The 'S' in IoT is for Security presented at ISC2SecureSummit 2019

by Derek Fisher,

Summary : Exploring the various businesses and technology that are internet enabled allows one to understand the ubiquity of IoT. Productivity climbs when there is more real time information and a larger aggregate of data that can be used to find inefficient processes in factories and assembly lines. But we have learned, as security practitioners, that the internet is a generally insecure landscape. With breaches reported daily and a constant stream of attackers, these internet connected devices produce a target rich environment. Light bulbs, household appliances, defibrillators, assembly lines, transportation and city streets all pose unique risks to health, safety, privacy and security. There are numerous examples of where these different devices have failed to provide the basic security they so desperately need. It becomes painfully clear that the manufacturers and the other players in the supply chain had little thought on their device after it was purchased. With the various communication protocols and methods of delivery and a supply chain that is full of low-cost suppliers it is easy to see that this is a complicated attack surface from a security perspective. There is hope. There are security practices that are not much different than what is recommended for other systems. Through the use of standards and best practices a more secure IoT world is possible. Focusing on what has worked with more secure suppliers of internet connected devices will help others determine their path forward as we work together to develop a more secure connected world.