IoT

This past week I was fortunate to be invited as a guest speaker for the 1st Internet Society meeting on IoT security. This meeting was well attended from government, private sector companies and academia. It was a means to get on the same page to issues at hand and how do we as users, developers and government secure the Internet and IoT.

The key issues at hand include:

1. Awareness to the issue of IoT Security for Canadian, not just individuals but organizations who want to deploy IoT technologies

2. What exists now from standards and best practice perspective and what approaches can be used

3. What can be done to ensure the next generation of these devices is not a source of another DDoS or other malware on the Internet.

As promised, I am including my presentation and mind map that was presented. Please feel free to share this as necessary, the more groups and individuals who are talking about this subject the better.

For more information check out ISOC here.

ISOC Ottawa_v1

IoT Attack Surface_MindMap

 

On June 20th, 2017, RISC will be held in Bangalore, India. It is a one day cyber security conference focused on issues around IoT security. Delegates will have the opportunity to attend a wide array of sessions to learn more security concepts and approaches to creating more secure IoT products and solutions.

Our CEO will giving a keynote presentation entitled “IoT Security – Preventing a Global Disaster”. While it sounds ominous it really focuses learning from the bad and what we can do as an industry to correct this before it becomes really dangerous.

Hope to you see you there.

 

I was asked to present at the Cyber Security 2017: Securing the Smart City of the Future conference which is taking place on February 27 – 28th in Ottawa. This is a Conference Board of Canada event and will be providing insights from the experts on smart cities, and the impact that they will have on urban life and business in the future. My presentation on Monday, February 27th (Plenary 3)  is called “Protecting the Smart City from Cyber Attack”. If you are working on an IoT or cyber security project, you should attend as there will be lots of good discussion and you will get an insight into the many risks of and considerations for the numerous aspects of a secure smart city.

Here is my discussion outline:

This session will discuss the approaches that must be considered by policy makers, technology companies, and city managers when assessing new technologies to be deployed as part of the smart city infrastructure. Cities do not want to be attacked nor have their devices used to attack other cities or foreign governments. It will take planning and foresight to reduce these risks. Standards are being developed that will help with both architecture aspects and how to assess the security and privacy risks.

Hope to you see you there and don’t forget to bring your questions!

Well it has been good start to our 6th year in business. We would like to thank all our customers and partners both old and new who are contributing to our success. Without you we do not exist and most importantly get to build stronger more secure companies and products for our clients.

I wanted to bring your attention that on Feb. 7th I will be in Toronto to give a presentation to CIA Plus. My topic will be about IoT Challenges and Issues and Standards. If your in the Toronto area this evening please drop by and join our open discussion on security and IoT.

I will be joined by on my panel with Sangam Manikkayam of Symantec, Bob Martin of Cisco and Victor Garcia of the Schulich School of Business. It will be very informative if you or your organization are considering IoT projects this year. I will provide the security and privacy aspects you should consider when planning or getting ready to launch a new IoT project. If you are able to attend more information can be found here: https://www.meetup.com/CIA-Plus-TO-the-business-of-Cloud-IoT-and-Analytics/events/236370120/

In the meantime, if you have any security questions or concerns for IoT please do not hesitate to reach out to us.

Updated: Feb. 13, 2017

I would to take this opportunity to thank all of those that came out on an icy night in Toronto to the CIA Plus Meet Up. My only regret was the lack of time to discuss all the topics in depth. We did have some good discussion after in the networking portion of the meeting and key topics of discussion worth mentioning are how does one who has no experience in security and privacy conduct threat modeling? The other is finding the resources necessary to support these projects.

While there is publicly available information on threat modeling, you may have need to find a cyber security partner or consultancy that has this expertise in these areas to help you with a project to teach you approach, tools and train your staff. They should be able to provide the baseline elements to implement these aspects in your organization including the after project support, should you required it.

The second point about security resources is a bit more difficult as the number of technical security experts for IoT is limited. If you are looking to hire a security resource(s) look for reference-able projects that include aspects of technical architectures in mobile, cloud and distributed systems. Experience in these key areas will provide the necessary basis to conduct risk assessments against IoT architectures.

As discussed please find the following:

1. A copy of the presentation
2. A IoT mind map
3. The threat poster

Also please find an article from reporter, Denis Deveau, who was in the audience. Thank-you Denise for the coverage of this event.

IoT-Threats-and-RisksCIA Plus – Feb 7 – Final SWG_5_IoT_Technologies_MindMap

OTTAWA, July 26, 2016 – TwelveDot Inc. (TwelveDot) is pleased to announce that it has been awarded another project within the Cyber Security Cooperation Program (CSCP) – a program launched on February 4, 2014 by the Government of Canada.

A five-year $1.5M initiative, the CSCP was developed in support of Canada’s Cyber Security Strategy. Its mission is to improve security of Canada’s vital cyber systems through grants and contributions to owners and operators, industrial and trade associations, academics and research organizations in support of eligible projects. The Government of Canada believes that securing the Internet of Things (IoT) is important and the CSCP is part of its efforts to do so.

The goal of this new project is to assess current IoT technologies and determine the threat and risk vectors for Internet of Things (IoT). TwelveDot, which has significant experience in IoT including its development of iBeacon solutions, Mach-12 and HiveSense, will create a test bed for evaluating IoT based technologies not just in the laboratory but also in production deployments. Included in this will be the creation of a monitoring technology specific to IoT deployments for identification of attacks on these networks. TwelveDot will produce a research report and guidance document for industry in both languages for publication in the spring of 2017.

IoT is growing at an exponential rate. According to Cisco, there will be 26.3 billion networked devices in 2020, up from 16.3 billion in 2015. In just four years time the number of devices connected to IP networks will be more than three times the global population.

Global Devices and Connections Growth

 

 

Source: Cisco VNI Global IP Traffic Forecast, 2015–2020

Furthermore, according to the International Data Corporation, the worldwide IoT market will grow from $655.8-billion (U.S.) in 2014 to $1.7-trillion in 2020 with a compound annual growth rate of 16.9 per cent. Despite this Canadian business appears to be behind the curve on security especially in IoT. A survey of top-level Canadian executives conducted on behalf of Microsoft Canada revealed that over half said they were completely unaware of IoT, 72 per cent were confused by it and 24 per cent said they had no sense of how it could impact their businesses. Consequently the need for education regarding IoT in Canada is great. TwelveDot is aiming to contribute to helping fill this need through this research project and bring some much needed education to securing these solutions.

“It is an honour to be awarded a second project under the CSCP program. Our first project was for mobile application security using TwelveDot’s proprietary GCAM methodology. We look forward to delivering on the mission of this project as well as helping to close the IoT gap in Canada by educating both businesses and citizens.” said Faud Khan, CEO and Chief Security Analyst, TwelveDot.

 

About TwelveDot Inc.

TwelveDot is a team of IT specialists that is obsessed with solving information and cyber security issues, in particular, the ones your company or organization faces. We help businesses of all sizes handle information and cyber security challenges and issues efficiently and cost-effectively. While organizations and companies struggle to ensure their data and operations are secure on a daily basis, many miss vital warning signs that something is amiss. This is where we come in as we are the canary in your cyber security coalmine. We are devoted to being your unbiased, objective and collaborative partner. We respect your privacy and will never share your sensitive information or keep your data. We want to help companies better understand their true data risks and how their teams can manage these risks effectively on a daily basis. We demystify the marketing speak of security solutions and focus on identifying and dealing with the risk and exposure elements.

 

For more information, please contact:

Faud Khan

Tel: 613.447.3393

Email: faud.khan@twelvedot.com

 

Starting next week Canada will be hosting the 3rd meeting of the WG 10 IoT in Ottawa.

These meeting are building towards the completion of ISO 30141 A Reference Architecture for IoT. We have many of the biggest companies, consortiums, special interest groups all in attendance. While, I am attending as an expert my focus is on the security and privacy elements of IoT. Over the summer,  I lead a SRG to develop the draft content for a Conceptual Reference Model (CRM) for this standard. While it is still a work in progress we are making significant strides on a base model.

I will provide more details next week once we begin our sessions and some details on what the major themes are.