Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Cloud Security Alliance, 2016 Brian Russell, Leidos Co-Chair, IoT WG 2 March 2016.

Published byMyrtle Harris Modified over 8 years ago

Similar presentations

Presentation on theme: "© Cloud Security Alliance, 2016 Brian Russell, Leidos Co-Chair, IoT WG 2 March 2016."— Presentation transcript:

1 © Cloud Security Alliance, 2016 Brian Russell, Leidos Co-Chair, IoT WG 2 March 2016

2 Agenda © Cloud Security Alliance, 2016 IoT WG Goals 2015 Accomplishments 2016 Plan

3 Looking Back at 2015 1.Branched off from Mobile WG 2.Published “Security Guidance for Early Adopters of the IoT” 3.Published “Summary Guidance for IoT Identity and Access Management” 4.Co-Published “Cyber Security Guidelines for Smart City Technology Adoption” 5.Collaborated with Federal Communications Commission (FCC) IoT WG 6.Began new document focused on designing and developing IoT devices securely

4 Security Guidance for Early Adopters of the IoT © Cloud Security Alliance, 2014. Released April 2015 with over 35 volunteers contributing content Guidance reviewed by both FCC and DHS as input into IoT security strategies GlobalSign Review of our Early Adopters Guidance: Overall, I'm impressed by the guidance the CSA has put forward with explicit technical details around cryptography and PKI. Until recently, much of the conversation surrounding IoT security has been abstract or generic, so it's exciting to see this concrete advice being released by industry thought leaders.

5 Summary Guidance for IoT Identity and Access Management © Cloud Security Alliance, 2014. Led by Arlene Mordeno, Edgile from IoT WG First in a series of smaller documents aimed at specific aspects of IoT security

6 Cyber Security Guidelines for Smart City Technology Adoption © Cloud Security Alliance, 2014. Demonstrated IoT WG desire to collaborate with other organizations Co-published by both Securing Smart Cities and CSA Focused on high level secure acquisition guidance for smart city officials Technology Selection Technology Implementation, Operation & Maintenance Technology Disposal

7 Collaboration with FCC IoT Security Working Group © Cloud Security Alliance, 2014. FCC Technological Advisory Group (TAG) includes an IoT Security WG Focused on consumer technology FCC needed answers to six questions: 1.What are the underlying technologies (e.g., WiFi, ZigBee, GPRS, LTE) that dominate the IoT space? and what security vulnerabilities and challenges do they present in the IoT environment? 2.What other security challenges face IoT consumer products? For example, to what extent does lack of physical security pose a threat to unsupervised IoT devices? Explain. 3.What is the industry doing to secure and protect battery-operated and resource- constrained (i.e., minimum computing power and memory) M2M devices, which cannot encrypt its data? 4.How are the IoT/M2M stakeholders addressing those security challenges and vulnerabilities, and what are the gaps? 5.What is the potential impact of these security challenges on the future of IoT/M2M industry, the end user and the economy, especially when IoT devices become fully integrated in all of our systems, including our critical infra.? 6.What role could the FCC play in facilitating positive changes in the security, privacy and resiliency of M2M/IoT devices and systems?

8 2016 Plan Secure Design & Development of IoT Devices Connected Vehicle Security Smart Health Research Securing Cloud Services for the IoT

9 Secure Design and Development of IoT Devices © Cloud Security Alliance, 2014. Deep dive into secure design and development approaches for IoT devices In peer review now, with requests to OWASP IoT and others outside of CSA for reviews/edits

10 Connected Vehicle Security © Cloud Security Alliance, 2014. Short term feedback on Connected Vehicle security strategy to be shared with FHWA Connected Vehicles offer the opportunity to reduce collisions and save lives These vehicles are designed to communicate with one another, their environment and even pedestrians Messages are provided with integrity, authenticity and in some cases confidentiality protections Privacy controls are also built-in to the protocols and support systems that CV technology relies upon In all cases, the infrastructure that binds these CV components together must be developed and maintained securely Are the threats identified sufficient? Are planned mitigations appropriate?

11 Connected Vehicle Security © Cloud Security Alliance, 2014. Short term feedback on Connected Vehicle security strategy to be shared with FHWA Connected Vehicles offer the opportunity to reduce collisions and save lives These vehicles are designed to communicate with one another, their environment and even pedestrians Messages are provided with integrity, authenticity and in some cases confidentiality protections Privacy controls are also built-in to the protocols and support systems that CV technology relies upon In all cases, the infrastructure that binds these CV components together must be developed and maintained securely Are the threats identified sufficient? Are planned mitigations appropriate?

12 Smart Health Research © Cloud Security Alliance, 2014. Goal - Bring together health care organizations that are members of the Cloud Security Alliance to discuss security topics related to the introduction and management of IoT devices in health care. Format: Each event is a panel format that focuses on a single IoT-related topic. Panel will consist of up to 4 health care experts selected by CSA from CSA membership organizations. Each event is moderated and lasts one hour and is in a webinar format. Event will be marketed for broad attendance to showcase CSA and member organization thought leadership in this space. Event Results: Event is archived for future viewing. Answers to questions are used as inputs into various CSA IoT WG research activities. Proposed Event Schedule May 2016 Securing Health IoT (Moderated by B. Russell) TBD Handling data remanence with wearables and smart medical devices (Moderated by Aaron Guzman) TBD Empowering Healthcare Ecosystem Using Collaboration Through Healthcare IoT (Moderated by Shyam Sundaram

13 Securing Cloud Services for the IoT Will become next version of our Security Guidance for Early Adopters document Focused on Cloud Security for the IoT Initial content may include: Cloud IoT Risks and Mitigations Regulations applied to cloud services for the IoT Security Considerations for Big Data Processing and storage Secure Access to Cloud Services Secure Life-cycle management of users and devices through the cloud platform Data Privacy

14 ? ? ? ? © Cloud Security Alliance, 2016

Download ppt "© Cloud Security Alliance, 2016 Brian Russell, Leidos Co-Chair, IoT WG 2 March 2016."

Similar presentations

Integrating the Healthcare Enterprise IHE Overview Keith W. Boone Interoperability Architect, GE Healthcare Co-chair, IHE Patient Care Coordination PC.

Integrating the Healthcare Enterprise IHE Overview Keith W. Boone Interoperability Architect, GE Healthcare Co-chair, IHE Patient Care Coordination PC.
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.

Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
© 2007 IBM Corporation © 2009 IBM Corporation 1 Tran Viet Huan, PhD CTO, IBM Vietnam IBM Research Global Technology Outlook.

© 2007 IBM Corporation © 2009 IBM Corporation 1 Tran Viet Huan, PhD CTO, IBM Vietnam IBM Research Global Technology Outlook.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
IT Governance Steering Committee December 2, 2010.

IT Governance Steering Committee December 2, 2010.
1. Presenters: Constantine Grantcharov Ryan Burbidge 2.

1. Presenters: Constantine Grantcharov Ryan Burbidge 2.
INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.
Sponsored by the National Science Foundation Comprehensive GENI Security Program Spiral 2 Year-end Project Review National Center for Supercomputing Applications.

Sponsored by the National Science Foundation Comprehensive GENI Security Program Spiral 2 Year-end Project Review National Center for Supercomputing Applications.
HL7 Webinar: Mobile Health Chuck Jaffe Austin Kreisler John Quinn 19 March 2012.

HL7 Webinar: Mobile Health Chuck Jaffe Austin Kreisler John Quinn 19 March 2012.
Indonesia ICT Consultative Forum (IICF) Coordinating Ministry for Economic Affairs | US-ASEAN Business Council KEMENKO PEREKONOMIAN REPUBLIK INDONESIA.

Indonesia ICT Consultative Forum (IICF) Coordinating Ministry for Economic Affairs | US-ASEAN Business Council KEMENKO PEREKONOMIAN REPUBLIK INDONESIA.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Similar presentations

Ads by Google