Dr. Murray presented current issues with IoT technologies at the Information Systems Security Association (ISSA). The ISSA Colorado Springs Chapter - Cyber Focus Day on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 was “Cybercrime”.
AWS Community Day CPH - Three problems of Terraform
Internet of things, New Challenges in Cyber Crime
1. Dr. Shawn P. Murray, C|CISO, CISSP, CRISC
The Internet of Things
New Challenges in Cyber Crime
ISSA Cyber Focus Day - 25 March 2015
2. Agenda
– Internet of Things (IoT) Defined
– Emerging Technologies
– 5-10 years
– 10-20 years
– Challenges
• Cyber Crime, Terrorism and Laws
– Balancing Technology with Security
– Cyber Security Professionals (short falls)
– Questions/Open Discussion
3. Internet of Things Defined
– The Internet of Things (IoT) is a scenario in which objects, animals or
people are provided with unique identifiers and the ability to transfer
data over a network without requiring human-to-human or human-to-
computer interaction.
– IoT has evolved from the convergence of wireless technologies, micro-
electromechanical systems (MEMS) and the Internet.
– A thing, in the Internet of Things, can be a person with a heart monitor
implant, a farm animal with a biochip transponder, an automobile that
has built-in sensors to alert the driver when tire pressure is low -- or any
other natural or man-made object that can be assigned an IP address
and provided with the ability to transfer data over a network.
Source: http://whatis.techtarget.com/definition/Internet-of-Things
4. IoT & IoE
“The Internet of Things (IoT/IoE) is here today in the devices,
sensors, cloud services and data your business uses. Begin with
what matters most to your company: the Internet of Your Things.
Making the seemingly impossible possible.” Microsoft
“The IoE is expanding our understanding and enriching our
experiences. Our goal is to connect the remaining everything. And
not just to connect, but to change everything for the better.” Cisco
“The Internet of Things (IoT) has enormous potential to drive
economic value and social change. But with 85% of things still
unconnected and security threats pervasive, the industry has yet
to tap IoT’s enormous potential.” Intel
5.
6. We already have more devices
that connect to the internet than
we have people
7. IoT & IoE
Google’s Person Finder, or a Facebook application
– Could evolve into a system that, with permission,
• identifies all that information as connected, much like a digital
private detective,
• piecing it together to come to conclusions on behalf of human
“clients,” whether they be doctors, friends, or government
agencies.
The implications are that your digital footprint
would be used for positive things.
Source: http://techonomy.com/2013/04/everything-changes-with-the-internet-of-everything
8. Emerging Technologies
– New Heartbeat Detector May Save Lives After
Disasters
– Portable technology will help search and rescue
teams find people more quickly.
Source: http://news.nationalgeographic.com/news/2013/09/130925-heartbeat-finder-search-rescue-technology-science/
Researchers with the Jet Propulsion
Laboratory (JPL) in Pasadena, California, have
developed a device the size of a small carry-on
bag that uses microwaves to detect human
heartbeats in piles of rubble, which can bury
people following natural disasters such
as earthquakes.
9. Emerging Technologies
– In 10-15 Years, it is predicted that there will be no
more life expectancy due to medical technology
advances
– 3D Printing technology will allow doctors to print
human body parts
– Holographic technologies and imbedded bio-
transmitters will allow extended virtual environments
where people can manage anything
– Solar technology will help power and integrate global
communications in new ways
10. Emerging Technologies
– Now & 5-10 years
• Traffic Management Systems
• Parking Solutions – 30% of traffic congestion is caused
by people looking for a parking space
11. Solar Technology & Roadways
• Will integrate communications
• Provide power
• Connect everything….
– New ISP capabilities even for rural areas
There will be 11.8 million
driverless cars on the road
by 2035 and nearly all American
on-the-road vehicles will become
driverless by 2050.
Source: Inferse
12. – Emerging Technologies
– 10-20 years
• Space Travel
• Floating Cities
Space picture - the Virgin Galactic
spacecraft SpaceShipTwo in flight
Space Tourism by 2023?
Innovative spacecraft may be
ferrying tourists to and from space
within the next decade.
From an underwater "oceanscraper" to
floating apartments, these fantastical
green building designs could be immune
to sea level rise.
Source: http://science.nationalgeographic.com/science/innovation/the-future/
14. – Hackers Can Take Over Cars and Drive Them
With a Nintendo Controller
A pair of security experts demonstrated to the BBC that some ordinary
models of cars can be overridden—despite whatever the driver is doing
behind the wheel—using a laptop, some software, and an old Nintendo
Entertainment System gamepad
15. Cyber Crime
• Hacked fridge sends out malicious emails in unprecedented
cyber attack
Internet of Things cyber attack has shown, our
appliances are being made to turn against us.
• According to the security firm Proofpoint, a number of so-
called smart appliances were compromised what they're
calling one of the first orchestrated Internet of Things cyber
attacks.
• Appliances included in the attack included smart TVs,
wireless speaker systems, connected multi-media centers,
home-networking routers — and at least one refrigerator.
16. Cyber Crime
Cyber crime: 1st online murder will happen by end of year, warns US firm
The rapidly evolving Internet of Everything will leave us more vulnerable to cyber criminals, according
to a worried Europol
• Governments are ill-prepared to combat the looming threat of "online murder" as cyber criminals
exploit internet technology to target victims, the European policing agency warned. In its most
alarming assessment of the physical danger posed by online crime, Europol said it expected a
rise in "injury and possible deaths" caused by computer attacks on critical safety equipment.
• The concept is behind the likely development of smart homes, cars and even cities, but police
warned that the failure to protect devices properly could see them open to being hacked by
outsiders to make money or to attack opponents.
• The former US vice-president Dick Cheney – who has a long history of heart problems – revealed
last year that the wireless function had been disabled on his implanted defibrillator because of
concerns that outsiders could hack the network and provoke a heart attack.
Scammers May Use Paris Terrorist Attack to Solicit Fraudulent Donations Tue, 10 Feb 2015
Business E-mail Compromise Thu, 22 Jan 2015
University Employee Payroll Scam Tue, 13 Jan 2015
New Twist to the Telephone Tech Support Scam Thu, 13 Nov 2014
Sources: http://www.independent.co.uk/life-style/gadgets-and-tech/news/first-online-murder-will-happen-by-end-of-year-warns-us-firm-9774955.html
1.New Twist to the Telephone Tech Support ScamThu, 13 Nov 2014
17. Cyber Terror - 100 Military Personnel on ISIS 'kill list‘
ISISv"kill list" created by alleged sympathizers of the Islamic State group,
according to reports.
The list, which was posted online and reported over the weekend, includes the
identities of 100 pilots, airmen, sailors and commanders involved in the U.S.-led
airstrikes against the group in Iraq and Syria, a Pentagon official told USA
TODAY on Monday.
The group that posted the information identified itself as the Islamic State
Hacking Division. Its list features the photographs of service members along with
their names, rank and home addresses. That information, Warren said, was
publicly available and did not come from a data breach.
In many cases, the troops' identities are on military web sites and social media
pages.
(Photo: Getty Images)
18. Challenges - FBI
• We are building our lives around our wired and wireless networks. The
question is, are we ready to work together to defend them?
• The FBI certainly is. We lead the national effort to investigate high-tech
crimes, including cyber-based terrorism, espionage, computer intrusions,
and major cyber fraud.
• To stay in front of current and emerging trends, we gather and share
information and intelligence with public and private sector partners
worldwide.
• Cases & Takedowns
- Operation Ghost Click
- Coreflood Botnet
- 2,100 ATMs Hit at Once
- Operation Phish Fry
- Dark Market
Sources: http://www.fbi.gov/about-us/investigate/cyber
19. Balancing Technology with Security
• Laws need to coincide with capabilities
• Holding developers accountable to specific standards
• Tougher sentences for those that commit serious cyber crime
• Ensuring consumers are using technologies securely
• Conveniences should not overcome security when the risk is to
great.
• Assessment criteria needs to be established to establish
security standards at an international level
• Connected devices should have various classifications
• Encryption standards should be mandatory for classification of
devices
20. Cyber Security Professionals (short falls)
• The numbers are startling: The U.S. Cyber Command seeks 5,000
cybersecurity pros.
• Federal government needs 10,000 cybersecurity experts in the near future.
• Department of Homeland Security's comparatively small yet urgent demand
for 600 new cybersecurity employees is dizzying once the logistics are
considered.
• Talk to any recruiter in the Washington region and they will tell you
cybersecurity jobs are among the most difficult for them to fill. Workers with
the right skills are relatively hard to come by, and in a labor market
dominated by the federal government and its contractors, they are in
especially high demand.
• Companies, universities and government entities are all focused on finding
ways to close the gap: Educational partnerships. Hackathon competitions.
Internal corporate training programs. A regional task force
Source: http://fcw.com/articles/2013/10/15/cybersecurity-workforce-crisis.aspx
Soufrce: http://www.washingtonpost.com/business/capitalbusiness/an-argument-that-the-shortage-of-cyber-workers-is-a-problem-that-will-solve-itself/2014/06/27/dbab364a-fe00-
11e3-8176-f2c941cf35f1_story.html
21. Cyber Security Professionals - Reaping the Benefits
Given that a significant portion of the up-and-coming workforce is less concerned about pay than other
things, here's a list of some of the most outrageous and awesome benefits that some IT companies
offer. The government probably can't match most of them, but a good federal job can mean a solid
foothold in industry later, and plentiful cyber pros with broad experience can benefit both the public
and private sectors.
* Cisco Systems: An on-site health care center offers a full suite of medical services that include
primary care, physical therapy, a pharmacy and more. Child-care services are also available.
* Google: Well-known as the big kahuna of perks, Google offers free food, bocce courts, bowling
alleys, gyms, an organic kitchen, on-site vehicle maintenance services and an indoor slide, among
other benefits.
* Microsoft: Employees enjoy generous paid maternity and paternity leave, with up to 10 weeks for
new moms. The Redmond, Wash., headquarters has an organic spa on site, and mentoring programs
are available as well.
* Yahoo: Despite a recent ban on telework, employees still enjoy discounts at ski resorts and
California theme parks, and up to 16 weeks of paid maternity leave and eight weeks of paid paternity
leave.
* Boeing: In addition to 12 paid holidays, employees also enjoy a winter recess between Christmas
and New Year's Day.
Source: http://fcw.com/articles/2013/10/15/cybersecurity-workforce-crisis.aspx
22. Cyber Security Professionals – Challenges
• Professional Skills
• Professional Attitude
• Qualified
– IT experience first
– Cyber security always
• Criminal and Background Checks
• Certifications vs education
• Mentorship
– Mentors
– Professional Organizations
– Peer accountability
23. References & Resources:
Microsoft
http://www.microsoft.com/en-us/server-cloud/internet-of-things.aspx#Fragment_Scenario1
Azure IoT suite will provide finished applications to speed deployment of common scenarios, such as remote
monitoring, asset management and predictive maintenance, while providing the ability to grow and scale solutions to
millions of “things.”
Cisco
http://www.cisco.com/web/offers/iot-solutions/lopez-iot-whitepaper/index.html
The Internet of Things (IoT) is increasing the connectedness of people and things on a scale that once was
unimaginable. Connected devices outnumber the world's population by 1.5 to 1.
Intel
http://www.intel.com/content/www/us/en/internet-of-things/overview.html?cid=sem132p41890g-
c&gclid=CjwKEAjwucmoBRDmysGsgbDr5j0SJAAxL9abqs1oZvWWs3ex4l_hM5Yv5bE2y5h6mQMaY7RRpBEkwhoCGAnw_wcB
The Internet of Things (IoT) is taking shape. Intel helps connect things to the cloud, integrate with existing infrastructure, and securely manage
data.
24. References & Resources:
More Resources
- DOJ Computer Crime & Intellectual Property Section
- National Strategy to Secure Cyberspace
- Secret Service Electronic Crimes Task Forces
- Stop.Think.Connect. Campaign