Leveraging the Open MULTOS Standards for Smart …...In 2015 a power blackout caused by an external...
Transcript of Leveraging the Open MULTOS Standards for Smart …...In 2015 a power blackout caused by an external...
MAOSCO Limited, 1st Floor, GPS House, 215 Great Portland Street, W1W 5PN London, United Kingdom Registered in England & Wales no.3290642
MULTOS is a trademark of MULTOS Limited.
Leveraging the Open MULTOS
Standards for Smart Meters Securing & Enhancing Smart Solutions
Abstract
This paper discusses some of the fundamental security risks facing Smart
Utility Meters and reviews how these can be addressed with the widely
implemented Open MULTOS Standard. Additional benefits of enhanced
flexibility and potential cost efficiencies are highlighted, allowing meter
manufacturers, energy management solution providers, and utility
companies to review if MULTOS technology is suitable as part of an overall
system and business enabling approach.
MAOSCO Ltd.
Page 1 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
© 2017 MAOSCO Limited – All Rights Reserved
All rights reserved. You may download, store, display on your computer, view, print, and link to the
MAOSCO Limited “Leveraging the Open MULTOS Standards for Smart Meters” at www.multos.com
subject to the following: (a) the Report may be used solely for your personal, informational, non-
commercial use; (b) the Report may not be modified or altered in any way; (c) the Report may not be
redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote
portions of the Report as permitted by the Fair Use provisions of the UK Copyright, Designs and
Patents Act 1988, provided that you attribute the portions to MAOSCO Limited “Leveraging the Open
MULTOS Standards for Smart Meters”.
Page 2 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Contents
The Connected Infrastructure Promise and Problem ............................................................................. 3
How can MULTOS be leveraged for Smart Meters? ............................................................................... 5
MULTOS Overview .................................................................................................................................. 6
The MULTOS Technology ................................................................................................................ 6
The MULTOS Consortium ................................................................................................................ 7
1) Device Software .................................................................................................................................. 8
2) Endpoint Device Identity and Authentication .................................................................................... 9
3) Data Safeguards ................................................................................................................................ 10
4) Provisioning ...................................................................................................................................... 11
5) Lifecycle Management ...................................................................................................................... 12
6) Flexible Remote Interactions ............................................................................................................ 13
7) Cost Efficiencies ................................................................................................................................ 15
8) Low Power Consumption .................................................................................................................. 17
Conclusions ........................................................................................................................................... 18
Bibliography .......................................................................................................................................... 19
Page 3 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
The Connected Infrastructure Promise and Problem
Over the past few years’ significant hype has been reported about the future for consumers and
businesses as an increasing number of devices and services are expected to become interconnected.
The potential benefits permeate business, consumerism, technology, and society. Common phrases
for this evolving paradigm include; the second digital revolution, the fourth industrial revolution, and
the Internet of Things (IoT). The Gartner technology hype cycle (Gartner, 2016a) predicts that IoT
emerging technology will mature and reach mainstream adoption in perhaps 5 years. Hence today is
a perfect time for solution providers and manufacturers to review facilitating technologies.
Smart Meters are considered part of the wider
IoT eco-system and promise to offer a range of
benefits to businesses and consumers. For the
consumers Smart Meters can allow a greater
level of utility consumption monitoring and
control, thus potentially improving utility
management and reducing wasteful
consumption. For utility businesses the meters
can improve efficiencies associated to billing
and overall utility management. Aside from
the commercial and consumer gains Smart
Meters are seen as an eco-friendly upgrade.
Millions of Smart Meters have already been installed as part of major national roll outs and initial
pilots. The very nature of using Smart Meters that are connecting to central systems and using
electronic communication protocols to transfer data can increase the risk of cyber-attack. As a smart
meter may control the energy supply to a home, a cyber attack may cause power cuts to large
populations for extended periods of time, particularly if the meter's communications have been
disabled as part of the attack. Security architectures deployed can vary from one implementation to
another, some more secure than others, and the complexity and flexibility provided may also differ.
For connected devices in general, various reports have highlighted the need for a much stronger focus
on security. Research firms have made stark claims relating to the security risks.
Page 4 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
The security level required by connected device solutions will vary depending on the functions they
are performing, the criticality of the data they are managing, and desire to avoid business impacts.
Some businesses may feel the risks are acceptable to minimize costs or to reduce time to market.
Countless generic cyber security hack reports
have been published, particularly relating to
data base system components where thieves
obtained batches of personal or financial data
for fraudulent use. Particularly concerning for
IoT systems are the reports of endpoint and
control systems attacks, which as highlighted by
the cases below can lead to business
reputational and financial impacts and actual
physical damage.
In 2010 the Stuxnet computer worm was identified revealed a sophisticated cyber-attack targeting a
uranium enrichment facility in Iran. Its delivery channel was a USB memory device and it targeted
embedded firmware running on sensors and control systems (Langner. R, 2011).
In 2013 a major breach occurred at a US retailer, as 70 million stored customer card details were
compromised, resulting in a high cost for the firm, its customers, its employees, and impacted banks.
High-ranking employees lost their jobs including the CEO and CIO. The attack consisted of an email
containing malware which was sent to a connected partner firm and likely contained a password-
stealing bot program which later stole credentials to an online vendor portal (Radichel. T, 2014).
In 2015 a power blackout caused by an external cyber-attack impacted 225,000 people in Ukraine.
Thought to be the first successful attack on public utilities, malware was used to shutdown critical
infrastructure (Wired, 2016c).
Attack vectors may include; software, hardware, data and communication, identification, controlling
systems, remote updates, and provisioning. As connected device numbers increase, so the potential
risks are expected to increase. The IoT economy has been forecast at $8 trillion over the next ten years
(cbronline, 2015), a strong indicator that hacking will be increasingly attractive to fraudsters. By
reviewing appropriate security measures at the outset of the design, businesses can prepare for the
risks of today and the inevitable risks of tomorrow whilst capitalising on the potentially lucrative
connected technology opportunities.
Page 5 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
How can MULTOS be leveraged for Smart Meters?
Connected Smart Meters by their very nature introduce risk by potentially allowing remote intrusion
to their own device or access to other connected devices and supporting systems. The Smart Meters
often referred to as endpoints on the smart meter network may vary in function but regardless most
require a number of sensitive processes to be protected including:
Some Smart Meters may also require or benefit from:
Through the implementation of Public Key Infrastructure (PKI), MULTOS standard technology can
provide Smart Meters with appropriate “Hardware Root of Trust” and cost effective mechanisms to
address all such requirements. A trusted computing architecture based on PKI is widely accepted in
the IT Industry as a versatile approach to combine flexibility and security.
MULTOS utilises PKI at its core to secure endpoint connected devices.
Manufacturers and solution providers can leverage MULTOS Trust
Anchors, comprising embedded integrated circuits with the loaded
MULTOS Operating System, which provides an ultra-secure execution
environment, protecting the meter from malware and other digital
attacks. Critical data transmission can also be secured to and from the
meter. MULTOS Trust Anchors are supported by cryptographic services
via central or in-house MULTOS Certificate Authority platforms,
facilitating full end-to-end protection.
Page 6 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
MULTOS Overview
The MULTOS Technology
MULTOS technology was designed to address the need for a secure, efficient, and common standard
to provision smart cards such as those used in payment “Chip and PIN” microprocessor cards, and
government issued citizen identity cards. The MULTOS platform ensures these cards are operated
during their lifespan with a high degree of robust protection against fraudsters. The secure and flexible
MULTOS features, along with its high security reputation have allowed the technology to also become
widely used in numerous security applications, such as Identity, Access Control, Government Programs
in addition to secure EMV and contactless payment devices. Implemented worldwide in mass volume,
the MULTOS design has met and surpassed its initial brief.
Figure 1. Robust MULTOS Technology Adopted Worldwide
As in Figure 1 MULTOS smart cards were the first to achieve the EAL7 Common Criteria security
certification which is an Information Technology Security Evaluation measurement of smart cards and
other secure devices. Enabling this achievement are the security features and processes built into the
specifications that essentially provide the two core benefits of:
Page 7 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
The MULTOS Consortium
There are multiple stakeholders in the open MULTOS technology today. Thousands of card issuers
such as banks and governments utilise the technology to issue in mass volumes to end users. Some
businesses have extended their interest in the technology by becoming a member of the MULTOS
Consortium which allows them to leverage the technology benefits for their own commercial gains.
Figure 2. The MULTOS Consortium Members – January 2017
The consortium as presented in Figure 2 is a diverse mix of respected global businesses and IT security
businesses providing MULTOS related deliverables such as; secure chip supply, operating system
supply, application supply and development, data processing for issuance services and post issuance
interactions, personalization solutions and component provision, secure key management services
and solutions, application and transaction processing, consultancy and training, and business
development.
Today the ever expanding smart card industry and new smart device applications such as the IoT are
attracting new members to the consortium and driving future MULTOS evolution.
Page 8 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
1) Device Software
One significant area of risk for Smart Meters is the firmware and software operating systems and
applications. Once embedded code and applications become corrupted or infected with malware, all
manner of issues can arise.
Infected meters may cease to function as designed causing consumer frustration and system
management problems. Knock on effects such as incorrect data captured from the meter may infect
or invalidate data stored centrally. As most meters will require some form of sensitive data to be
stored at the endpoint such as authentication keys, fraudsters have a clear target for their malicious
endeavors. Likewise, attackers may target the downloading of software stored on the meter, and
threaten the manufacturer’s intellectual property.
The very nature of connected devices lends itself to cost effective remote software updates to patch
weaknesses or address incorrect functioning, but that operation assumes the device will still interact
with remote controlling systems as expected once the device becomes infected with malware, which
of course may not be the case and may lead to unexpected replacement costs and engineer visits.
Fraudsters and hackers are likely to target these areas of risk.
So what countermeasures can be employed to address under-protected software?
All such issues may be prevented by using a hardened processor or co-processor with associated
secure functions such as power scrambling, internal data encryption, and advanced error detection.
This approach of designing a device with core hardware and software countermeasures and utilizing
specific cryptographic functions to protect operations has been the bedrock for the micro-processor
industry for over 20 years, and is considered critical to thwart cyber-attacks and prevent loss of
confidence in the technology.
In the late 1990’s an attack was published based on Differential Power Analysis which later went on
to drive significant interest, concern, and evolution in the smart card industry. The attack threatened
to expose secret key information from smart cards and albeit quite difficult to perform did drive
manufacturers to add hardware and software countermeasures to new products, essentially to
preserve the reputation of the industry and the associated businesses. A clear example that could be
followed in the evolving smart utilities markets.
Page 9 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
A hardened processor with the appropriate functions could be implemented; to provide a bootstrap
secure start-up process for the meter core operating system, to ensure only verified software
applications are run within the meter, and to secure any critical data such as authentication keys.
MULTOS technology is typically implemented on hardened
processor integrated circuit components and hence can
provide the software and credential protection previously
described. To further boost the protection the addition of
a Secure Execution Environment (SEE) is built into the
operating system. The SEE acts as an on device policing
agent, ensuring strict application and associated data
segregation. This mechanism was designed to support the
multi-application capability leveraged by some MULTOS
smart card offerings for end cardholders.
2) Endpoint Device Identity and Authentication
For most Smart Meter systems, it can be critical to ensure the meters have a unique identity within
the network. If a meter is unable to maintain its intended identity any data it provides to a central
system may not be considered
trustworthy or valid. Through
provisioning faults or intended
attacks, meter ID duplications are a
system risk which at best can lead to
confusion and service disruption, but
in more severe cases can lead to fraudulent behaviour. Clearly a strong identity should be a
fundamental cornerstone of a smart meter design, but how could this be delivered?
Good IT security practice suggests that specific processes should be applied to address this risk. One
such option is to personalise the endpoint with a specific identification serial number and to add a
robust unique cryptographic identity. Figure 3 highlights the manufacturing process for MULTOS
where a unique chip identifier is generated and injected in the device to allow a cryptographic binding
of each chip to a specific owner. This is built into the MULTOS technology platform and has been
utilised by the nearly 1 billion MULTOS devices already deployed.
Figure 3. The MULTOS Robust Unique Endpoint Identity
Page 10 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Public key cryptography is an already proven mechanism to ensure flexible IT architecture endpoint
identities. MULTOS uses this process where asymmetric key pairs (matched sets containing a public
and a private key) are generated and loaded into the secure chip to provide the endpoint with a strong
personalised identity.The MULTOS Carrier Device (MCD) ID number is linked with a specific device
issuer ID number and the PKI key set to form the robust unique identity. The latest MULTOS
specifications support strong PKI cryptographic algorithms with extended key lengths.
A second option to address the risk of a weak endpoint identity is to enforce strong mutual
authentication between the meter and the central system. The supported asymmetric and symmetric
cryptographic functions within a hardened processor can be used by the applications to ensure robust
mutual authenticity when appropriate.
3) Data Safeguards
Lost, stolen, or corrupt data can have significant financial and reputational impacts for businesses, as
clearly highlighted by the recent retailer data breach example (Radichel. T, 2014). Data stored at Smart
Meters, at central systems, and
in transit within networks is
potentially at risk.
Communication protocols
which are necessary to allow
system interaction are not
always as secure as they might
be perceived, and if considered secure all the security feature options within them may not have been
implemented. There have been reports exposing such weaknesses and poor security implementations
(Zillner. T, 2015).
Gartner predict that by the year 2020, there will be a black market exceeding $5 billion to sell fake
sensor and video data to enable criminal activity (Rossi, 2016), a concerning threat to businesses and
consumers alike. Of course not all data may need the same level of protection, and the application or
service, be that medical, personal, financial, or operational will dictate the level of protection required.
To protect utility businesses and consumers, how can a multi-layer approach be applied to ensure
adequate protection of sensitive data?
Highly secure smartcard chip technology has been
developed, enhanced and deployed worldwide for nearly
20 years. Therefore the cryptographic features supported
by smartcard platforms such as those within MULTOS
products could be used to allow additional levels of
protection for the Smart Meter data, thus boosting the
protection provided by any existing communication
protocols and security features.
Page 11 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Figure 4 shows how a Smart Meter could benefit from the cryptographic features supported by
MULTOS to allow the additional level of protection for the sensitive data.
Figure 4. MULTOS Securing Stored and Transmitted Data
Symmetric or Asymmetric cryptography features can be employed to encrypt any data at risk, such
that the data will be of no use to any third party accessing the data without authorization.
Specifically for Prepayment meters there may be requirements to secure the sending of payment
credits to the meter and secure the reading back of energy consumption data from the meter. The
MULTOS cryptography features can be implemented to encrypt and authenticate payments and
update the keys used in the process when virtual token based systems are employed as defined in IEC
62055-41.
4) Provisioning
Often the provisioning of the Smart Meters is performed as part of the manufacturing process. For
some meters this may continue to be the applied process. However, the greater reliance on
connectivity opens up more dynamic possibilities for provisioning.
It may make sense for commercial or practical reasons to remotely provision Smart Meters. Certain
desired business models may seek to have utility or other third party applications and data loaded in
meters which are already in use. The mechanism of remote provisioning may need to factor in
functional risks with unreliable communications and security risks associated to provisioning over
insecure communication channels.
Page 12 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Smart Meter application and data provisioning requirements may vary depending on the meter
service. Some Smart Meters may need new keys and configuration data loading when a consumer
changes utility provider. Hence how can a secure and simple mechanism be provided to facilitate these
in-field remote processes?
Utilising a strong key management method as shown in Figure 5 can provide the necessary
simplification and security required for a robust provisioning solution.
Figure 5. Simple and Secure MULTOS Provisioning
An option could be to utilise asymmetric cryptography as supported by MULTOS for managing the
deployment of the meter, and utilising either a secure packet or a secure channel to deploy the meter
content. The use of secure, encrypted load packets between the meter and the provisioning service
can further simplify and reduce key management.
The use of asymmetric cryptography easily allows the meters to be managed by the infrastructure
owner or operator, whilst third party utility providers can load their content to the meters assuming
the operator has authorized the change. Any utility provider sensitive content can be encrypted such
that the operator and any unauthorized entity would not have access. This versatile mechanism built
into the MULTOS specifications could be an efficient solution for the likely complex business models
required within some meter markets and could allow utility providers to deliver their services via the
already issued smart meter infrastructure.
5) Lifecycle Management
Considering the lifecycle of any Smart Meter should feature highly with manufacturers and solution
providers. Most meters are intended to be in use for many years and may benefit from a flexible and
controlled lifecycle. Meters
may contain sensitive data
such as authentication keys
and it may not be desirable to
leave this data within unused
meters when no longer
required. Smart Meters may
need a number of remote
Page 13 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
functional updates to reconfigure or modify the service over time. Of course security updates are a
likely requirement as attacks evolve and improve over time. What mechanism could deliver the
required security and flexibility to support these needs?
The processes for this flexibility and control were built into the open MULTOS specifications many
years ago. Figure 6 shows that life cycle process which includes;
Initial activation where the device receives its robust cryptographic ID
Application loading for issuance
Subsequent updating as required
Eventual application and associated data deletion at the end of life
Figure 6. MULTOS Asymmetric Lifecycle Management
All the steps are secured with support from an in-house or central CA or Key Management System,
providing the solution provider and device issuers with the assurance of full control of their assets and
any extended risks associated to them.
6) Flexible Remote Interactions
Many businesses are developing or have already developed management systems to remotely service
Smart Meters. Often referred to as Device Management platforms, they usually perform a range of
activities such as; diagnostics, software updates,
and lifecycle management. The increase in
companies adopting such systems along with
connectivity and application management
platforms is expected to fuel the forecast 30.8%
(CAGR) in revenues from third party IoT platforms
between 2015 and 2021 (Berg Insight, 2016). As
connected eco-systems develop, what flexible
processes could be implemented to allow the
leveraging of existing systems?
Page 14 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Asymmetric cryptography using the processes supported by MULTOS technology can not only simplify
the key management, but can also ensure a high degree of provisioning and meter management
flexibility. Figures 7, 8, and 9 show how a meter could be updated directly by a system that knows the
meter and its PKI credentials. Alternatively if the system does not know the meter credentials, the
meter can be requested to provide them, thus allowing utility third parties to modify the meter
content, assuming they have an agreement to do so with the operator. This could be a very useful
feature for systems updating meters that they do not own or manage. Also a system could prepare
the meter updates offline, perhaps using a batch processing approach, allowing for later retrieval and
updating by the meter itself.
Figure 7. Push – Known Public Key Updating
Figure 8. Push – Requested Public Key Updating
Figure 9. Pull – Known Public Key Updating
Having this level of flexibility built into a system can help to future proof the solution by allowing for
new features and business models, and may ultimately improve the commercial monetization of the
service.
Page 15 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
7) Cost Efficiencies
Securing Smart Meters could be fundamental, but we should also consider cost efficient scaling of the
infrastructure. The cost of the meters and the overall system is critical for business viability, and in
some cases security may be sacrificed to reduce costs.
Each business must decide their own level of acceptable risk regarding any security verses cost trade-
offs. In the digital technology industries few would argue that security is not a concern in the ever
increasingly connected world, and systems not already targeted by hackers and fraudsters today may
well become attractive targets in the future. So clearly some security is desirable, but is it possible to
provide adequate security without significant additional cost?
By utilising PKI technology, it could well be possible to comprehensively address security concerns
whilst minimizing costs. Derived from the GSMA IoT endpoint security guidelines (GSMA, 2016), the
diagram in Figure 10 highlights asymmetric security with personalised keys, which is supported by
MULTOS, as the most secure approach to protect connected devices and the most likely to remain
secure for the long life spans of connected devices.
Figure 10. PKI Recommended for Security, also Delivers Efficiencies
By using asymmetric cryptography cost efficiencies could be realised, including:
Page 16 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Further cost efficiencies could be realised within the meter design via the configuration approach
adopted. Figure 11 presents the architecture where a separate secure element co-processor is used
by the main processor to handle specific security related functions. This architecture may be easier to
implement for some designs as it may be less disruptive to an existing meter product configuration.
Figure 11. MULTOS implemented as a separate co-processor
Alternatively, the MULTOS security could be implemented within the main microcontroller as shown
in Figure 12. This could present a more cost efficient overall architecture with a lower bill of materials.
Figure 12. MULTOS implemented within the main microcontroller
The specific configuration option selected should consider a number of factors, including:
Page 17 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
8) Low Power Consumption
MULTOS secure implementations are designed with low power consumption in mind. Devices can
include separate power domain options for embedded low power modes, ideal for battery power
supplied Smart Meters such as gas and water meters.
Low Power Mode
This is the ability for an application to go into a reduced power mode of operation when it is waiting
to receive an embedded event call. Testing to date has revealed it can reduce the secure chip current
consumption from 10mA to 3mA.
Power Domains
Current implementations have three power domains:
Main power domain for the majority of the chip
The GPIO front end power domain
The ISO front end power domain
Typically implementations draw very little current when only the GPIO power domain is powered up,
which has been tested at less than 0.1uA. This can allow a permanently powered up low power mode
of operation. When the MULTOS O.S is called for a specific security function to be used the powered
up state can switch as required, and then revert back to a low power mode when the security function
has been performed, resulting in very little battery drain.
Page 18 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Conclusions
With the significant opportunities Smart Meters can offer utility businesses, and the evident increasing
risks derived from the digital inter-connections, it is clear that security should be seriously considered
within an overall system design. The level of acceptable security should be based on; costs, time-to-
market, reputational and financial risks from cyber-attacks, business and consumer privacy,
protection, safety, and potential evolutions required of a system or meter over time.
Attackers targeting software is a common risk within IT and may increase as more Smart Meters are
inter-connected. The MULTOS technology with hardware and software countermeasures and a
successful history in the smart card industry does offer suitable protection.
Ensuring Smart Meters are identified as unique within their network and operate with adequate
mutual authentication is an obvious design focus to avoid functional issues and potential fraud. With
MULTOS authentication features a robust unique cryptographic identity can be easily enforced.
Protecting the sensitive data within utility systems may be critical. Different applications and data
elements may require different levels of protection based on their sensitivity and type of use. Hackers
may target sensitive data to either commit fraudulent activities or damage business reputations.
Trusted security features from the smart card industry as supported by MULTOS can further enhance
any security provided by existing connectivity protocols. A sound “belt and braces” approach is
recommended to ensure protection over time and the longevity of the solution.
Provisioning, the process to load applications and data within a meter either initially or when in use
should warrant some careful consideration of the current needs and of potential future business
opportunities. Some markets have requirements for this flexibility. MULTOS provisioning is ideally
suited to provide a simple and secure mechanism to meet these requirements.
Smart Mater life spans may cover many years. Implementing a controlled whole lifecycle approach
can not only protect the meters and solutions but can also ensure they remain flexible and versatile.
The proven robust MULTOS lifecycle process can offer such security and flexibility.
Managing Smart Meters can often be most efficiently achieved via remote systems. Such meter
management systems may need to not only manage or interact with their own meters, but may also
need to control applications and data on third party owned meters. MULTOS technology offers flexible
options to facilitate these processes.
The implementation of PKI cryptography to enhance security and flexibility can help derive a number
of total system cost efficiencies. Overall key management may be simplified reducing the effort,
update processing may be managed in cost effective offline batches, and meter management
complexity may be reduced. MULTOS can fully support these potential system optimizations.
The hardware Root of Trust mechanisms provided by the MULTOS standard are very well suited to
deliver exceptional levels of control, security, flexibility, and business efficiencies for Smart Meters.
Page 19 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Bibliography
Berg Insight (2016). IOT Platforms and Software. [Online]
Available at: http://www.berginsight.com/ReportPDF/ProductSheet/bi-platforms2-ps.pdf
[Accessed 07-09-2016].
Cbronline (2015). Cisco: IoT to generate $8 trillion worldwide in 10 years. [Online]
Available at: http://www.cbronline.com/news/internet-of-things/m2m/cisco-iot-to-generate-8-trillion-
worldwide-in-10-years-4555412
[Accessed 05-09-2016].
Computer Weekly (2016). How to secure the internet of things. [Online]
Available at: http://www.computerweekly.com/opinion/How-to-secure-the-internet-of-things
[Accessed 19-07-2016].
Gartner (2016a). Gartner's 2016 Hype Cycle for Emerging Technologies Identifies Three Key Trends That
Organizations Must Track to Gain Competitive Advantage. [Online]
Available at: http://www.gartner.com/newsroom/id/3412017
[Accessed 03-09-2016].
Gartner (2016b). Gartner’s Top 10 Security Predictions 2016. [Online]
Available at: http://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/
[Accessed 19-07-2016].
GSMA (2016). IoT Security Guidelines Overview Document, Version 1.0, 08 February 2016. GSMA.
Langner. R (2011). Cracking Stuxnet, a 21st-century cyber weapon [Online]
Available at: http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon
[Accessed 27-10-2016].
NYC Consumer Affairs (2016). Consumer Alert: Consumer Affairs Warns Parents to Secure Video Baby Monitors.
[Online]
Available at: http://www1.nyc.gov/site/dca/media/pr012716.page
[Accessed 19-07-2016].
Radichel. T (2014). Case Study: Critical Controls that Could Have Prevented Target Breach. Sans Institute.
Rossi. B (2016). 4 unexpected implications arising from the Internet of Things – Gartner. [Online]
Available at: http://www.information-age.com/technology/applications-and-development/123460779/4-
unexpected-implications-arising-internet-things-gartner
[Accessed 07-09-2016].
The Inquirer (2016). Just one in 10 IoT devices offer adequate security, warns research. [Online]
Available at: http://www.theinquirer.net/inquirer/news/2460405/just-one-in-10-iot-devices-offer-adequate-
security-warns-research
[Accessed 19-07-2016].
Page 20 of 20 © 2017 MAOSCO Limited – All Rights Reserved.
Wired (2016a). After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix. [Online]
Available at: https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/
[Accessed 19-07-2016].
Wired (2016b). A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever. [Online]
Available at: https://www.wired.com/2015/01/german-steel-mill-hack-destruction/
[Accessed 19-07-2016].
Wired (2016c). Hackers were behind Ukraine power outage [Online]
Available at: http://www.wired.co.uk/article/ukrainian-power-station-cyber-attack
[Accessed 27-10-2016].
Zilner.T (2015). ZIGBEE EXPLOITED, The good, the bad and the ugly. [Online]
Available at: https://www.blackhat.com/docs/us-15/materials/us-15-Zillner-ZigBee-Exploited-The-Good-The-
Bad-And-The-Ugly.pdf
[Accessed 07-09-2016].