The Internet of Things: An Overview Karen Rose Senior Director, - PowerPoint PPT Presentation

The Internet of Things: An Overview Karen Rose Senior Director, Strategy & Analysis Internet Society 1

• IoT Concepts & Drivers • IoT Key Challenges Security (and recent DDOS attacks) Privacy Interoperability Paper available at: http://www.internetsociety.org/IoT 2

IoT Overview: Concepts & Drivers 3

What is IoT really? One view, from McKinsey Global Institute: • Despite the buzz, no single definition. Or agreed numbers, or categories, or taxonomies... • Different emphasis on different aspects of the concept • • Functionally: The extension of network connectivity and computing capability to a variety of objects, devices, sensors and everyday items allowing them to generate/exchange data, often with remote with data analytic/management capabilities. • As Value: Data & what can be done with it. • As a Vision: The realization of a ‘hyper-connected” world. This is why it matters. • This is why it’s hard. • 4

Computers, Networks, and “Things” “Machine to Machine” (M2M) Internet of Things Beginnings (~1970s +) Carnegie Mellon Internet Coke Machine (1982, 1990) Internet Toaster Trojan Room (1990) Coffee Pot (first webcam) (1991) 5

Internet Invariants: What Makes IoT Possible e s o p r u P l a r e n e G Interoperable No Permanent Building Blocks Favorites & h c a e R l a y b t o l i r G g e t n I Interoperability & mutual agreement s s e l n o i s s i n o m i r e t a P v o n n I Collaboration e l b i s s e c c A 6

If it’s not new, why now?: A Confluence of Market Trends UBIQUITOUS COMPUTING ADVANCES IN CONNECTIVITY ADVANCES IN COMPUTING UBIQUITOUS ECONOMICS DATA ANALYTICS DATA ECONOMICS CONNECTIVITY ANALYTICS MINIATURIZATION WIDESPREAD WIDESPREAD RISE OF CLOUD ADOPTION OF IP MINIATURIZATION ADOPTION OF IP COMPUTING 7

IoT Challenges 8

Key IoT Challenges 9

Key IoT Challenges 10

Security 11

Security Must be a Fundamental Priority • Security information technology is not new, but IoT presents different challenges • Growth in devices increases the surface available for cyberattack • Poorly secured devices affect the security of the Internet and other devices globally , not just locally . • Not just data at stake; Vulnerable devices interacting with the physical world could present risk to property and life Developers and users of IoT devices and systems have a collective obligation to ensure they do not expose others and the Internet itself to potential harm. 12

A Spectrum of Unique IoT Device Security Challenges • Limited Visibility into Internal • Cost/Size/Functionality Workings • Volume of Identical Devices • Embedded Devices • Deployment at Mass Scale • Physical Security Vulnerabilities • Long Service Life • Unintended Use • No / Limited Upgradability • BYOIoT Internet connectivity as the next product “value add” See also IETF RFC 7452 Architectural Considerations in Smart Object Networking 13

Recent IoT-Related DDoS Attacks • All Linked to the Mirai malware which uses IoT devices as Bots • Mirai source code released on hacking websites in October Date Target Size KrebsOnSecurity 20 September ~660 Gbps ( Security Blog) OVH 20 September ~1 Tbps (French Hosting Provider) DYN 21 October ~1.2 Tbps (DNS Managed Services) 14

Krebs DDoS attack data From CloudFlare POV & Analysis of KOSA: Location of top source ASN’s (wave 3): • Several waves of the attack • Largest attack originated from bots on 737 Networks • Some 128,833 unique IP addresses It’s not about where you are, it’s about what’s exploitable on your network! Source: https://blog.cloudflare.com/say-cheese-a-snapshot-of-the- massive-ddos-attacks-coming-from-iot-cameras/ 15

Images from: http://krebsonsecurity.com/ dyn.com, ovh.com and http://opte.org/

What vulnerabilities does Mirai exploit? • Human behaviour! • Scans the Internet for IoT devices that have not changed factory username and password defaults • 68+ username and password pairs in Mirai’s source code. Source: https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/ 17

The Good News: Internet Resiliency and Collaborative Security in Action • Key Action Points: • The Internet did not “go down” Good design practices • • Website & service disruptions but functionality restored relatively Data confidentiality, authentication, and • swiftly access control • Collaboration and collective action Field upgradability • across companies to stem the attacks Device obsolescence • • Widespread information sharing Standards and metrics • • Collaboration between private sector and government Consumer awareness • • Multistakeholder dialouges Penalties for irresponsible actors? • 18

Online Trust Alliance IoT Security Framework and Resources https://otalliance.org/initiatives/internet-things 19 19

Privacy 20

Privacy and IoT: Data is a Double-Edged Sword • The data streams /analytics that drive the value IoT can also paint very detailed and intrusive pictures of our lives. • Expands the feasibility / reach of surveillance and tracking • Redefining the debate about privacy issues • Can dramatically change the ways personal data is collected, analyzed, used and protected. • Implications on our: • Basic rights • Sense of personal safety and control • Ability to trust the Internet and devices connected to it. 21

Different Dimensions of Privacy Challenges in IoT Cross-Border Breakdown of Managing Across Data Flows “Notice and Many Devices Consent” Global Data Meaningful Protection Awareness & Control Discrimination Individual Aggregation of Law Preferences in Personal / Enforcement Common Contexts Behavioral Data 22

Enhancing Privacy in IoT • Strategies need to be developed that respect individual privacy choices across a broad spectrum of expectations, while still fostering innovation in new technology and services. Traditional on-line privacy models may not fit. • • Adapting/adopting basic privacy principles, such as: Transparency/Openness • Meaningful Choice • Data Minimization • Use Limitation • • Among others.. 23

Interoperability & Standards 24

I&S: Not Just a Tech Challenge, It’s a Market Issue 40% Interoperability is necessary to create up to Efficiency Scale 40 percent of the economic value generated by IoT Market Value -- McKinsey Global Institute Source: World Economic Forum Overall N. America Europe 25

Interoperability / Standards Considerations • Complex / Dynamic Service Delivery Chains and Use Cases • Land Rush and Schedule Risk • Proliferation of Standards Efforts Industry coalitions, alliances, SDOs, proprietary development etc. • • Where is Interoperability Needed? • Reusable Building Blocks • Best Practices and Reference Models Ultimately about advancing innovation and user choice Source: xkdc 26

Closing Thoughts • IoT is happening now, with tremendous transformational potential • May change the way we think about what it means to be “online” • But the challenges must be addressed to realize the opportunities and benefits • Significant. Real. But not insurmountable • Solutions won’t found by simply pitting promise vs. peril • It will take Informed engagement, dialogue , and collaboration across a range of stakeholders to find solutions and to plot the most effective ways forward. 27

Additional Information and Resources Internet Invariants: ISOC Deploy360 Resources: http://www.internetsociety.org/internet- http://www.internetsociety.org/deploy360/ invariants-what-really-matters Mutually Agreed Norms for Routing Security Collaborative Security: (MANRS) Initiative: http://www.internetsociety.org/ http://www.routingmanifesto.org/ collaborativesecurity ISOC IoT Overview Paper: Trust Policy Framework: http://www.internetsociety.org/iot http://www.internetsociety.org/doc/ policy-framework-open-and-trusted- internet Online Trust Alliance IoT Resources (IoT Framework, Consumer Check lists etc.): ISOC Briefing Papers: https://otalliance.org/iot http://www.internetsociety.org/ policybriefs 28

Thank You The Internet of Things: An Overview Understanding the Issues and Challenges of a More Connected World http://www.internetsociety.org/IoT Karen Rose Sr. Director, Strategy & Analysis rose@isoc.org 29