I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
Jul 24, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
I AM THE CAVALRYhttp://iamthecavalry.org
@iamthecavalry
SHOULDN’T YOU BE ALSO?
CLAUS CRAMON HOUMANN
Head of IT & Infosec Consultant
The Analogies contributor
Twitter: @claushoumann
I CARE
Therefore I joined the Cavalry
AGENDA
•Vulnerabilities in connected devices (that
matter)
• Someone will fix it for us
• Or not. Maybe we should be the Cavalry?
• What are we doing
• What you can do
VULNERABILITIES IN CONNECTED DEVICES
(THAT MATTER)
Chapter 1
SECURE?Automobiles
SECURE?Medical Devices^
SECURE?HOW THEN ABOUT CRIT ICAL NATIONAL
INFRASTRUCTURE?
Home Devices^
OUCH!
Stating the obvious:
Everything connected is vulnerable and
can/will be hacked
SOMEONE WILL FIX IT FOR US
Chapter 2
OR NOT……..
Chapter 3
S L I D E O F S O M E R E C E N T O N E S
- T H E Z U B I E : H T T P : / / W W W . A U T O B L O G . C O M / 2 0 1 4 / 1 1 / 0 8 / C A R -R E M O T E D L Y - H A C K E D - I S R A E L - C Y B E R - S E C U R I T Y /
- M E D I C A L D E V I C E S
Computers have security issues
Cars have computers
Security issues in cars are safety issues
IT’S UP TO US
TO MOUNT UP AND BE THE CAVALRY
WHAT WE ARE DOING
Chapter 4
HUMAN LIFE VS. DIGITAL LIFE
http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/
Human Life
IntellectualProperty
PII PHI PCIMobile
Malware
Moving researchers left
Connections and Ongoing Collaborations
5-Star Framework5-Star Capabilities
Safety by Design – Anticipate failure and plan mitigation
Third-Party Collaboration – Engage willing allies
Evidence Capture – Observe and learn from failure
Security Updates – Respond quickly to issues discovered
Segmentation & Isolation – Prevent cascading failure
Addressing Automotive Cyber Systems
AutomotiveEngineers
SecurityResearchers
PolicyMakers
InsuranceAnalysts
AccidentInvestigators
StandardsOrganizations
https://www.iamthecavalry.org/auto/5star/
AND MORE IN OTHER AREAS COMING
We try to connect researchers to
1. Lawmakers to inform of meaningful changes to laws to
enforce secure by default
2. Vendors/producers to inform of secure ways to build
securely by design and of identified vulnerabilities
3. Purchasers of devices (example: Pacemakers, car
distributors) to explain to them why they need to contractually
demand security – if there is demand vendors will supply
WHAT YOU CAN DO
Chapter 5
CONNECTIONS/CONNECTORS WANTED
Breakers and Builders
Legal and Policy
Citizens, Connectors
Parents/Guardians
Community Leaders/Bloggers/Podcasters/etc.
MOUNT UP AND BE THE CAVALRY
YOU DON’T ACTUALY NEED A HORSE
NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED
CITIZENS CAN CHANGE THE WORLD; IT ’S THE ONLY THING
THAT EVER HAS.
- M A R G A R E T M E A D( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )
SECURITY OF CONSEQUENCE
http://iamthecavalry.org
@iamthecavalry
Related Documents
