Unexpected and Complex Implications of the Internet of Everything ( IoE )

IIW | 06 May 2014

Secure Identity Consulting

Jeff StollmanSecure Identity Consulting

Unexpected and Complex Implications of the

Internet of Everything (IoE)

Agenda Defining Terms Promise and Implications Issues Prompted by IoT Legal Perspective Q&A

DEFINING TERMS

What is it?

Internet of Things

Internet of EverythingSe

ksSmart Appliances

ServersNetbooks

Smart P

Industrial Controllers

Databa

Definition

The Internet of Everything is:

ANY device that is connected to a network.

Constituent Devices

1. SENSOR 2. PROCESSOR 3. ACTUATOR

4. Combinations of the above

IoE is a superset

Traditional IT SCADA devices New Smart devices

PROMISE AND IMPLICATIONSUse Cases

The Promise

Use Case: Home Appliances – Security and Privacy

Who is ordering your perishables?

Use Case: Irrigation & Flood Control - Security

Who is ensuring data integrity?

Use Case: Farming – Information Ownership

Who owns the data you collect?

Use Case: Automotive Management – Privacy and Liability

Who is controlling your vehicle?

Use Case: Electric Vehicle Recharging Systems – Security and Liability

Who is paying for power from your outlet?

Use Case: Smart Packaging – Privacy and Liability

Who can learn what drugs you are taking?

Use Case: Physical Security – Privacy

Does privacy exist anymore?

Use Case: Electrical Grid – Security and LIability

Who is managing your power?

ISSUES PROMPTED BY IOT

IoT prompts several areas of concern Security

- Security issues of IoT are not new, but new solutions will be required. Privacy

Privacy issues of IoT are not new, but new solutions will be required. Ownership

- Device ownership enters a new gray area.- Data ownership represents a brave new world of possibility.

Liability- Liability, as well, opens up a Pandora’s box of complex issues.

Security Questions1. As traditional enterprise perimeters disintegrate into a web of devices, how do we

secure devices1. From an adversary manipulating sensor input data ?

1. E.g., holding a lighter below an outdoor temperature sensor that triggers an emergency response)

2. While this could happen today, I submit that the additional layer of abstraction provided by the IoT may prompt less scrutiny of physical security and increase the vulnerability of such systems.

2. From an adversary manipulating output from a sensor or input to a processor?1. E.g., dividing the output from sensors on a harvester in half to create the

impression of a bad crop, causing commodity prices to rise2. compromising the video feed from a surveillance camera during a burglary 3. or the altimeter in an airplane to cause it to crash

3. From an adversary compromising the instruction code in the processor1. E.g., changing the rule that prompts an alarm to take no action instead

4. From an adversary compromising the instruction feed from the processor or the input feed to the actuator

1. E.g., dividing the changing ON to OFF or a LOW setting to HIGH

Security Questions cont’d.

2. Who is responsible for controlling access to the data?2. At rest -- on the device3. In transit -- between devices

3. Who is responsible for allowing a “man-in-the-middle” attack when there is no perimeter?

Practical Questions1. Will all devices need enough intelligence to manage their own access control?

1. Will all devices need to be servers to do so?

2. If devices have enough intelligence (i.e., processing power and storage) to manage access control, will they also have enough processing power and storage to be victims of malware and/or hacking?

3. Once enough devices are deployed to be of interest to adversaries (e.g., malware and hack publishers), will the burden of managing access to devices outweigh the benefits to be gained from them?

Unexpected and Complex Implications of the Internet of Everything ( IoE )

Documents

Women Food and God - An Unexpected Path to Almost Everything by Geneen Roth (excerpt)

The Internet of Everything Connections Counter #IoE

Internet of Everything (IoE): Driving Industry Disruption

Continual Collaboration Value in the Era of IOE Connecting ... · Continual Collaboration Value in the Era ... We all agree that the Internet of Everything (IoE) is going to be huge,

Designing the Internet of Everything (IoE)

Global Internet of Everything (IoE) Market – Trends & Forecast, 2015-2020

Internet of Everything (IoE) - Cisco - Global Home · PDF fileInternet of Everything (IoE) Mobility ... by machines surpasses humans as networks join up 3 ... •Wireless capabilities

The Internet of Everything€¦ · Everything. IoE will both create new value and redistribute (migrate) value, based on how well companies take advantage of the opportunities that

Slides from ISD Digital Roadshow @IOE 29th June 2016 'Futures @ IOE

Realizing the IoE Opportunity with IoT · 2015. 4. 24. · Internet of Everything Big. Different. NOW! Chris White, SVP, IoE/IoT Global Sales cnwhite@cisco.com | @cnwusa April 9,

Internet of Everything (IoE) Value Index - Cisco

Internet of Everything (IoE) Value Index · internetofeverything.com. Figure 1. Cisco Estimates that Companies Will Realize 53 Percent of Potential IoE Value at Stake in 2013. Source:

M2M: Gear Up For Internet of Everything (IOE)

The Internet of Everything - Cisco€¦ · The Internet of Everything (IoE) brings together people, process, data, and things to make networked connections more relevant and valuable

Internet of everything #IoE

IOE - ine.gov.ve

Internet of Everything (IoE) Value Index - NDTVdrop.ndtv.com/tvschedule/dropfiles/ioe-value-index.pdf · • The Internet of Everything is not the Internet of tomorrow, it’s the

The Internet of Everything (IoE)€¦ · IoE brings together people, process, data, ... Connected Gaming and Entertainment High 18. Digital Signage Low 19. Virtual Private Education

Digitale Transformation mit dem Internet of Everything...Während das Internet of Everything (IoE) zur Realität und die Anzahl der Internetverbindungen immer größer wird, ist die

ACT 17 Internet of Everything (IoE)