SlideShare a Scribd company logo
1 of 35
Download to read offline
IIoT Endpoint Security –
The Model in Practice
February 22, 2017
Industrial Internet Security Framework
#IICSeries
Guest Speakers
2
MARCELLUS BUCHHEIT
President and CEO, Wibu-Systems USA
Editor, Industrial Internet Consortium Security Framework
@WibuSystems
TERRENCE BARR
Head of Solutions Engineering, Electric Imp, Inc.
@electricimp
Motivation
Unprotected devices in internet are dangerous!
They can be used to:
• Intrude into local networks: stealing or deleting private data
• Block or alter websites or internet communication
• Upload viruses and start Denial-of-Service (DoS) attacks
Additional for IIoT:
• Shut down public or private services (electricity, water, sewer etc.)
• Prevent commercial usage (production, hospitals, hotels, PoS etc.),
• Damage or destroy industrial installations or produced parts
3
Motivation
Unprotected devices problematic for component manufacturer
• Example: FTC charges D-Link for unsecure routers and IP cameras
• https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk-
due-inadequate
Unprotected devices problematic for users/operators
• Example: Point-of-Sale (POS) attack at Target end of 2013
• 40 million credit cards and 70 million addresses stolen
• Target paid $50M+ for settlements
• http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
4
A few words about Wibu-Systems
• Wibu-Systems was founded in 1989 in Germany
• Global company targeting secure software licensing
• Offer security and licensing solutions for IIoT systems and devices
• More about the company: www.wibu.com
• More about the key product: http://www.wibu.com/codemeter
• More about IIoT security: http://www.wibu.com/embedded-software-
security
• And since 2015 member of the Industrial Internet Consortium (IIC)
5
About the IIC
Industrial Internet Consortium
Security Webinar
February 22, 2017
Kathy Walsh, walsh@iiconsortium.org
Director of Marketing
The Industrial Internet is Leading the Next Economic Revolution
7GDP data extracted from the Futurist 2007
Bring Together the Players to Accelerate Adoption
8
Connectivity
Standards
Technology
Research Academia
Systems
Integration
Security
Government
Big Data Industries
The Industrial Internet:
A $32 trillion opportunity
The IIC: Things are Coming Together
9
Things are coming together.
Academia
Standards
Research Systems Integration
Government
IndustriesConnectivity
Technology
Big Data
Security
The Industrial Internet Consortium is a global, member supported
organization that promotes the accelerated growth of the Industrial
Internet of Things by coordinating ecosystem initiatives to securely
connect, control and integrate assets and systems of assets with people,
processes and data using common architectures, interoperability and
open standards to deliver transformational business and societal
outcomes across industries and public infrastructure.
Launched in March 2014 by five founding members:
AT&T, Cisco, General Electric, IBM & Intel.
The IIC is an open, neutral “sandbox” where industry, academia and
government meet to collaborate, innovate and enable.
Industrial Internet Consortium Mission
Over 250 Member Organizations
Spanning 30 Countries
Securing IIoT Endpoints --
The Model
Industrial Internet Consortium
Security Webinar
February 22, 2017
Marcellus Buchheit, mabu@wibu.com
Wibu-Systems USA Inc.
Overview
What is an endpoint?
Why endpoint security?
Security functions of an endpoint
Implementing endpoint security
12
What is an Endpoint?
13
The IIoT Landscape: Where are Endpoints?
E
P
E
PE
P
E
P
E
P
E
P
E
P
What is an Endpoint (II)?
IISF and IIC defines endpoints similar as ISO/IEC 24791-1:2010 standard
does:
• An endpoint is one of two components that either implements and
exposes an interface to other components or uses the interface of another
component.
14
IIC simplified this definition (see IIC Vocabulary, version 2.0):
• An endpoint is a component that has an interface for network
communication.… but added a note for clarification:
• An endpoint can be of various types including device endpoint or an
endpoint that provides cloud connectivity.
Endpoint 1 Endpoint 2
Communication
What is an Endpoint (III)?
15
The IIoT Landscape: Endpoints are
everywhere!
E
P
E
PE
P
E
P
E
P
E
P
E
P
What is an Endpoint (IV)?
Summary:
• Endpoints are everywhere in an IIoT System (including edge and cloud)
• One single (security) model for all locations
• A single computer, even a device, can have several endpoints
• Example Router: One LAN endpoint, one WAN endpoint
• Frequently shared code/data between multiple endpoints
• Endpoint and its communication is another model
16
Why endpoint security?
Endpoints are the only location in an IIoT system where:
• Execution code is stored, started and updated
• Data is stored, modified or applied (“Data at Rest” / “Data in Use“)
• Communication to another endpoint is initiated and protected
• Network security is analyzed, configured, monitored and managed
17
Result: An attack to an IIoT system typically starts in attacking one or more
endpoints:
• Try to access the execution code and analyze to find weak security
implementation
• Attack weak communication protection via network
• Modify or replace (“hijack”) the execution code in a malicious way
IISF Endpoint Protection Model
18
Threats and Vulnerabilities to an IIoT Endpoint
19
1. Hardware components
2/3. Boot process
4. Operating System
5. Hypervisor/Sep. Kernel
6. Non-OS Applications
7. Applications and their API
8. Runtime Environment
9. Containers
10. Deployment
11. Data at Rest, Data in Use
12. Monitoring/Analysis
13. Configuration/Management
14. Security Model/Policy
15. Development Environment
Endpoint security: Solutions
• Start with a clean design of the security model and policies
• Define endpoint identity, authorization, authentication
• How other endpoints see me? What can they do with me?
• Define proper data protection model
• Integrity and confidentiality, especially of shared data-in-rest but also data-in-
use
• Define secure hardware, BIOS, roots of trust
• Includes lifetime of hardware, BIOS update, consistent root of trust
• Select secure OS, hypervisor, programming language
• Consider lifetime of (open source?), dynamic of programming language
• Consider isolation principles (4 different models explained in IISF)
• Plan remote code update and provide code integrity
• Security has an unspecific expiration date: needs update
• Code integrity prevents malicious remote code-hijacking
20
Endpoint security: Solutions (II)
• Plan “beyond the basics” security instantly
• Plan security configuration and management
• For example: defining, replacing and updating of keys and certificates
• User-friendly setting of access rights and authorization
• Plan endpoint monitoring and analysis
• For example: log all security configuration changes
• Log all unexpected remote activity
• Provide user-friendly analysis, alerts etc.
• Implement “state of the art”:
• Have a team of experienced security implementers
• Use latest versions of development tools, OS, hypervisors, libraries
• Test a lot, including malicious attacks
• Prepare and test your first remote update
21
Endpoint Security in Practice
Example which implements this endpoint security model in practice:
Terrence Barr, Electric Imp
22
Securing IIoT Endpoints --
In Practice
Industrial Internet Consortium
Security Webinar
February 22, 2017
Terrence Barr, terrence@electricimp.com
Head of Solutions Engineering
Endpoint Security
Electric Imp Introduction
Electric Imp
Industrial-strength IoT starts here
Secure IoT Connectivity Platform
Authorized Hardware
for connected devices
impOS™ and hardware
impCloud™
imp Enterprise API’s
BlinkUp™ & impFactory™
impSecure™
Proven IoT Deployments at Scale
• 2016: surpassed 1 Million WiFi/Ethernet devices
• 18B+ data messages per month
• 100+ customers; 105+ countries
Full Lifecycle, Trusted Security
• Passed security review
and pen-testing:
• In process: UL 2900-2-2: Cybersecurity Certification for
Industrial Controls plus first Affiliate program
• Aligned with IIC Security Framework
Fastest Prototype-to-Production
• 5 months for GE connected air conditioner
Endpoint Security
Implementation Approach
Endpoint Security: Part of Integrated and Managed Security
Silicon-to-Cloud Security – Defense in Depth & Defense in Time
7. Full Lifecycle
Managed Services
1. Edge Device Security
incl. Secure Silicon &
Managed Software
4. Secure Communication
via Managed Tunnel
3. Trusted
Manufacture &
Commissioning
6. Secure Cloud and Application
Integration
2. Data Privacy, Integrity &
Confidentiality
5. Protected Public &
Private Cloud
IISF Endpoint Protection
Techniques
Electric Imp Implementation
Protecting Endpoints: General Endpoint protection from the silicon upwards, every level tightly
integrated and tested for full coverage of security objective and no weak
links
Architectural Considerations for
Protecting Endpoints
Designed from the ground up for resource-constrained IoT devices and
real-world use cases and proven in large-scale customer deployments
Endpoint Physical Security Disabled hardware interfaces, tampering destroys individual module
Establish Roots of Trust Unique per-device keys, secure provisioning via cloud device
management
Endpoint Identity One-Time-Programming at module manufacturing time
Endpoint Access Control Mutual authentication with RSA certificates and ECC challenge-
response
Endpoint Integrity Protection HSM protected keys, secure boot, non-execution barriers with cloud
alerts
Endpoint Data Protection All processing on-die, all off-die storage with device-unique encryption.
TLS 1.2, AES-128, EDH forward secrecy.
Endpoint Monitoring and Analysis Extensive monitoring of security-sensitive operations
Endpoint Configuration and
Management
Endpoints managed, configured, and provisioned from the impCloud, all
updates signed, encrypted, and logged © Property of Electric Imp, Inc.
CONFIDENTIAL – NOT FOR DISTRIBUTION
Endpoint Security
Real-World Case Study
• Replace analogue lines
• Customer delight exceeds
expectations
• Recognized as Business
Transformation success story
1.5M
Customers
worldwide
Security
for regulated
markets
Reduce
service calls by
20%
© Property of Electric Imp, Inc.
CONFIDENTIAL – NOT FOR DISTRIBUTION
ROI –
Payback in 45 days on
connectivity costs
alone
impSecureTM: Integrated Silicon-to-Cloud Security and Connectivity managed by Electric Imp
‘Drop-In’ Postage Meter Retrofit: Device-to-Cloud Security and Connectivity
imp Application
Module
impOSTM
Meter
Integration
Code
Virtual Machine
paired Virtual Machine
Cloud
Meter
Code
Cloud
Integration
Code
Operations &
Device Lifecycle Management
Cloud Services
Electric Imp
Managed Cloud
USB
Commerce Cloud
Device-paired
Virtual Machines
Scalable to
millions of
devices
No changes to meter
No changes to cloud
Audited and Tested
Meets Postal and Government
Security Requirements
WiFi
Ethernet
IP tunnel
&imp
Endpoint Security
Conclusion
Integrated Security Platform: Customer Benefits
Leverage Proven Solution
• Build on tested and trusted security at a platform level
Isolation of Security Concerns
• Minimize time-to-market and risk of security mistakes
Integrated, Silicon to Cloud Security
• No weak links, even devices exposed in the field for many years
Managed Security as a Service
• Offload headache of ongoing security monitoring and maintenance
Qualify once, reuse many times
• Enable rapid, low-risk multi-product IoT strategy
®
Transforming the world
through the power
of secure connectivity
Thank you!
35
Things are coming together.
Community. Collaboration. Convergence.
www.iiconsortium.org
Additional Resources available as attachments
• Industrial Internet Security Framework
• Security Claims Evaluation Testbeds
• White Paper: Business Viewpoint of Securing the Industrial Internet
• Upcoming Webinars:
• March 30, 2017 Building Blocks for Securing the Smart Factory
• April, 2017 TBD

More Related Content

What's hot

Trends in IIoT and OT Security
Trends in IIoT and OT SecurityTrends in IIoT and OT Security
Trends in IIoT and OT SecurityOliver Pfaff
 
Future of supply chain using 5G, IoT and Blockchain by Murali Venkatesh
Future of supply chain using 5G, IoT and Blockchain by Murali VenkateshFuture of supply chain using 5G, IoT and Blockchain by Murali Venkatesh
Future of supply chain using 5G, IoT and Blockchain by Murali VenkateshMurali Venkatesh
 
IT and OT Convergence
IT and OT ConvergenceIT and OT Convergence
IT and OT ConvergenceOpsRamp
 
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...Mavenir
 
What makes blockchain secure: Key Characteristics & Security Architecture
What makes blockchain secure: Key Characteristics & Security ArchitectureWhat makes blockchain secure: Key Characteristics & Security Architecture
What makes blockchain secure: Key Characteristics & Security ArchitectureEC-Council
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityKevin Cedeño, CISM, CISA
 
IoT vs IIoT vs Industry 4.0
IoT vs IIoT vs Industry 4.0IoT vs IIoT vs Industry 4.0
IoT vs IIoT vs Industry 4.0SMACAR Solutions
 
NB-IoT technology RuseConf 2019
NB-IoT technology RuseConf 2019NB-IoT technology RuseConf 2019
NB-IoT technology RuseConf 2019Olimex Bulgaria
 
Lorawan: What you need to know
Lorawan: What you need to knowLorawan: What you need to know
Lorawan: What you need to knowPaul Coomans
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber securityPrateek Panda
 
IoT Meets the Cloud: The Origins of Edge Computing
IoT Meets the Cloud:  The Origins of Edge ComputingIoT Meets the Cloud:  The Origins of Edge Computing
IoT Meets the Cloud: The Origins of Edge ComputingMaria Gorlatova
 
Webinar digitally transforming healthcare with blockchain
Webinar   digitally transforming healthcare with blockchainWebinar   digitally transforming healthcare with blockchain
Webinar digitally transforming healthcare with blockchainKaleido
 
How do private transactions work on Quorum
How do private transactions work on QuorumHow do private transactions work on Quorum
How do private transactions work on QuorumChainstack
 
Cloud Readiness Index 2016 by the Asia Cloud Computing Association
Cloud Readiness Index 2016 by the Asia Cloud Computing AssociationCloud Readiness Index 2016 by the Asia Cloud Computing Association
Cloud Readiness Index 2016 by the Asia Cloud Computing Associationaccacloud
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 

What's hot (20)

Trends in IIoT and OT Security
Trends in IIoT and OT SecurityTrends in IIoT and OT Security
Trends in IIoT and OT Security
 
IBM TradeLens.pptx
IBM TradeLens.pptxIBM TradeLens.pptx
IBM TradeLens.pptx
 
Future of supply chain using 5G, IoT and Blockchain by Murali Venkatesh
Future of supply chain using 5G, IoT and Blockchain by Murali VenkateshFuture of supply chain using 5G, IoT and Blockchain by Murali Venkatesh
Future of supply chain using 5G, IoT and Blockchain by Murali Venkatesh
 
Hyperledger Fabric
Hyperledger FabricHyperledger Fabric
Hyperledger Fabric
 
IT and OT Convergence
IT and OT ConvergenceIT and OT Convergence
IT and OT Convergence
 
LPWA network
LPWA networkLPWA network
LPWA network
 
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...
 
What makes blockchain secure: Key Characteristics & Security Architecture
What makes blockchain secure: Key Characteristics & Security ArchitectureWhat makes blockchain secure: Key Characteristics & Security Architecture
What makes blockchain secure: Key Characteristics & Security Architecture
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of Cybersecurity
 
IoT vs IIoT vs Industry 4.0
IoT vs IIoT vs Industry 4.0IoT vs IIoT vs Industry 4.0
IoT vs IIoT vs Industry 4.0
 
NB-IoT technology RuseConf 2019
NB-IoT technology RuseConf 2019NB-IoT technology RuseConf 2019
NB-IoT technology RuseConf 2019
 
Lorawan: What you need to know
Lorawan: What you need to knowLorawan: What you need to know
Lorawan: What you need to know
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
 
IoT Meets the Cloud: The Origins of Edge Computing
IoT Meets the Cloud:  The Origins of Edge ComputingIoT Meets the Cloud:  The Origins of Edge Computing
IoT Meets the Cloud: The Origins of Edge Computing
 
Webinar digitally transforming healthcare with blockchain
Webinar   digitally transforming healthcare with blockchainWebinar   digitally transforming healthcare with blockchain
Webinar digitally transforming healthcare with blockchain
 
How do private transactions work on Quorum
How do private transactions work on QuorumHow do private transactions work on Quorum
How do private transactions work on Quorum
 
Cloud Readiness Index 2016 by the Asia Cloud Computing Association
Cloud Readiness Index 2016 by the Asia Cloud Computing AssociationCloud Readiness Index 2016 by the Asia Cloud Computing Association
Cloud Readiness Index 2016 by the Asia Cloud Computing Association
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain concepts
 

Similar to IIoT Endpoint Security

IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...team-WIBU
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT ImplementationsTechWell
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentMark Szewczul, CISSP
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
The Subversive Six: Hidden Risk Points in ICS
The Subversive Six: Hidden Risk Points in ICSThe Subversive Six: Hidden Risk Points in ICS
The Subversive Six: Hidden Risk Points in ICSTripwire
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsMario Drobics
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11Irsandi Hasan
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalSyam Madanapalli
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11Irsandi Hasan
 

Similar to IIoT Endpoint Security (20)

IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
Protecting IIoT Endpoints - an inside look at the Industrial Internet Securit...
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
ASDF WSS 2014 Keynote Speech 1
ASDF WSS 2014 Keynote Speech 1ASDF WSS 2014 Keynote Speech 1
ASDF WSS 2014 Keynote Speech 1
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
 
IoT security
IoT securityIoT security
IoT security
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT Implementations
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product Development
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
The Subversive Six: Hidden Risk Points in ICS
The Subversive Six: Hidden Risk Points in ICSThe Subversive Six: Hidden Risk Points in ICS
The Subversive Six: Hidden Risk Points in ICS
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11CCNA RS_ITN - Chapter 11
CCNA RS_ITN - Chapter 11
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
 

More from Industrial Internet Consortium

More from Industrial Internet Consortium (9)

DER Integration Testbed at a Glance
DER Integration Testbed at a GlanceDER Integration Testbed at a Glance
DER Integration Testbed at a Glance
 
Smart Manufacturing Connectivity for Brown-field Sensors Testbed at a glance
Smart Manufacturing Connectivity for Brown-field Sensors Testbed at a glanceSmart Manufacturing Connectivity for Brown-field Sensors Testbed at a glance
Smart Manufacturing Connectivity for Brown-field Sensors Testbed at a glance
 
How to Lead in IIoT
How to Lead in IIoTHow to Lead in IIoT
How to Lead in IIoT
 
Smart Factory Web Testbed at a Glance
Smart Factory Web Testbed at a GlanceSmart Factory Web Testbed at a Glance
Smart Factory Web Testbed at a Glance
 
Year in Review - IIC's Greatest Hits 2017
Year in Review - IIC's Greatest Hits 2017Year in Review - IIC's Greatest Hits 2017
Year in Review - IIC's Greatest Hits 2017
 
Intelligent Urban Water Supply Testbed at a Glance
Intelligent Urban Water Supply Testbed at a Glance Intelligent Urban Water Supply Testbed at a Glance
Intelligent Urban Water Supply Testbed at a Glance
 
Time Sensitive Networking Testbed at a Glance
Time Sensitive Networking Testbed at a GlanceTime Sensitive Networking Testbed at a Glance
Time Sensitive Networking Testbed at a Glance
 
Microgrid Testbed at a Glance
Microgrid Testbed at a GlanceMicrogrid Testbed at a Glance
Microgrid Testbed at a Glance
 
IIC's Top 10 Accomplishments 2016
IIC's Top 10 Accomplishments 2016IIC's Top 10 Accomplishments 2016
IIC's Top 10 Accomplishments 2016
 

Recently uploaded

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Recently uploaded (20)

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

IIoT Endpoint Security

  • 1. IIoT Endpoint Security – The Model in Practice February 22, 2017 Industrial Internet Security Framework #IICSeries
  • 2. Guest Speakers 2 MARCELLUS BUCHHEIT President and CEO, Wibu-Systems USA Editor, Industrial Internet Consortium Security Framework @WibuSystems TERRENCE BARR Head of Solutions Engineering, Electric Imp, Inc. @electricimp
  • 3. Motivation Unprotected devices in internet are dangerous! They can be used to: • Intrude into local networks: stealing or deleting private data • Block or alter websites or internet communication • Upload viruses and start Denial-of-Service (DoS) attacks Additional for IIoT: • Shut down public or private services (electricity, water, sewer etc.) • Prevent commercial usage (production, hospitals, hotels, PoS etc.), • Damage or destroy industrial installations or produced parts 3
  • 4. Motivation Unprotected devices problematic for component manufacturer • Example: FTC charges D-Link for unsecure routers and IP cameras • https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk- due-inadequate Unprotected devices problematic for users/operators • Example: Point-of-Sale (POS) attack at Target end of 2013 • 40 million credit cards and 70 million addresses stolen • Target paid $50M+ for settlements • http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ 4
  • 5. A few words about Wibu-Systems • Wibu-Systems was founded in 1989 in Germany • Global company targeting secure software licensing • Offer security and licensing solutions for IIoT systems and devices • More about the company: www.wibu.com • More about the key product: http://www.wibu.com/codemeter • More about IIoT security: http://www.wibu.com/embedded-software- security • And since 2015 member of the Industrial Internet Consortium (IIC) 5
  • 6. About the IIC Industrial Internet Consortium Security Webinar February 22, 2017 Kathy Walsh, walsh@iiconsortium.org Director of Marketing
  • 7. The Industrial Internet is Leading the Next Economic Revolution 7GDP data extracted from the Futurist 2007
  • 8. Bring Together the Players to Accelerate Adoption 8 Connectivity Standards Technology Research Academia Systems Integration Security Government Big Data Industries The Industrial Internet: A $32 trillion opportunity
  • 9. The IIC: Things are Coming Together 9 Things are coming together. Academia Standards Research Systems Integration Government IndustriesConnectivity Technology Big Data Security
  • 10. The Industrial Internet Consortium is a global, member supported organization that promotes the accelerated growth of the Industrial Internet of Things by coordinating ecosystem initiatives to securely connect, control and integrate assets and systems of assets with people, processes and data using common architectures, interoperability and open standards to deliver transformational business and societal outcomes across industries and public infrastructure. Launched in March 2014 by five founding members: AT&T, Cisco, General Electric, IBM & Intel. The IIC is an open, neutral “sandbox” where industry, academia and government meet to collaborate, innovate and enable. Industrial Internet Consortium Mission Over 250 Member Organizations Spanning 30 Countries
  • 11. Securing IIoT Endpoints -- The Model Industrial Internet Consortium Security Webinar February 22, 2017 Marcellus Buchheit, mabu@wibu.com Wibu-Systems USA Inc.
  • 12. Overview What is an endpoint? Why endpoint security? Security functions of an endpoint Implementing endpoint security 12
  • 13. What is an Endpoint? 13 The IIoT Landscape: Where are Endpoints? E P E PE P E P E P E P E P
  • 14. What is an Endpoint (II)? IISF and IIC defines endpoints similar as ISO/IEC 24791-1:2010 standard does: • An endpoint is one of two components that either implements and exposes an interface to other components or uses the interface of another component. 14 IIC simplified this definition (see IIC Vocabulary, version 2.0): • An endpoint is a component that has an interface for network communication.… but added a note for clarification: • An endpoint can be of various types including device endpoint or an endpoint that provides cloud connectivity. Endpoint 1 Endpoint 2 Communication
  • 15. What is an Endpoint (III)? 15 The IIoT Landscape: Endpoints are everywhere! E P E PE P E P E P E P E P
  • 16. What is an Endpoint (IV)? Summary: • Endpoints are everywhere in an IIoT System (including edge and cloud) • One single (security) model for all locations • A single computer, even a device, can have several endpoints • Example Router: One LAN endpoint, one WAN endpoint • Frequently shared code/data between multiple endpoints • Endpoint and its communication is another model 16
  • 17. Why endpoint security? Endpoints are the only location in an IIoT system where: • Execution code is stored, started and updated • Data is stored, modified or applied (“Data at Rest” / “Data in Use“) • Communication to another endpoint is initiated and protected • Network security is analyzed, configured, monitored and managed 17 Result: An attack to an IIoT system typically starts in attacking one or more endpoints: • Try to access the execution code and analyze to find weak security implementation • Attack weak communication protection via network • Modify or replace (“hijack”) the execution code in a malicious way
  • 19. Threats and Vulnerabilities to an IIoT Endpoint 19 1. Hardware components 2/3. Boot process 4. Operating System 5. Hypervisor/Sep. Kernel 6. Non-OS Applications 7. Applications and their API 8. Runtime Environment 9. Containers 10. Deployment 11. Data at Rest, Data in Use 12. Monitoring/Analysis 13. Configuration/Management 14. Security Model/Policy 15. Development Environment
  • 20. Endpoint security: Solutions • Start with a clean design of the security model and policies • Define endpoint identity, authorization, authentication • How other endpoints see me? What can they do with me? • Define proper data protection model • Integrity and confidentiality, especially of shared data-in-rest but also data-in- use • Define secure hardware, BIOS, roots of trust • Includes lifetime of hardware, BIOS update, consistent root of trust • Select secure OS, hypervisor, programming language • Consider lifetime of (open source?), dynamic of programming language • Consider isolation principles (4 different models explained in IISF) • Plan remote code update and provide code integrity • Security has an unspecific expiration date: needs update • Code integrity prevents malicious remote code-hijacking 20
  • 21. Endpoint security: Solutions (II) • Plan “beyond the basics” security instantly • Plan security configuration and management • For example: defining, replacing and updating of keys and certificates • User-friendly setting of access rights and authorization • Plan endpoint monitoring and analysis • For example: log all security configuration changes • Log all unexpected remote activity • Provide user-friendly analysis, alerts etc. • Implement “state of the art”: • Have a team of experienced security implementers • Use latest versions of development tools, OS, hypervisors, libraries • Test a lot, including malicious attacks • Prepare and test your first remote update 21
  • 22. Endpoint Security in Practice Example which implements this endpoint security model in practice: Terrence Barr, Electric Imp 22
  • 23. Securing IIoT Endpoints -- In Practice Industrial Internet Consortium Security Webinar February 22, 2017 Terrence Barr, terrence@electricimp.com Head of Solutions Engineering
  • 25. Electric Imp Industrial-strength IoT starts here Secure IoT Connectivity Platform Authorized Hardware for connected devices impOS™ and hardware impCloud™ imp Enterprise API’s BlinkUp™ & impFactory™ impSecure™ Proven IoT Deployments at Scale • 2016: surpassed 1 Million WiFi/Ethernet devices • 18B+ data messages per month • 100+ customers; 105+ countries Full Lifecycle, Trusted Security • Passed security review and pen-testing: • In process: UL 2900-2-2: Cybersecurity Certification for Industrial Controls plus first Affiliate program • Aligned with IIC Security Framework Fastest Prototype-to-Production • 5 months for GE connected air conditioner
  • 27. Endpoint Security: Part of Integrated and Managed Security Silicon-to-Cloud Security – Defense in Depth & Defense in Time 7. Full Lifecycle Managed Services 1. Edge Device Security incl. Secure Silicon & Managed Software 4. Secure Communication via Managed Tunnel 3. Trusted Manufacture & Commissioning 6. Secure Cloud and Application Integration 2. Data Privacy, Integrity & Confidentiality 5. Protected Public & Private Cloud
  • 28. IISF Endpoint Protection Techniques Electric Imp Implementation Protecting Endpoints: General Endpoint protection from the silicon upwards, every level tightly integrated and tested for full coverage of security objective and no weak links Architectural Considerations for Protecting Endpoints Designed from the ground up for resource-constrained IoT devices and real-world use cases and proven in large-scale customer deployments Endpoint Physical Security Disabled hardware interfaces, tampering destroys individual module Establish Roots of Trust Unique per-device keys, secure provisioning via cloud device management Endpoint Identity One-Time-Programming at module manufacturing time Endpoint Access Control Mutual authentication with RSA certificates and ECC challenge- response Endpoint Integrity Protection HSM protected keys, secure boot, non-execution barriers with cloud alerts Endpoint Data Protection All processing on-die, all off-die storage with device-unique encryption. TLS 1.2, AES-128, EDH forward secrecy. Endpoint Monitoring and Analysis Extensive monitoring of security-sensitive operations Endpoint Configuration and Management Endpoints managed, configured, and provisioned from the impCloud, all updates signed, encrypted, and logged © Property of Electric Imp, Inc. CONFIDENTIAL – NOT FOR DISTRIBUTION
  • 30. • Replace analogue lines • Customer delight exceeds expectations • Recognized as Business Transformation success story 1.5M Customers worldwide Security for regulated markets Reduce service calls by 20% © Property of Electric Imp, Inc. CONFIDENTIAL – NOT FOR DISTRIBUTION ROI – Payback in 45 days on connectivity costs alone
  • 31. impSecureTM: Integrated Silicon-to-Cloud Security and Connectivity managed by Electric Imp ‘Drop-In’ Postage Meter Retrofit: Device-to-Cloud Security and Connectivity imp Application Module impOSTM Meter Integration Code Virtual Machine paired Virtual Machine Cloud Meter Code Cloud Integration Code Operations & Device Lifecycle Management Cloud Services Electric Imp Managed Cloud USB Commerce Cloud Device-paired Virtual Machines Scalable to millions of devices No changes to meter No changes to cloud Audited and Tested Meets Postal and Government Security Requirements WiFi Ethernet IP tunnel &imp
  • 33. Integrated Security Platform: Customer Benefits Leverage Proven Solution • Build on tested and trusted security at a platform level Isolation of Security Concerns • Minimize time-to-market and risk of security mistakes Integrated, Silicon to Cloud Security • No weak links, even devices exposed in the field for many years Managed Security as a Service • Offload headache of ongoing security monitoring and maintenance Qualify once, reuse many times • Enable rapid, low-risk multi-product IoT strategy
  • 34. ® Transforming the world through the power of secure connectivity
  • 35. Thank you! 35 Things are coming together. Community. Collaboration. Convergence. www.iiconsortium.org Additional Resources available as attachments • Industrial Internet Security Framework • Security Claims Evaluation Testbeds • White Paper: Business Viewpoint of Securing the Industrial Internet • Upcoming Webinars: • March 30, 2017 Building Blocks for Securing the Smart Factory • April, 2017 TBD

Editor's Notes

  1. Thank you, Marcellus. As an introduction to the Industrial Internet Consortuim, let‘s have a little bit of history. Around 1840 we had the Industrial Revolution with its steam power locamotives and factory machines which created enormous disruption in jobs worldwide; There was a jump in productivity as human energy & muscle moved to machine muscle. The jump in productivity was huge – a 2.5 to 4.0 times increase, not percentage, times increase in productivity. Initially, jobs were lost but because of the huge leap in productivity, there was a huge leap in consumer demand which led to more jobs created. Far more jobs were created than lost. We saw this happen again 100 years later with the Internet Revolution. The Internet Revolution was the movement from human connectivity to machine connectivity. Again we saw productivity increase between 2.5 and 4 times. And again saw disruption. Again, new jobs were created. We know this is going to happen again. Where this is going to happen is in the application of internet technologies to the industries that have traditionally had no impact of internet technology on those industries. Again, we think you will see a large leap in productivity which will lead to a large leap in consumer demand and a large leap in job creation. But, it will be disruptive and it is hard to know what those disruptions will be.
  2. There is a real problem in figuring out how we use internet technologies in those industries that have essentially been untouched by this interent technology. So what we need to do is bring together the players in that world. The standards people, the manufacturers, banks, healthcare companies, technology providers, research organizations and universities to figure out: what are the standards we need, what are the priorities for those standards, what are the best practices, how do we hire people, how do we reskill, what products do we need, How do we secure our networks that were originally designed to be isolated but are now exposed to continuous attacks of ever-increasing sophistication How do we address the unprecedented increases in risks to plant personnel, to society and the environment at large, as well as to the businesses which operate industrial processes With the proliferation of connected devices, how do we protect against error, mischance and malicious intent? All of these questions represent the challenges of applying internet technologies to industries that have essentially been untouched by interent technology.
  3. That is essentially what the Industrial Internet Consortium is all about. That is why we call it the Industrial Internet - the application of IoT to industrial. And this is why we have a made it a priority to build, together a safe, reliable and secure Industrial Internet. Through testbeds, through reference architectures, through the Industrial Internet Security Framework.
  4. This is our mission statement, with 2 key phrases highlighted in red: Coordinating ecosystem initiatives – creating an ecosystem of small and large industry players, academia and government organizations. We have hundreds of companies from dozens of countries working together to figure this out. Transformational business and societal outcomes – what is the impact on all of these industries; In March of 2014 our founders came together and said let’s work together to learn how to apply internet technologies to industry because our industries are going to be disrupted. Rather than be disrupted, we will lead the disruption to deliver the transformational business and societal outcomes across industries and public infrastructure. With that, I will turn it back over to Jesus and Dan.
  5. Analogue lines from AT&T start at $60/month.