iot security and the guidelines in japan
play

IoT Security and the Guidelines in Japan 3. IoT Security Guidelines - PowerPoint PPT Presentation

Feb 13, 2023 •334 likes •407 views

Content # What is IoT 1. 2. Cyber Threats to IoT IoT Security and the Guidelines in Japan 3. IoT Security Guidelines in Japan 4. Conclusion April 11th, 2017 Mr. Takashi Michikata Deputy Director, ICT Security Office Ministry

  1. Content ‹#› What is IoT � 1. 2. Cyber Threats to IoT IoT Security and the Guidelines in Japan 3. IoT Security Guidelines in Japan 4. Conclusion April 11th, 2017 Mr. Takashi Michikata Deputy Director, ICT Security Office Ministry of Internal Affairs and Communications, JAPAN What is IoT � Content ‹#› 3 ‹#› IoT stands for “Internet of Things” What is IoT � 1. 2. Cyber Threats to IoT 3. IoT Security Guidelines in Japan ITU-T Recommendation (Y.2060) defines IoT as 4. Conclusion � “A global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies.”

  2. Content ‹#› Is IoT a Buzz Word? ‹#› 4 Is the concept of IoT old? What is IoT � 1. British entrepreneur Kevin Ashton in MIT coined the term in 1999. 2. Cyber Threats to IoT - Wikipedia (Photo by Larry D. Moore CC BY-SA 3. IoT Security Guidelines in Japan Is IoT available everywhere? 4.0) � The total number of IoT devices in the world will ➢ 4. Conclusion grow from 15.8 billion in 2013 to about 53 billion in 2020. - IHS Technology Has the technology development finally caught up the concept? New Types of Cyber Threats to IoT ‹#› Number of IoT Devices and Areas of the Use ‹#› 5 More than HALF of IoT Security Protections on IoT are necessary as IoT devices such as [million automobiles and cameras are starting to be connected to the Internet Devices will be used in units] through WiFi or cellular phone networks. Consumer Applications Hacking an automobile by remote control Footage captured by CCTV are published on the Internet Automotive Hacking from a remote location through a cellular phone Some users do not even notice that their cameras are network. connected to the Internet. Consumer Taking over the entire control of an Applications automobile including a steering Attacker and braking control Attacker Generic through a car navigation system. Business Vertical Business [year] (Source) WIRED It was proved that accidents affecting human lives could A large number of footage captured by CCTVs located occur, and a car company recalled about 1.4 million in Japan are disclosed overseas through the Internet vehicles. because of the insufficient security protection. Source: Gartner, “Forecast Analysis: Internet of Things, Endpoints and Associated Services, Worldwide, 2014 Update”, December, 2014 5

  3. packet’s src and dst from time the IP addresses in real- geographical positions of a ・NICTER shows DDoS Cyber Attack Case by IoT ‹#› Network Incident analysis Center for Tactical Emergency Response (NICTER) ➢ Dyn’s managed DNS infrastructure were under two large DDoS attacks in October, 2016 and ■ � National Institute of Information and Communication Technology (NICT) has Network Incident the major customers including Amazon and Twitter were affected. analysis Center for Tactical Emergency Response (NICTER) that monitors malicious incoming cyber ➢ The attacks were caused by Mirai IoT botnet. Similar cases were reported in UK and traffic to a dark net (a chunk of about 300,000 unused IP addresses.) Germany. • About 100,000 IoT devices created massive traffic to the Dyn’s system • The total traffic volume reached 1.2 Tbps # of packets observed by NICTER [Billion] source: http://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/ 128 Many scan packets generated in IoT devices worldwide had been observed by NICTER 55 ■ TCP SYN since the beginning of September ■ TCP SYN/ACK ■ TCP ACK ■ TCP FIN ■ 2323/TCP ■ TCP RESET 26 ■ TCP PUSH # of 13 ■ TCP Other ■ UDP observed ■ ICMP packets ■ 2323/TCP # of hosts Examples of Infected IoT Devices ‹#› 9 What is the percentage of observed cyber attacks to IoT? Cyber Attacks observed by NICTER in 2016 2 of observed 3 cyber attacks to IoT 1 in 4 2015 Source: Yoshioka’s Research Laboratory, Yokohama National University, Japan

  4. Case on Hacked IoT Device (3) ‹#› 14 Case on Hacked IoT Device (1) ‹#› 12 Then, a solar power controller was found Malicious Email Header sent from a certain IP address Exactly same time Case on Hacked IoT Device (4) ‹#› 15 Case on Hacked IoT Device (2) ‹#› 13 ● The Email contains a brief message saying “Wait for your response.” The device with the IP address seem to locate nowhere in the woods. But why? ● It has a zipped attached file which wraps an executable file(.jpeg.exe.).

  5. ‹#› 18 Why is IoT vulnerable to Cyber Attacks? ‹#› CSA’s “Security Guidance for Early Adopters of the Internet of Things” Hard to manage the devices ➢ Cloud Security Alliance, USA, published “Security Guidance for Early Adopters of the Internet of Things” and it recommends security protection strategies on each one of IoT service layers as edge devices, gateways/applications, and enterprise computing/cloud storage/data analytics. Always online Long product lifecycle Almost no protections available such as anti-virus software Source: Cloud Security Alliance , “Security Guidance for Early Adopters of the Internet of Things (IoT)”, April 2015 18 Content ‹#› 19 ‹#› FBI’s “Internet of Things Poses Opportunities for Cyber Crime” ➢ The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats. What is IoT � ➢ The recommendations covers Q&As such as “What are some IoT devices?”, “What are 1. the IoT Risks?”, and “What an IoT Risk Might Look Like to You?” ■ Consumer Protection and Defense Recommendations 2. Cyber Threats to IoT • Isolate IoT devices on their own protected networks; • Disable UPnP on routers; • Consider whether IoT devices are ideal for their intended purpose; 3. IoT Security Guidelines in Japan • Purchase IoT devices from manufacturers with a track record of providing secure devices; • When available, update IoT devices with security patches; • Consumers should be aware of the capabilities of the devices and appliances installed in their homes 4. Conclusion and businesses.; • Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device; • Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer. etc.” Source: FBI, “Internet of Things Poses Opportunities for Cyber Crime” 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Developing New Regulatory Guidelines on Seismic Isolation of Japan and the US September 6, 2012

Developing New Regulatory Guidelines on Seismic Isolation of Japan and the US September 6, 2012

IEM on Protection against Extreme Earthquakes and Tsunamis in the Light of the Accident at the Fukushima Daiichi NPP Vienna, Austria Developing New Regulatory Guidelines on Seismic Isolation of Japan and the US September 6, 2012 Japan Nuclear

615 views • 47 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Stronger Security Variants of GCM-SIV Tetsu Iwata 1 Kazuhiko Minematsu 2 FSE 2017 Tokyo, Japan

Stronger Security Variants of GCM-SIV Tetsu Iwata 1 Kazuhiko Minematsu 2 FSE 2017 Tokyo, Japan

Stronger Security Variants of GCM-SIV Tetsu Iwata 1 Kazuhiko Minematsu 2 FSE 2017 Tokyo, Japan March 8 2017 Nagoya University, Japan NEC Corporation, Japan Supported in part by JSPS KAKENHI, Grant-in-Aid for Scientific Research (B),

448 views • 31 slides
Whats App Security Guidelines Information Security Education and Awareness (ISEA) Project

Whats App Security Guidelines Information Security Education and Awareness (ISEA) Project

Whats App Security Guidelines Information Security Education and Awareness (ISEA) Project Phase-II Introduction WhatsApp Messenger is a FREE messaging app Available in Android, IOS and many other smartphones. WhatsApp uses your

380 views • 26 slides
During the Cold War, Japan clearly understood that it was the anchor in Americas East Asian

During the Cold War, Japan clearly understood that it was the anchor in Americas East Asian

Conference Organized by the Institute for International Policy Studies, Tokyo, Japan U.S. Natl Defense Strategy & Security of Japan: U.S. Military Transformation & Beyond (Presentation by: James L. Schoff, Institute for Foreign

212 views • 17 slides
GUIDELINES: ITS IMPACT ON SOUTH AFRICAS VAT 17-18 April / Tokyo, Japan Scope Brief

GUIDELINES: ITS IMPACT ON SOUTH AFRICAS VAT 17-18 April / Tokyo, Japan Scope Brief

THE VAT/GST GUIDELINES: ITS IMPACT ON SOUTH AFRICAS VAT 17-18 April / Tokyo, Japan Scope Brief introduction to South Africas VAT system Development of the Guidelines Impact on South Africa Conclusion 2 Introduction to

401 views • 8 slides
SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES 17-18 April 2014 Tokyo, Japan

SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES 17-18 April 2014 Tokyo, Japan

SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES 17-18 April 2014 Tokyo, Japan Prof. Walter Hellerstein, University of Georgia Law School Schedule for this session Overview of parallel sessions objective European

424 views • 6 slides
Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence equipment partner with Japan after the United States How? create a genuine two-way street of defence equipment cooperation including direct

910 views • 18 slides
SECTET SECTET Model driven Security of Service Oriented Systems y y based on Security as

SECTET SECTET Model driven Security of Service Oriented Systems y y based on Security as

Japan-Austria Joint Workshop on ICT October 18-19 2010, Tokyo, Japan SECTET SECTET Model driven Security of Service Oriented Systems y y based on Security as a Service Basel Katt , Ruth Breu, Mukhtiar Memon and Michael

646 views • 26 slides
Security, Auditability, and Threats: The VVSG2007 Security Architecture Presentation for the

Security, Auditability, and Threats: The VVSG2007 Security Architecture Presentation for the

Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Security, Auditability, and Threats: The VVSG2007 Security Architecture Presentation for the Technical Guidelines Development Committee (TGDC) John Kelsey Dec 4/ 5,

292 views • 18 slides
Recent Developments in Governmental Regulation of Biomedicine in Japan Eiji Maruyama Kobe

Recent Developments in Governmental Regulation of Biomedicine in Japan Eiji Maruyama Kobe

Recent Developments in Governmental Regulation of Biomedicine in Japan Eiji Maruyama Kobe University Graduate School of Law Kobe, Japan A Law and Several Sets of Ethical Guidelines for Biomedicine in Japan An Act to Regulate Human

477 views • 24 slides
20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79

20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79

20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79 % required breach 48 % exists? improve 62 % security page 03 * Gemalto The State of IoT Security Honeypot A honeypot is a computer

631 views • 25 slides
Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security

Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security

Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security of the space activities Avv. Francesco Amicucci Thales Alenia Space Italia S.p.A., Rome, Italy 1 Cybersecurity The state of being protected

589 views • 31 slides
Capstone Oral Presentation Data Security Guidelines for Student Information Systems

Capstone Oral Presentation Data Security Guidelines for Student Information Systems

Western Governors University Capstone Oral Presentation Data Security Guidelines for Student Information Systems Introducing John Escalera B.S. Computer Science Senior Software Engineer and Analyst @ Educational Evaluation Organization

158 views • 11 slides
http://www.unmultimedia.org/photo/guidelines.jsp River Basins and the Water-Energy-Food Security

http://www.unmultimedia.org/photo/guidelines.jsp River Basins and the Water-Energy-Food Security

IISD GWSP Conference on the Water-Energy-Food Security Nexus May 1 5 2012 Amudarya River Basin Preliminary results of the GCI II survey http://www.unmultimedia.org/photo/guidelines.jsp River Basins and the Water-Energy-Food Security

304 views • 15 slides
Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and Implementation Activities . Joe Weiss, PE, CISM Executive Consultant Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Stuart

947 views • 49 slides
NNLO Virtual QCD Corrections for W Pair Production at the LHC Grigorios Chachamis University of

NNLO Virtual QCD Corrections for W Pair Production at the LHC Grigorios Chachamis University of

NNLO Virtual QCD Corrections for W Pair Production at the LHC Grigorios Chachamis University of Wuerzburg in collaboration with M. Czakon and D. Eiras PSI seminar talk, PSI, Villigen, 13 December 2007 Outline Introduction W pair

581 views • 39 slides
Primary 6 Networking Session 31 March 2017 CHIJ Our Lady of the Nativity Simple in Virtue,

Primary 6 Networking Session 31 March 2017 CHIJ Our Lady of the Nativity Simple in Virtue,

Welcome to Primary 6 Networking Session 31 March 2017 CHIJ Our Lady of the Nativity Simple in Virtue, Steadfast in Duty Objectives To establish a positive and collaborative partnership with the form teacher. To network with other

315 views • 14 slides
News from Pythia Neutrino grassroots discussion @ Fermilab (March 15 2016) Stefan Prestel,

News from Pythia Neutrino grassroots discussion @ Fermilab (March 15 2016) Stefan Prestel,

. News from Pythia Neutrino grassroots discussion @ Fermilab (March 15 2016) Stefan Prestel, remotely :( p Only for pp Pros and cons of PYTHIA 8 + More perturbative physics: Matching and Merging! high-priority for developers any longer.

351 views • 12 slides
Accelerating NoSQL on ioMemory November 2013 Fusion-io at a Glance Founded: December 2005 to

Accelerating NoSQL on ioMemory November 2013 Fusion-io at a Glance Founded: December 2005 to

Accelerating NoSQL on ioMemory November 2013 Fusion-io at a Glance Founded: December 2005 to solve the Data Supply Problem Operations: Salt Lake City (HQ), San Jose and Denver Employees: ~750 Results To Date: More than 3,500

636 views • 28 slides
Dr. Anneke Zuiderwijk Delft University of Technology Objective Describe the new opportunities

Dr. Anneke Zuiderwijk Delft University of Technology Objective Describe the new opportunities

A Europe-wide Interoperable Virtual Research Environment to Empower Multidisciplinary Research Communities and Accelerate Innovation and Collaboration An Analysing op open data in Virtual Research En Environm nments: s: Ne New col ollabor

169 views • 16 slides
Consistency Protocols Description describe an implementation of a specific

Consistency Protocols Description describe an implementation of a specific

Consistency Protocols Description describe an implementation of a specific consistency model Classification Distributed Systems (ICE 601) primary-based protocols remote-write protocols Replication & Consistency

425 views • 4 slides
Algorithms for Identifying Rigid Subsystems in Geometric Constraint Systems Christophe Jermann,

Algorithms for Identifying Rigid Subsystems in Geometric Constraint Systems Christophe Jermann,

Algorithms for Identifying Rigid Subsystems in Geometric Constraint Systems Christophe Jermann, LINA, University of Nantes Bertrand Neveu, Gilles Trombettoni, INRIA/I3S/CERTIS, Sophia Antipolis Contents Definitions Geometric

924 views • 60 slides
Generic Traits of EWBG-ready BSMs Daniel J. H. Chung Electroweak Baryogenesis References

Generic Traits of EWBG-ready BSMs Daniel J. H. Chung Electroweak Baryogenesis References

Generic Traits of EWBG-ready BSMs Daniel J. H. Chung Electroweak Baryogenesis References Incomplete list of ewbgenesis people: Ambjorn, Arnold, Ashoorion, Baek, Blum, Some overview references Bochkarev, Bodeker, Brhlik, Carena,

366 views • 22 slides

More recommend