IOT in Action Fast Transformation Enablers Sravani Bhattacharjee Founder/Chief Content Strategist [email protected] @sravani2015
May 30, 2020
IOT in Action
Fast Transformation Enablers
Sravani Bhattacharjee
Founder/Chief Content Strategist
@sravani2015
Industrial IOT - Fast Transformation Enablers
TechnologyInnovations in:
Connectivity
Interoperability
Resilience
Security
BusinessMarket Readiness
& Delivery
Sales Channels
Adoption Cycle
Security
Industrial Internet : Fast Transformation Enablers
Security In Action
Industrial Internet EcosystemCloud
Instrumentation &
Connectivity of the Physical
World
Cyber + Physical
visual credit: mdpi.com
INDUSTRIAL INTERNET DRIVES BETTER OUTCOMES
CONNECTIVITY LEADS TO EFFICENCIES & GROWTH
Security enables these gains.
2005
2015
1995
IT
OT• Connected people
• Data-driven analysis
• Consumer/businesspublic cloud
• Connected devices & machines
• Physics-based data science & predictions
• Industrial community cloud
• Connected processes
• Reporting & dashboards
• On-premises client/server
BACK-OFFICE
AUTOMATION
SOCIAL MEDIA & CRM
INDUSTRIAL INTERNET
TIME
INN
OV
AT
ION
IT / OT convergence
Cybersecurity For Industrial Internet
Impact of Security Breach
IT OTData
• Identity
Theft…
• Financial
Critical Assets
• Energy
• Water
• Human Lives
• Man-made calamity
IT OT
Cybersecurity Priorities
SECURITY IMPLICATIONS FOR IT VS. OT
Information
Technology
Operations
Technology
INDUSTRIAL
MINDSET
Security priorities: CIA1 AIC2
What’s at risk: Data Physical
Patching cycles: Rapid Occasional
PURPOSE-BUILT
TECHNOLOGY
Strategy: Protect data Protect process
Protocols: Standardized Proprietary
Intelligence: Threat-based Vulnerability-based
CYBER SECURITY
EXPERTISE
Cyber experience: IT stack specific Industry-specific
Certifications: IT general Domain-specific
Page 8
1Confidentiality, Integrity, Availability2Availability, Integrity, Confidentiality
Security Measures for Industrial Systems
Instrumentation &
Connectivity of the Physical
World
Cyber + Physical
visual credit: mdpi.com
“Air Gap”
Industrial IOT
Information Highway
Industrial IOT – Cybersecurity Benchmarks
Device Limitations Low power
Low Computing (8 MHz, 8-bit,
32 kB RAM)
ECC Vs RSA
Tiers of Root of Trust Hardware RoT/ TPM
Secure Boot/Code Signing
Encryption – SSL/TLS/DTLS
Mutual Authentication ** crucial
for IOTSecured Network Virtual Network Segmentation
Policy specific to each OT
Network
Default “Deny” (unlike IT)
Command-level whitelisting(Only those processes which are approved to execute,
execute. Nothing else. No exceptions. )
Security in Action: Industrial Internet
Instrumentation &
Connectivity of the Physical
World
Cyber + Physical
Case Study – IOT Automates Commercial Buildings
Building Automation: Security Breach2008: StuxNet Attack Natanz Uranium Enrichment
Facility (Destroy Iranian Centrifuges)Hacked SCADA-based Siemens Step7 and their PLCs talking over
PROFIBUS, used in industrial controls. Virus would temporarily operate
valves beyond limits. Destroy centrifuges OR make them fail prematurely.
The worm managed to reach the outside world, and eventually caused
some havoc within the US.
2012: Niagara 3.8 (Skewed Systems Control)Allowed hackers to get encrypted user credentials from the machine, and
be able to use them to control the system
Other Possible ScenariosHack controller to increase building temperature to dangerous levels.
Fail or Destroy HVAC Unit by manipulating key controls
Building AutomationMandates
Security in Action: Industrial Internet
Secure
Open
Scalable
Analyze
Connect
Control
Monitor
Software Security • Secure Boot
• Sandbox for Apps
using Ubuntu’s Snappy
OS:
• Isolation: Resource
space usage
• Virus/Malware
immunity
• Capability restrictions
(permission control)
Network Security • Sensor/Controller use
BACNet (non-IP protocols)
• Close Unused I/O Ports
• Whitelist IP Addresses
• Disallow default password
• Data Pushing to Cloud
Box initiated
No Incoming traffic
On-demand Firewall
• Allows Network Isolation
(IT), Private Cloud
• Call-home
Monitoring/Control• Open API – allows apps
with credentials to access
data
• End Users need
credentials to access
analytics & Control
• No Direct access to the
Gateway
Security in Action: ICS/SCADA
Manufacturing
Oil & Gas
Transportation
Energy
ATTACK SURFACE
Enterprise Network
Internet
ITProtect the data
OTProtect the assets
Primary control center
SCADA Network
Remote stations
DCS Local production
DMZ
Industry Security Challenge Solution
Manufacturing: Rail Locomotives Legacy Control Systems
Connectivity led
exploitation
system’s security posture
Test based Threats and Attack
surface assessment
Prioritized recommendations
of security controls to mitigate
identified risks
Oil and Gas Enable secure remote
access into critical
systems for maintenance
and trouble-shooting by
vendor
Make remote access is read-
only
Enable security controls
alongside data analytics
Transportation No existing product
security program in place
Aligned practices with
industry security standards
and best practices
Security in Action: Real-World Cases
OT
SECURITY
ESSENTIALS
ethical hacking
to test defenses
SOFTWARE
PENETRATION
TESTING
finds lurking
vulnerabilities
APPLICATION
VULNERABILITY
ASSESSMENTS
identify security
gaps early in the
development
lifecycle
THREAT
MODELING
allows a view into
potential threatsTHREAT
ASSESSMENTS
TRAINING
CERTIFICATIONS
Industrial IOT - Fast Transformation Enablers (FTEs)
TechnologyInnovations
Interoperability
Resilience
Security
BusinessMarket Readiness
& Delivery
Sales Channels
Adoption Cycle
Audience
Global
Competition
Sector Pervasive
Channels
Industrial IOT Business Dynamics – New Challenge
Beyond CIO, Awareness
Culture, Regional
Economy
Strategy, Reach,
Adjacency
Encompass All Industry
Verticals
IT/OT Convergence,
Buyer centric Strategy
Fast Business Enabler – IOT Connected Content Platform
Global Footprint
Industrial Verticals
Digital Connect
Content Center
Dedicated Channel
Access. Awareness. Adoption
For More Information:
LinkedIn Business Community: bit.ly/1V2Nq0R
Twitter: @sravani2015
Global Footprint Industrial Verticals Digital Connect Content Center Dedicated Channel
Access. Awareness. Adoption