Teaching Others About IoT – Be Prepared to Educate – Learning Items Below:
- IoT as a “Tidal Wave” versus “Turn of the Tides”
- IoT and Supply Chain / Eco-system Impact – I love this because it is a critical concept
- Top 3 Industry IoT ‘Must Haves”
- 5 IoT Characteristics
- What is Arduino?
- Corporate Coffee Makers connected to Active Directory
- What are Ninja Blocks?
- Top 3 ‘must haves’ before allowing IoTs on your network.
- The importance of Monitoring IoT Devices
- Flexible Authorization models vs Rigid
- Anomalous Behavior and IoT
- Risk & Threat Management and IoT
- Wearables and Enterprise Authentication
- Benefits of IoT are many
- Future – Patch Wars are coming
Uri is a leader in the world of research as it relates to IoT Security, cognitive authentication, and advanced cyber security strategies. This interview is a great learning tool to educate yourself so that you can educate your peers about where IoT is going and what it means to you and leaders in your business.
Uri originally presented this material at RSA with Sam Curry, CTO – Arbor Networks. You can access the slides here: IoT: When Things Crawl Into Your Corporate Network
Uri Rivner, Head of Cyber Strategy, BioCatch
Uri Rivner has been fighting cybercrime for 12 years. He currently heads Cyber Strategy for the cognitive authentication company, BioCatch. Rivner’s prior role was Head of New Technologies at RSA. He has been working closely with the world’s largest organizations to establish strategies against advanced cyber threats. He is also very interested in IoT, and the huge opportunity they present for evildoers who wish to breach private and corporate security.
During my interview Uri and I discuss the current state of IoT Security. I have listed the key learning items below. You can also listen to the podcast if you prefer to simply listen to the episode as you drive to work.
IoT devices can effect an entire supply chain.
Every device has to be aware of it’s environment. If you control a thermostat you can impact and influence the environment. IoTs will increase and bring more and more complexity and will be like an eco-system or supply chain. These devices are environmentally aware.
“Tidal Wave” and “Turn of the Tides”
Tidal Wave – a security person has no control that the change is happening and it will flood you, BUT is doesn’t mean that it will flood you. IoT is a Tidal Wave and is very similar to BYOD. You will not be able to stop it. However, even though IoT vulnerabilities are there, we have time. You will not drown. You can prepare.
Because standard hacking tools prevail and are easier today. It is simpler to exploit old vulnerabilities. IT is the path of least resistance now. At some point we will have a ‘turning of the tides’ and IoT vulnerabilities will be exploited.
IoT is like BYOD. The consumer is driving adoption and demand and business efficiency.
- iOS and Android drove BYOD to adoption.
- VMware/ Citrix tools
- Corporate Coffee Makers will be connected to AD – You will not be able to resist and this is like BYOD
There were ways to respond to BYOD with tools and solutions like Citrix, VMWare, etc but the IoT market does not have tools or standards!
The recommendation is Do it and figure it out
This is a good video showing what the future will looks like. I highly recommend watching it.
Wild West and IoT
- IoT is making up as they go. There are no tools. There is no stack. There is no standardization.
- Forget standardization! It is not going to happen
Characteristics of IoT
- Compute Power
- Network Connectivity (to the cloud)
- Proximity Communication (Bluetooth, NFC, etc.)
Vulnerabilities – How Do You Fix and Patch IoT Devices
- They are hardware based which is hard.
IoT devices weren’t designed to be rebooted. This will need to change.
What Should the Industry Do? – Top Three Rules for the IoT industry:
1. Don’t save security for later. Build it into the stack now.
2. Don’t let apps run without standardization.
3. The IoT device must only be released if it can patch itself (patching is a vulnerability)
Will security happen with IoT – No, because the industry is so completely de-centralized, kickstarter economy is driving innovation first and security is not a priority…who would blame them… it is a VC funded and wild west market focus now. The goal is being agile.
What is Arduino?
Arduino is an open-source prototyping platform based on easy-to-use hardware and software. Arduino boards are able to read inputs – light on a sensor, a finger on a button, or a Twitter message – and turn it into an output – activating a motor, turning on an LED, publishing something online. All this is defined by a set of instructions programmed through the Arduino Software (IDE).
Over the years Arduino has been the brain of thousands of projects, from everyday objects to complex scientific instruments. A worldwide community of makers – students, hobbyists, artist, programmers, and professionals – has gathered around this open-source platform, their contributions have added up to an incredible amount of accessible knowledge that can be of great help to novices and experts alike.
What Can you Control with IoT
- Top 3 Must haves when allowing IoTs on your network.
- Must Monitor IoT Devices on your network
- Must have agile authorization models. How do you allow access and what do you allow? Must move from rigid to more adaptive models. Does the device have the privileges to do this behavior or it an unauthorized/anomalous behavior?
- Trigger based activities are coming; an example of this will be centrally controlling the events and triggers in the home – See example of this at 49:00
- Authorization Models must be flexible
Implications for IoT Security for your Company
- Perimeter… perimeter… perimeter…
- “You keep saying this word. I don’t think it means what you think it means”
- If it’s on its last legs now, it’s annihilated with IoT:
- Facilities, HVAC, etc.
Read and Learn Further About Uri:
All methods of how to access the show are below:
- Listen on iTunes (for iPhones etc.)
- Listen to it on Stitcher (This is for Android Phone Users. Download the Stitcher app here)
- Stream it on Libsyn
- Listen to it on Soundcloud (This is for listening via PC/Mac Browser)
- Please subscribe here to Bill Murphy’s Redzone Podcast on iTunes.
- Subscribe to my RSS Feed here.
- Link to LinkedIn blog post
Bill is dedicated to your success as an IT Business Leader. Sign up/Subscribe for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly: Follow Bill on LinkedIn and Twitter.
Leave a podcast review here