IoT: Security & Privacy at IGNITE 2015

© Copyright 2015 Hildebrand Technology Limited

Security and PrivacyOvercoming concerns to unlock potential

Nimbus Ninety IGNITE Seminar November 2015

Joshua Cooper Hildebrand Technology Limited [email protected] @HildebrandTech #IoT

mailto:[email protected]


Let’s talk Privacy then Security


IoT is not quite the Internet

not quite Things

Sweeping Statement No. 1

Light Quality

Air Temp

Occupancy

Appliance Function


sense actuate

intelligence

IoT Promise


not a commodity and

refined petrol is value

“IoT Big Data Oil”



Streamed power reads Bill estimation and forecast

Prepaid (and remaining) balance Consumption graphs (day/wk/mth/yr)

Comparisons CO2

Appliance monitoring and control Weather

Messages Feedback Form [Competitions]

Smart Meter Application

Page 1H

owz

© Intelesant Ltd 2014 Private and confidential

The Solution

How

z

© Intelesant Ltd 2014 Private and confidential

Family

GP

Social services

Collect Process Notify

Sensors and hub

Web, mobile and API

Knowledge base

Statistics Events Patterns Exceptions Alerts

Electricity

Heat

Door

Visits and deliveries

Checklist

Care network

Occupational

Physiotherapy

Geriatrics

Elderly person

Web, mobile and API

Howz platform combines machine, human observation and expert knowledge

The Platform

Shopping Basket


Where do people go? What do they do?

How long do they stay?

Cameras and door counters lack actionable information

3 6


We use “big data” and “machine learning” to understand movement,

predict use and discover opportunities

Our People in Places (PIPTM) technology operates in real-time using advanced spatio-temporal statistical analysis

I work here I eat

here

I like books

My local

cinema

I meet friends

I am in and out


people, places goods and resources

(not really about the devices)

“Things”


Google cars Artificial intelligence

(cyber physical systems) = liability

“What about …”


GDPR General Data Protection Regulation

(harmonised EU Data Protection)

Sweeping Change


Lack of control and information asymmetry

Privacy Challenge 1


Quality of user’s consent

Privacy Challenge 2


Inference and repurposing of original data

Privacy Challenge 3


Intrusive identification of behaviour patterns and

profiling

Privacy Challenge 4


Limitation on possibility of remaining anonymous

Privacy Challenge 5


Security is the unplanned risk

Privacy Challenge 6


Fines 2%-5% of global

turnover*

“Why do I care …”


Goal posts are moving 2017 - 2019

“When do I care …”


ISO27001 Integration of Security and

Privacy

Strategies for Success


Data Protection Officer

Strategy 1


Privacy Impact Assessment

Strategy 2


Privacy by Design

Strategy 3


Put the Data Subject first

Strategy 4


Include Privacy and Security in New Product

Development

Strategy 5


Actuators are the most interesting, but present

different challenges

Sweeping Statement No. 4


Joshua Cooper Hildebrand Technology Limited [email protected]

@HildebrandTech #IoT

mailto:[email protected]

IoT: Security & Privacy at IGNITE 2015

Data & Analytics