internet of things (iot) security - cisco.com internet of things (iot) security: understanding the...

Internet Of Things (IoT) Security: Understanding The Challenges While Mitigating the Risks

Demetris Booth, APJC Lead – Product Management & Product Marketing

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Agenda

• Overview & Benefits

• Security Challenges

• Mitigating Challenges • High Level View

• Technical View

• Bringing It All Together

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

7.2 6.8 7.6 World Population

Adoption rate of digital infrastructure:

5X faster than electricity and telephony

50 Billion

“Smart Objects”

50

2010 2015 2020

0

40

30

20

10 B ill

io n s o

f D

e v ic

e s

25

12.5

Inflection point

Timeline

IoT Is Here Now – and Growing!

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Relation to Internet of Everything (IoE)

IoE

Connecting people in more relevant, valuable ways

People

Leveraging data into more useful information for decision making

Data

Delivering the right information to the right person (or machine) at the right time

Process

Physical devices and objects connected to the Internet and each other for intelligent decision making

Things

Networked Connection of People, Process, Data, Things

IoE: Connecting the Unconnected to Generate Business Value

IoT Delivers Extraordinary Benefits

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

What Comprises IoT Networks?

Information Technology

(IT)

Operational Technology

(OT)

Smart Objects

7

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Smart City

Safety, financial, and environmental benefits

 Reduced congestion

 Improved emergency services response times

 Lower fuel usage

 Increased efficiency

 Power and cost savings

 New revenue opportunities

 Efficient service delivery

 Increased revenues

 Enhanced environmental monitoring capabilities

8

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

The Connected Car

Actionable intelligence, enhanced comfort, unprecedented convenience

 Online entertainment

 Mapping, dynamic re-routing, safety and security

 Transform “data” to “actionable intelligence”

 Enable proactive maintenance

 Collision avoidance

 Fuel efficiency

 Reduced congestion

 Increased efficiency

 Safety (hazard avoidance)

9

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Big Data Becomes Open Data for Customers, Consumers to Use

More Important

Less Important

01010100101010101010101010101

01010101010001010100101010101

01110101010101010101

IoT Transforms Data into Wisdom

Wisdom (Scenario Planning)

Data

Information

Knowledge

10

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

… but it also adds complexity.

Application Interfaces

Infrastructure Interfaces

New Business Models Partner Ecosystem

Applications

Unified Platform

Infrastructure

11

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

… but it also adds complexity.

Application Interfaces

Infrastructure Interfaces

New Business Models Partner Ecosystem

Applications

Device and Sensor Innovation

Unified Platform

Infrastructure

APPLICATION ENABLEMENT PLATFORM

APPLICATION CENTRIC INFRASTRUCTURE

APPLICATION AND BUSINESS INNOVATION

Data Integration Big Data Analytics Control Systems Application

Integration

12

The Flip Side: Major Security Challenges

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

We’ve Created the Perfect Storm…

> Device Explosion

> Connectivity Explosion

> State Cyber Programs

> Industrialization of Hacking

> “Hactivism”

+

+

+

+

=

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Traditional Security Challenges

Increased Attack Surface

Information Breach

Data Privacy

Smart Objects

Devices

Per Person

Sensors

Per Person

6

130

Security Challenges

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Superior Visibility

Advanced video analytics, remote management, and multi-site event correlation

Granular Control

Differentiated policy enforcement across the extended network

Advanced Threat Protection

Comprehensive cyber security threat detection and mitigation

Actionable Intelligence

Internetworked security solutions for superior intelligence and rapid response

Automated Decisions

Machine-to-machine enabled security control with no human intervention required

IoT Security Challenges

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

IoT Expands Security Needs

IoT CONNECTIVITY

Converged, Managed Network

Resilience at Scale Security Application Enablement

Distributed Intelligence

New Applications

Threat Diversity

Impact and Risk

Remediation

Protocols

Compliance and Regulation

17

Mitigating The Security Risk Across the Extended Network – The 20,000 FT View

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

IT and OT are Inherently Different

 IT  OT

• Connectivity: “Any-to-Any”

• Network Posture: Confidentiality, Integrity, Availability (CIA)

• Security Solutions: Cybersecurity; Data Protection

• Response to Attacks: Quarantine/Shutdown to Mitigate

• Connectivity: Hierarchical

• Network Posture: Availability, Integrity, Confidentiality (AIC)

• Security Solutions: Physical Access Control; Safety

• Response to Attacks: Non-stop Operations/Mission Critical – Never Stop, Even if Breached

19

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

IT/OT Converged Security Model

20

IT

DMZ

OT

Enterprise Network

Supervisory

Demilitarised Zone

Automation & Control

Id e

n ti

ty S

e rv

ic e

s

C lo

u d

N e

tw o

rk S

e c

u ri

ty

S e

c u

re A

c c

e s

s

A p

p li

c a

ti o

n C

o n

tr o

l

C o

n fi

g

M g

m t

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

The Secure IoT Architecture – IT Plus OT!

Services

Application Interfaces

Infrastructure Interfaces

New Business Models Partner Ecosystem

Applications

Device and Sensor Innovation

Application Enablement Platform

Application Centric Infrastructure

Security

APPLICATION AND BUSINESS INNOVATION

Data Integration

Big Data Analytics Control Systems

Application Integration

Network and Perimeter Security

Physical Security

Device-level Security /

Anti-tampering

Cloud-based Threat Analysis /

Protection

End-to-End Data Encryption

Services

21

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Cisco Security Model

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Point in time Continuous

Detect

Block

Defend

DURING BEFORE Control

Enforce

Harden

AFTER Scope

Contain

Remediate

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Security/Attack Continuum - IT

Detect

Block

Defend

DURING BEFORE Control

Enforce

Harden

AFTER Scope

Contain

Remediate

Cloud-based threat

detection and

prevention; policy

enforcement via

firewall, V