What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT...

30
What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National Telecommunications and Information Administration, US Department of Commerce

Transcript of What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT...

Page 1: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

What do you mean, “Patch”?

A shared vision of IoT Security Updates

1

Allan Friedman, PhD Director of Cybersecurity Initiatives, National Telecommunications

and Information Administration, US Department of Commerce

Page 2: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

tl;dr

The Department of Commerce is convening an open and consensus-driven multistakeholder process to develop a shared vision of security updates for consumer IoT. We need your help.

2

Page 3: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National
Page 4: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

4

Page 5: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National
Page 6: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National
Page 7: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

7

Page 8: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

8

Page 9: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

9

Page 10: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

10

Page 11: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National
Page 12: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National
Page 13: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

Vulnerability Disclosure

13

Page 14: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

14

Page 15: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

“Just build things securely!”

15

Page 16: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

16

Page 17: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

17

Page 18: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

Why Patching?

18

Page 19: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

19

Page 20: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

20

Page 21: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

21

Page 22: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

22

Page 23: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

23

Page 24: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

“Consumer”

24

Page 25: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

Capabilities

Technical Capabilities

Patching Expectati

ons

Patching Potential

Minimum Technical

Capabilities

For given technical capabilities, what type of patching/updating is

possible?

For given aspects of the patching process, what technical features

are necessary?

Page 26: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

Standards

26

Page 27: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

Communication & Transparency

27

Page 28: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

Incentives and Barriers

28

Page 29: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

Bullets!

• Goal: shared vision of patching, and a plan to promote this vision.

• Voluntary, community-driven, international. • Cross-sector and inter-disciplinary. • Both technical and policy aspects. • We need your help!

29

Page 30: What do you mean, “Patch”? - OMG...What do you mean, “Patch”? A shared vision of IoT Security Updates 1 Allan Friedman, PhD Director of Cybersecurity Initiatives, National

How you can help

• Talk to me - [email protected] – What are we doing wrong? – How can we do things better?

• Tell your colleagues. • Join the mailing lists and

working groups. Next meeting: April 26

30


OMG Cyber!

OMG Cyber!

Dds presentation omg

Dds presentation omg

Welcome to OMG! · OMG Vertical Markets. Standards are developed by OMG using a mature, worldwide, open development process. With more than 25 years of standards work, the OMG one-organization,

Welcome to OMG! · OMG Vertical Markets. Standards are developed by OMG using a mature, worldwide, open development process. With more than 25 years of standards work, the OMG one-organization,

amy late omg

amy late omg

Evorel Conti, Transdermal Patch - Ministry of Health · Change the patch on the same two days every week. This will mean that one patch is on for three days and the second patch for

Evorel Conti, Transdermal Patch - Ministry of Health · Change the patch on the same two days every week. This will mean that one patch is on for three days and the second patch for

OMG TMI!!!!!!!!111111111111111

OMG TMI!!!!!!!!111111111111111

Javascript omg!

Javascript omg!

The teen magazine that’s really an AGM report! · OMG LOL OMG LOL OMG LOL OMG LOL OMG LOL OMG LOL L As always it has been a busy and exciting year at the Youth Project. Each year

The teen magazine that’s really an AGM report! · OMG LOL OMG LOL OMG LOL OMG LOL OMG LOL OMG LOL L As always it has been a busy and exciting year at the Youth Project. Each year

OMG SysML Specificationxml.coverpages.org/OMG-SysML-Specification060504.pdf · OMG SysML Specification This OMG document replaces the submission (ad/06-03-01) and the draft adopted

OMG SysML Specificationxml.coverpages.org/OMG-SysML-Specification060504.pdf · OMG SysML Specification This OMG document replaces the submission (ad/06-03-01) and the draft adopted

OMG JavaScript

OMG JavaScript

Omg promo slide

Omg promo slide

PATCH SEWING patch back patch

PATCH SEWING patch back patch

OMG Vampires!

OMG Vampires!

Omg overview july2013

Omg overview july2013

OMG: Transformation OMG: Transformation SysML4Modelica

OMG: Transformation OMG: Transformation SysML4Modelica

Omg bpmn tutorial

Omg bpmn tutorial

WebML for OMG

WebML for OMG

Make your Career in OMG OCUP 2 Intermediate (OMG-OCUP2-INT200) Certification

Make your Career in OMG OCUP 2 Intermediate (OMG-OCUP2-INT200) Certification

OMG IIoT Standards at Work An Overvie · Andrew Watson OMG Technical Director OMG IIoT Standards at Work An Overview

OMG IIoT Standards at Work An Overvie · Andrew Watson OMG Technical Director OMG IIoT Standards at Work An Overview

Cardamom Omg

Cardamom Omg