers to adopt and implement the OTA IoT Trust Framework 2 Mobilize consumers to drive demand for security and privacy capabilities as a market differentiator 3 Encourage policy and regulations to push for better security and privacy features in IoT Consumers We want to raise awareness of the privacy and security risks and encourage consumers to voice their concerns Policymakers and Regulators We want policymakers to create a policy environment that favors strong security and privacy features in IoT products and services

13 Activity highlights OTA IoT Trust Framework implementation
Best practices and toolkits Implementation guide Training for ISOC and community Global, regional and local partnerships Security-minded IoT alliances Certification organizations Civil society organizations Organizations that review consumer products Internet Society community Research Paper on IoT Security for Policymakers Policy research: mapping the IoT policy/regulatory landscape Economic study on IoT security externalities Study on “consumer grade” IoT markets, to better understand manufacturing trends and consumer behaviour Outreach to policy makers Regional engagement in strategic countries Global and regional events Workshops and capacity building Thought pieces and articles

14 Thoughts and suggestions?

15

Download ppt "IoT Security and Privacy"

Similar presentations

Spencer Henson & Oliver Masakure International Food Economy Research Group Department of Food, Agricultural & Resource Economics University of Guelph.

Spencer Henson & Oliver Masakure International Food Economy Research Group Department of Food, Agricultural & Resource Economics University of Guelph.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Regulation & Implementation of Mobile Internet Quality of Service: Role & Scope of Civil Society Organisations PRESENTATION BY: NEHA TOMAR, RESEARCH ASSOCIATE,

Regulation & Implementation of Mobile Internet Quality of Service: Role & Scope of Civil Society Organisations PRESENTATION BY: NEHA TOMAR, RESEARCH ASSOCIATE,
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Software Industry Issues Mark Lange Microsoft EMEA March 1, 2005.

Software Industry Issues Mark Lange Microsoft EMEA March 1, 2005.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
The Internet of Things and Consumer Protection

The Internet of Things and Consumer Protection
IoT Primer Stephen Bates | +1 202-730-9760 Energy Huntsville: Tues 15 Dec 2015 1.

IoT Primer Stephen Bates | Energy Huntsville: Tues 15 Dec
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
CABA’s CONNECTED CONSUMER ROADMAP

CABA’s CONNECTED CONSUMER ROADMAP
IoT Trust Framework leading to self regulation code of conduct and certification models Craig Spiezle Executive Director & President Online.

IoT Trust Framework leading to self regulation code of conduct and certification models Craig Spiezle Executive Director & President Online.
Chapter 8 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
5 th ITU Green Standards Week Nassau, The Bahamas 14-18 December 2015 Taming The IoT Security & Privacy Beast Craig Spiezle, Executive Director, Online.

5 th ITU Green Standards Week Nassau, The Bahamas December 2015 Taming The IoT Security & Privacy Beast Craig Spiezle, Executive Director, Online.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
FROM PRINCIPLE TO PRACTICE: Implementing the Principles for Digital Development Perspectives and Recommendations from the Practitioner Community.

FROM PRINCIPLE TO PRACTICE: Implementing the Principles for Digital Development Perspectives and Recommendations from the Practitioner Community.
Survey Results from HostingCon Next Gen Partner Ecosystems Research Conducted & Presented by Theresa Caragol.

Survey Results from HostingCon Next Gen Partner Ecosystems Research Conducted & Presented by Theresa Caragol.
What Next? Photo: Jodi Bieber/Save the Children. © National Nutrition Council, Madagascar Building on our unique contribution, achievements & learnings,

What Next? Photo: Jodi Bieber/Save the Children. © National Nutrition Council, Madagascar Building on our unique contribution, achievements & learnings,
© 2016 Global Market Insights, Inc. USA. All Rights Reserved IoT in Manufacturing Market grow at 20% CAGR from 2017 to 2024: Global.

© 2016 Global Market Insights, Inc. USA. All Rights Reserved IoT in Manufacturing Market grow at 20% CAGR from 2017 to 2024: Global.

Similar presentations

Ads by Google