How to adapt to the IoT
0 likes319 views
This document discusses how to adapt security frameworks for the Internet of Things (IoT). It begins by defining IoT and providing examples of past IoT security incidents. It then discusses how IoT will change security and potential risks and exposures. The document outlines building a risk model for IoT by defining use cases, identifying impacts and vulnerabilities, and evolving threats. It stresses securing diverse IoT devices and rethinking security strategies. The document concludes by providing actions organizations can take over the next week, 90 days and year to prepare security frameworks for IoT.
How to adapt to the IoT
- 1. © 2015 InterWorks, Page 1 Caston Thomas How to Adapt to the IoT cthomas@iworkstech.com 586.530.4981
- 2. © 2015 InterWorks, Page 2 • IoT is NOT BYoD Defining IoT/What is IoT?
- 3. © 2015 InterWorks, Page 3 How Did This Slide Get in Here?!?
- 4. © 2015 InterWorks, Page 4 Sentinel Events – Examples we’ve seen to date… Night Dragon - 2011 Shamoon - 2012 Energetic Bear - 2012 Norwegian Oil & Gas - 2014 German steel works - 2014 Car Washes - 2015 Insulin Pumps - 2013
- 5. © 2015 InterWorks, Page 6 How Things Will Change
- 6. © 2015 InterWorks, Page 7 Potential impact & exposures?
- 7. © 2015 InterWorks, Page 9 Creating a New Security Framework
- 8. © 2015 InterWorks, Page 10 Be as specific as possible Identify all components Note business objectives Create use cases for each variant The “devil will be in the details” Start with the worst thing that can happen Make sure you include all relevant externalities (e.g., consumers, regulators, public opinion) Start with interfaces & potential attack surfaces including physical access Stay just outside the realm of what is reasonably foreseeable Pair the impacts with the vulnerabilities New threats will become apparent Potential threats may be considered speculative Use threats to help define impacts & vulnerabilities Threats will evolve as incentives change Threats will evolve as IoT becomes more common Build the Risk Model Define Use Cases Identify potential impact Define likely vulnerabilities Identify evolving threats
- 9. © 2015 InterWorks, Page 11 The Devices & Risks are Diverseso How Do We Secure Them?
- 10. © 2015 InterWorks, Page 12 Useful to Think in Terms of Overall Process Courtesy: F5 Labs
- 11. © 2015 InterWorks, Page 13 NIST smart meter flow diagram (2014)
- 12. © 2015 InterWorks, Page 14 Look at the Threat & Pair with Appropriate Controls Courtesy: ©2015 Leidos. Used with permission.
- 13. © 2015 InterWorks, Page 15 Campaign analysis is used to determine the patterns & behaviors of attackers Cyber Kill Chain® Campaign “Heat Map” Group intrusions together into “Campaigns” Prioritize & measure against each Campaign Understand the Threat Landscape
- 14. © 2015 InterWorks, Page 16 • Rethink Everything!!! – Reduce the surface!!! – Tech Selection – Based on Meta Trends! • Know Your Line-Up!!! – Your Users, Executives & Management – Learn & Teach – Your Adversaries – Anticipate their Tactics, Techniques & Procedures – Your Network (IoP) – Take a Vendor to Lunch • Use the Resources that Are on Your Side!!! – Leverage Management’s Focus on Security – Retool your Response Processes – Measure & Adapt Creating an IoT security strategy
- 15. © 2015 InterWorks, Page 17 Prevention is ideal, but detection is a must. However, detection without correction has minimal value. Automate the Response Based on Policies. MOVE & DISABLERESTRICT ACCESSALERT & REMEDIATE Deploy a Virtual Firewall around an infected or non-compliant device Reassign the device into a VLAN with restricted access Update access lists (ACLs) on switches, firewalls & routers to restrict access Automatically move device to a pre- configured guest network Open trouble ticket Send email notification SNMP Traps Syslog HTTP browser hijack Auditable end-user acknowledgement Self-remediation Integrate with SMS, WSUS, SCCM, Lumension, BigFix Reassign device from production VLAN to quarantine VLAN Block access with 802.1X Alter login credentials to block access Block access with device authentication Turn off switch port (802.1X or SNMP) Terminate unauthorized applications Disable peripheral device Rethinking the Technology Components & Responses
- 16. © 2015 InterWorks, Page 20 • Next week you should: – Begin identifying the IoT implementations that are in place, planned, or anticipated – not just inside your organization, but also in possession of your key people & partners – Identify security policies or procedures that may be impacted by IoT • In the next 90 days: – Begin applying the risk models & review results with management – Identify mitigation steps & associated costs to achieve desired state – Review insurance coverage & applicability • In the next year: – Implement ongoing security monitoring (real-time with automated response) – Continue identifying the IoT risks that you don’t control that affect your organization – Build your IoP to collaborate on your evolution into this new world we’re entering – Revise risk management model & obtain necessary approvals after each change of scope (and you better believe that scope will change frequently) 7 or 8 or 9 things we can do to prepare
- 17. © 2015 InterWorks, Page 23 Thank You! And Now… It’s YOUR Turn!