SlideShare a Scribd company logo
1 of 15
Download to read offline
Principals of IoT Security
Stephanie Sabatini, Cyber Security Professional
Principals of IoT Security Agenda
Over the next 20 minutes we’ll discuss the following:
The Fear
• Be afraid (very afraid)
The Challenge
• IoT Security isn’t easy
The Solution
• Don’t be a statistic
The Fear
Principals of IoT Security
IoT Security – The Fear
• Baby monitors
• Thermostats
• Cars
• Medical devices
• Children’s toys
• Toasters
• Locks
• ETC…
IoT Security – The Fear
Gartner predicts 26 billion by 2020
• Revenue exceeding $300 billion in 2020
• $1.9 Trillion in global economic impact
The financially motivated attacker has 26 billion targets and 300 billion reasons.
The Challenge
Principals of IoT Security
IoT Security – The Challenge
The top 10 security challenges with IoT:
1. Insecure Web Interface
2. Insufficient Authentication / Authorization
3. Insecure Network Services
4. Encryption
5. Privacy Concerns
6. Insecure Cloud Interface
7. Insecure Mobile Interface
8. Insufficient Security Configurability
9. Insecure Software / Firmware
10. Poor Physical Security
IoT Security – The Challenge
Many IoT producers aren’t committed to security like a major tech company would
be. Toy companies, for example – Toys made by Mattel Inc. (Fisher Price brand)
with internet connectivity have been hacked revealing names, ages and
geographical location of children. They specialize in making toys – not security.
These ‘things’ live differently than the traditional internet connected devices. Many
attacks that we have seen so far take advantage of these differences. They exploit
the differences.
The challenge is applying security controls on non-traditional devices. The principal
is the same, but the control itself needs to be adapted (or innovated) to fit the
security gap.
Network + Application + Mobile + Cloud = IoT
The Solution
Principals of IoT Security
Perimeter
Network
Host
Application
Data
IoT Security – The Solution
Security by design and a
defense in depth approach will
consider security from the
design phase to the end-of-life
and destruction of information
phase.
IoT Security – The Solution
A holistic approach needs to be built in – not bolted on
• The device (end point security)
• The cloud
• The mobile application
• The network interfaces
• Encryption
• Authentication
• Patching
• Physical security
• Data Destruction
IoT Security – The Solution
Developers – build components securely using secure development
methodologies and perform static code analysis.
Infrastructure Support – build infrastructure with secure end points,
detective and preventative controls.
Testers – include all attack vectors in testing methodologies.
Manufacturers – Due diligence! Check, test, audit – make sure that
you are manufacturing a secure product by bringing experts to the
table. Plan for sufficient budgets.
Consumers – change passwords regularly, use encryption – use the
technology safely.
The Conclusion
Principals of IoT Security
IoT Security – The Conclusion
• DO NOT TRY THIS AT HOME!
• Experts! Call the experts!
• Expert solutions can’t be matched by homegrown solutions.
• DON’T PANIC
• Defense in depth
• Innovate!
Stephanie Sabatini
Cyber Security Professional & Strategist
Stephanie@sabatiniconsulting.com
514-895-8635

More Related Content

What's hot

IoT security compliance checklist
IoT security compliance checklist IoT security compliance checklist
IoT security compliance checklist PriyaNemade
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of thingsMonika Keerthi
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com -  IoT SecurityRyan Wilson - ryanwilson.com -  IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 

What's hot (20)

IoT security compliance checklist
IoT security compliance checklist IoT security compliance checklist
IoT security compliance checklist
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot device
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of things
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com -  IoT SecurityRyan Wilson - ryanwilson.com -  IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 

Viewers also liked

Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemCA Technologies
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresUITSEC Teknoloji A.Ş.
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Capgemini
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT SecurityBill Harpley
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Mauro Risonho de Paula Assumpcao
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Cybersecurity Skills Audit
Cybersecurity Skills AuditCybersecurity Skills Audit
Cybersecurity Skills AuditVilius Benetis
 
A Year of Cloud First: Lessons Learned
A Year of Cloud First: Lessons LearnedA Year of Cloud First: Lessons Learned
A Year of Cloud First: Lessons LearnedMike Chapple
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
Network Infrastructure Validation Conference @UPRA (2003)
Network Infrastructure Validation Conference @UPRA (2003)Network Infrastructure Validation Conference @UPRA (2003)
Network Infrastructure Validation Conference @UPRA (2003)Raul Soto
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Designing for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemDesigning for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemMaurizio Caporali
 

Viewers also liked (20)

7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk 7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructures
 
Cyber services IoT Security
Cyber services IoT Security Cyber services IoT Security
Cyber services IoT Security
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT Security
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Cybersecurity Skills Audit
Cybersecurity Skills AuditCybersecurity Skills Audit
Cybersecurity Skills Audit
 
A Year of Cloud First: Lessons Learned
A Year of Cloud First: Lessons LearnedA Year of Cloud First: Lessons Learned
A Year of Cloud First: Lessons Learned
 
Company Product Sheet
Company Product SheetCompany Product Sheet
Company Product Sheet
 
Deft
DeftDeft
Deft
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controls
 
Network Infrastructure Validation Conference @UPRA (2003)
Network Infrastructure Validation Conference @UPRA (2003)Network Infrastructure Validation Conference @UPRA (2003)
Network Infrastructure Validation Conference @UPRA (2003)
 
Ispe Article
Ispe ArticleIspe Article
Ispe Article
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
Designing for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemDesigning for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical System
 

Similar to Principals of IoT security

Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
What are the Challenges of IoT SecurityIoT has many of the same s.docx
What are the Challenges of IoT SecurityIoT has many of the same s.docxWhat are the Challenges of IoT SecurityIoT has many of the same s.docx
What are the Challenges of IoT SecurityIoT has many of the same s.docxalanfhall8953
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...Dark Bears
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET-  	  Internet of Things (IoT), and the Security Issues Surrounding it: ...IRJET-  	  Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...IRJET Journal
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart buildingDuncan Purves
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT securityPriyab Satoshi
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityOnward Security
 
Security Requirements in IoT Architecture
Security	Requirements	in	IoT	Architecture Security	Requirements	in	IoT	Architecture
Security Requirements in IoT Architecture Vrince Vimal
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security:  IBM HorizonWatch 2016 Trend BriefInternet of Things Security:  IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefBill Chamberlin
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationStefane Mouille
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentMark Szewczul, CISSP
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOThe Economist Media Businesses
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 

Similar to Principals of IoT security (20)

Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
What are the Challenges of IoT SecurityIoT has many of the same s.docx
What are the Challenges of IoT SecurityIoT has many of the same s.docxWhat are the Challenges of IoT SecurityIoT has many of the same s.docx
What are the Challenges of IoT SecurityIoT has many of the same s.docx
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking Bad
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET-  	  Internet of Things (IoT), and the Security Issues Surrounding it: ...IRJET-  	  Internet of Things (IoT), and the Security Issues Surrounding it: ...
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: ...
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart building
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT security
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
 
Security Requirements in IoT Architecture
Security	Requirements	in	IoT	Architecture Security	Requirements	in	IoT	Architecture
Security Requirements in IoT Architecture
 
VIISA Investment Day #4 - SecurityBox
VIISA Investment Day #4 - SecurityBoxVIISA Investment Day #4 - SecurityBox
VIISA Investment Day #4 - SecurityBox
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security:  IBM HorizonWatch 2016 Trend BriefInternet of Things Security:  IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product Development
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEO
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
 

More from IoT613

Smart City Next Steps
Smart City Next StepsSmart City Next Steps
Smart City Next StepsIoT613
 
Funding basics - From Boots to Wings
Funding basics - From Boots to WingsFunding basics - From Boots to Wings
Funding basics - From Boots to WingsIoT613
 
Autonomous Vehicles
Autonomous VehiclesAutonomous Vehicles
Autonomous VehiclesIoT613
 
Open source IoT
Open source IoTOpen source IoT
Open source IoTIoT613
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTIoT613
 
IoT planning for success
IoT planning for successIoT planning for success
IoT planning for successIoT613
 
What is the Natural Business Model for the Internet of Things - Blair Currie ...
What is the Natural Business Model for the Internet of Things - Blair Currie ...What is the Natural Business Model for the Internet of Things - Blair Currie ...
What is the Natural Business Model for the Internet of Things - Blair Currie ...IoT613
 
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)IoT613
 
Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...
Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...
Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...IoT613
 

More from IoT613 (9)

Smart City Next Steps
Smart City Next StepsSmart City Next Steps
Smart City Next Steps
 
Funding basics - From Boots to Wings
Funding basics - From Boots to WingsFunding basics - From Boots to Wings
Funding basics - From Boots to Wings
 
Autonomous Vehicles
Autonomous VehiclesAutonomous Vehicles
Autonomous Vehicles
 
Open source IoT
Open source IoTOpen source IoT
Open source IoT
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
IoT planning for success
IoT planning for successIoT planning for success
IoT planning for success
 
What is the Natural Business Model for the Internet of Things - Blair Currie ...
What is the Natural Business Model for the Internet of Things - Blair Currie ...What is the Natural Business Model for the Internet of Things - Blair Currie ...
What is the Natural Business Model for the Internet of Things - Blair Currie ...
 
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
Innovation and the Internet of Things - Emeka Nwafor (Wind River Systems)
 
Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...
Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...
Meaningful Interactions in a Tech Laden World - Anthony Scavarelli (Luminarti...
 

Recently uploaded

Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 

Recently uploaded (20)

Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 

Principals of IoT security

  • 1. Principals of IoT Security Stephanie Sabatini, Cyber Security Professional
  • 2. Principals of IoT Security Agenda Over the next 20 minutes we’ll discuss the following: The Fear • Be afraid (very afraid) The Challenge • IoT Security isn’t easy The Solution • Don’t be a statistic
  • 3. The Fear Principals of IoT Security
  • 4. IoT Security – The Fear • Baby monitors • Thermostats • Cars • Medical devices • Children’s toys • Toasters • Locks • ETC…
  • 5. IoT Security – The Fear Gartner predicts 26 billion by 2020 • Revenue exceeding $300 billion in 2020 • $1.9 Trillion in global economic impact The financially motivated attacker has 26 billion targets and 300 billion reasons.
  • 7. IoT Security – The Challenge The top 10 security challenges with IoT: 1. Insecure Web Interface 2. Insufficient Authentication / Authorization 3. Insecure Network Services 4. Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface 8. Insufficient Security Configurability 9. Insecure Software / Firmware 10. Poor Physical Security
  • 8. IoT Security – The Challenge Many IoT producers aren’t committed to security like a major tech company would be. Toy companies, for example – Toys made by Mattel Inc. (Fisher Price brand) with internet connectivity have been hacked revealing names, ages and geographical location of children. They specialize in making toys – not security. These ‘things’ live differently than the traditional internet connected devices. Many attacks that we have seen so far take advantage of these differences. They exploit the differences. The challenge is applying security controls on non-traditional devices. The principal is the same, but the control itself needs to be adapted (or innovated) to fit the security gap. Network + Application + Mobile + Cloud = IoT
  • 10. Perimeter Network Host Application Data IoT Security – The Solution Security by design and a defense in depth approach will consider security from the design phase to the end-of-life and destruction of information phase.
  • 11. IoT Security – The Solution A holistic approach needs to be built in – not bolted on • The device (end point security) • The cloud • The mobile application • The network interfaces • Encryption • Authentication • Patching • Physical security • Data Destruction
  • 12. IoT Security – The Solution Developers – build components securely using secure development methodologies and perform static code analysis. Infrastructure Support – build infrastructure with secure end points, detective and preventative controls. Testers – include all attack vectors in testing methodologies. Manufacturers – Due diligence! Check, test, audit – make sure that you are manufacturing a secure product by bringing experts to the table. Plan for sufficient budgets. Consumers – change passwords regularly, use encryption – use the technology safely.
  • 14. IoT Security – The Conclusion • DO NOT TRY THIS AT HOME! • Experts! Call the experts! • Expert solutions can’t be matched by homegrown solutions. • DON’T PANIC • Defense in depth • Innovate!
  • 15. Stephanie Sabatini Cyber Security Professional & Strategist Stephanie@sabatiniconsulting.com 514-895-8635

Editor's Notes

  1. IoT devices are often sold or transferred during their lifespan, they are connected for longer periods of time, they do not follow a traditional 1 to 1 model of users to applications