Paul Malone of TSSG spoke at the IERC debate entitled “The Internet of Energy Things will deliver...
-
Upload
telecommunications-software-systems-group-tssg -
Category
Technology
-
view
103 -
download
0
Transcript of Paul Malone of TSSG spoke at the IERC debate entitled “The Internet of Energy Things will deliver...
The internet of energy things will deliver a secure, cheap and
sustainable energy future
12/05/2015 www.tssg.org 2
The internet of energy things will deliver a secure?, cheap and
sustainable energy future
14/05/2015 www.tssg.org 3
• Increased attack surface
• Difficulty of patching devices
• Lack of data governance frameworks
12/05/2015 www.tssg.org 4
The OWASP Internet of Things Top 10
1. Insecure Web Interface
2. Insufficient Authentication/Authorization 3. Insecure Network Services
4. Lack of Transport Encryption
5. Privacy Concerns
6. Insecure Cloud Interface
7. Insecure Mobile Interface 8. Insufficient Security Configurability
9. Insecure Software/Firmware
10. Poor Physical Security
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project
12/05/2015 www.tssg.org 8
HP Report 2014
“70 percent of the most commonly used Internet of
Things (IoT) devices contain vulnerabilities,
including password security, encryption and general
lack of granular user access permissions.”
“IoT devices averaged 25 vulnerabilities per
product, indicating expanding attack surface for
adversaries” 12/05/2015 www.tssg.org 10
“The challenge is, you see all of these devices coming
online at a rapid clip, without robust security. … Trying to
apply a patch to a thermostat in the home is going to be
much more challenging.”
- Gary Davis, Intel Security
12/05/2015 www.tssg.org 11
Foscam Baby Monitor
• Multiple vulnerabilities
• 100,000 cameras in the wild (easy to find)
• 20% default user “admin” no password
• Vendor generated a patch (for some of the
vulnerabilities)
• 99% of cameras still ran the older firmware
12/05/2015 www.tssg.org 12
• Huge amounts of data
• Regulatory and compliance complexities
• Assurances with regard to PII
– Where is my data?
– Who has access?
• What assurances does the consumer have?
– How is my data being used?
• What is the value to me?
• What is the value to 3rd parties?
12/05/2015 www.tssg.org 14
“If privacy and confidentiality isn’t designed in up front, on
top of the security capabilities provided by the enabling
M2M infrastructure (including authentication, access
control, data protection), the benefits of the IoT cannot be
fully realized.”
- Tim Carey, Alcatel Lucent
12/05/2015 www.tssg.org 16
The internet of energy things will deliver a secure, cheap and
sustainable energy future
14/05/2015 www.tssg.org 17
The internet of energy things will deliver a secure, cheap and
sustainable energy future can
12/05/2015 www.tssg.org 18
The internet of energy things will deliver a secure, cheap and
sustainable energy future can
14/05/2015 www.tssg.org 19
But only if security is addressed first!