Everything IoT 2015 Keynote Speaker Kate Carruthers: "IoT security & privacy - the nightmare and the dream"

IoT: the dream and the nightmare…

Kate Carruthers #eIoT2015

Slides are online: http://www.slideshare.net/carruthk

Oct-2015 © 2015 Kate Carruthers 2


IoT is part of the digital transformation of business, the economy, and society


Industrial revolu5on

Digital revolu5on

IoT revolu5on

Industrial internet. Rise of networked industry. Convergence of industrial, digital, analy5cs, & connec5vity.

Distributed informa5on and communica5on networks. Rise of networked economy powered by apps.

Harnessing machines to drive economies of scale. ShiH away from agriculture based economies.


Source: MaK Turck, Internet of Things Landscape (Version 3.0), hKp://www.slideshare.net/mjH01/internet-‐of-‐things-‐42280078/1

Source: IOT Philippines Inc. hKp://www.iotphils.com/solu5ons/smart-‐home/



Source: hKp://blog.csiro.au/a-‐much-‐smarter-‐watch-‐how-‐our-‐flexible-‐baKeries-‐and-‐electrified-‐fabrics-‐can-‐improve-‐wearables/


“The real role of wearables that no one talks about is all these smart things around you have no idea what’s happening with you…” - Hosain Rahman, CEO Jawbone

Source: 'Inges5bles' could become the new wearables faster than you think, Alicia Marie Tan, Mashable, Oct 2015, hKp://mashable.com/2015/10/14/jawbone-‐inges5bles/#RqDiEDnH3Sql


“I always use the example of, no matter how smart my thermostat is, it has no idea if I’m hot or cold.” - Hosain Rahman, CEO Jawbone

Source: 'Inges5bles' could become the new wearables faster than you think, Alicia Marie Tan, Mashable, Oct 2015, hKp://mashable.com/2015/10/14/jawbone-‐inges5bles/#RqDiEDnH3Sql


Robyn Lewis founder and CEO VisitVineyards.com

Thin film write-protected NFC that enables post sale communication between seller & customer about the product


Source: GE 2013 hKp://gelookahead.economist.com/infograph/industrial-‐internet-‐the-‐power-‐of-‐1-‐2/

Oct-2015 © 2015 Kate Carruthers 12 Source: hKp://gelookahead.economist.com/infograph/the-‐industrial-‐internet-‐oil-‐and-‐gas/

Oct-2015 © 2015 Kate Carruthers 13 Source: Industrial Internet: Pushing the Boundaries of Minds and Machines, Evans, Peter and Annunziata, Marco, GE, 2012, p. 10


Source: A Cyber-‐Physical Systems architecture for Industry 4.0-‐based manufacturing systems, Jay Lee, Behrad Bagheri, Hung-‐An Kao, 2015, hKp://www.sciencedirect.com/science/ar5cle/pii/S221384631400025X

Cisco says US$14 trillion IoE value

•  asset utilization (reduced costs) of $2.5 trillion •  employee productivity (greater labor

efficiencies) of $2.5 trillion •  supply chain and logistics (eliminating waste)

of $2.7 trillion •  customer experience (addition of more

customers) of $3.7 trillion •  innovation (reducing time to market) of $3.0

trillion


Source: CISCO White paper: Embracing the Internet of Everything for your Share of $14 trillion, 2013


Source: Greenberg, A., Hackers Remotely Kill a Jeep on the Highway—With Me in It, Wired , July 2015 hKp://www.wired.com/2015/07/hackers-‐remotely-‐kill-‐jeep-‐highway/

Source: hKp://readwrite.com/2014/04/30/connected-‐home-‐hackers-‐stop-‐yelling-‐at-‐babies-‐foscam#feed=/tag/internet-‐of-‐things&awesm=~oEe6yipkTkz40o


Last August, a hacker infiltrated a wireless camera owned by the Gilbert family, living in Houston, Texas. The stranger took control of the unit and used it to scream obsceni5es at a two-‐year-‐old toddler. Fortunately, the hearing-‐impaired child didn’t have her cochlear implant turned on at the 5me, otherwise she would have heard the stranger yelling, “Wake up Allyson, you liKle slut!”



Bloomberg, Data Breaches in the US, at 4 Sep 2014


•  3rd party HVAC firm attack vector

• Security software disabled

• PCI DSS didn’t save them


Bloomberg, Oct 2014

JP Morgan •  Sarbanes-Oxley Act (SOX) •  Payment Card Industry Data Security

Standard (PCI DSS) •  Gramm-Leach-Bliley Act (GLB) Act •  Electronic Fund Transfer Act, Regulation E

(EFTA) •  Free and Secure Trade Program (FAST) •  Fair and Accurate Credit Transaction Act

(FACTA), including Red Flags Rule •  Federal Rules of Civil Procedure (FRCP)



“How do consumers know that the products and services are protected” David Kleidermacher, Blackberry CSO

Source: IoT security forcing business model changes, panel says, Oct 2015 hKp://www.scmagazine.com/iot-‐security-‐forcing-‐business-‐model-‐changes-‐panel-‐says/ar5cle/448668/


Miller Newton, CEO of PKWare:

“there's not a lot of authentication on the IoT. It is easy to impersonate”

Source: IoT security forcing business model changes, panel says, Oct 2015 hKp://www.scmagazine.com/iot-‐security-‐forcing-‐business-‐model-‐changes-‐panel-‐says/ar5cle/448668/


Source: CCTV Botnet In Our Own Back Yard, Ofer Gayer, Or Wilder, Igal Zeifman, Incapsula blog 2015, hKps://www.incapsula.com/blog/cctv-‐ddos-‐botnet-‐back-‐yard.html

CCTV Botnet at the local mall


“Business models will have to change. We used to build them [products], ship them and forget about them until we had to service them,” “We've moved to a new world where we have to ship and remember.”

Source: John Ellis, Ellis & Associates, IoT security forcing business model changes, panel says, Oct 2015 hKp://www.scmagazine.com/iot-‐security-‐forcing-‐business-‐model-‐changes-‐panel-‐says/ar5cle/448668/


“Targeted Intrusions By Nation-State Actors Pose A Major Cyber Threat Going Into 2015”

Source: Targeted Intrusions By Na5on-‐State Actors Pose A Major Cyber Threat Going Into 2015, Amanda Vicinanzo, 02/12/2015, Homeland Security Today, hKp://www.hstoday.us/single-‐ar5cle/targeted-‐intrusions-‐by-‐na5on-‐state-‐actors-‐pose-‐a-‐major-‐cyber-‐threat-‐going-‐into-‐2015/1f96ee7a4b2867f1b1511387660bb4b8.html


Security

Privacy

Geopolitics


Thank you

Kate Carruthers UNSW Australia [email protected] @kcarruthers hKp://www.slideshare.net/carruthk