On the 1st of June 2018 at Webster University in Geneva I talked about security of IoTs. From “smart fridges” that ask for privacy policy consent to “smart fish tank thermometers” that were exploited by hackers to access and exfiltrate databases from within internal corporate networks, and connected cameras infected with malware and used to attack Web sites with massive distributed denial of service (DDoS) attacks. The Internet of “smart things” is massive source of valuable data through variety of sensors as well as useful actuators that enable automation of many daily activities in our lives. However, it provides a path to potentially harmful risks that could result in identity theft, financial fraud, physical damage and injuries, and other critical consequences. In the highly connected individual and collective spheres the complexity of applications and systems to collect and process data from sensors and actuators is very high and spans the boundaries of a single home or office space. Much data transfers and processing happens in machine-to-machine communication through Application Programming Interfaces (APIs). Ensuring acceptable level of security and compliance with minimum security baselines is collective responsibility of device manufacturers, application developers, system integrators, managed service operators, vendors, and users. This can only be achieved through adoption of IoT security standards, defining security requirements, establishing verification methodologies and formalizing certification process for conformity to standards. Similar approach to standard development happened in FINTECH industry with Payment Card Industry data security standard (PCI DSS). Broader standards such as ISO 2700x group of standards take much longer to adopt but are applicable to larger technical segments of industry. Addressing cybersecurity risks from deploying and using IoTs requires not only local security controls that I have given review in my talk but also strategic approach through standards, policies, collaboration, risk intelligence sharing. I’ve given an overview of some specific cybersecurity attacks that leverage IoTs such as Mirai botnet, Hajime malware, and Hide’n’Seek malware to illustrate new emerging risks that all communities that initiate connected eGovernment  applications face. “Smart cities, smart nations” have to demonstrate ability to intelligently mitigate these emerging cyber risks.

Here are my presentation slides: IoT Webster