Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Society / IoT Campaign Videos / 20 Nov 2018
Internet Society / IoT Campaign Videos / 20 Nov 2018
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: 1 Intro to Iot Community Rev4

Description

No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).

A

Hi and welcome to the introduction to the Internet of Things trust by design I'm Jeff Wilber I'm, the technical director of the online trust Alliance initiative at the Internet Society. So why are you here?

A

Maybe you're someone who's already involved heavily with IOT, and you have influence in that area with manufacturers with policy makers with technologists, and you want to learn what we're trying to accomplish in IOT, maybe you're a chapter member who's been involved with Internet Society for years, and you want to know what are we doing about IOT and how can you help or maybe you're just a general fan of the Internet or you're curious about IOT, and you want to understand more, regardless of which category you fall in welcome.

A

We want to help you understand more about IOT its risks and how we can address them. So why are we all here? It's because billions of devices are being attached to the Internet and they're being thrown out into the market without sufficient security and privacy and a bigger issue is that consumers don't even know about it? So, what's the big idea here, we just talked about the risks introduced by insecure IOT devices. Well, we've developed an IOT x' trust framework that addresses these risks and we want you to know more about it.

A

We need your help to raise awareness about this framework within your network of influence and we'd. Also like you to understand the asks or what we want from each of our target audiences and we'll walk through that later in the presentation. Why are we doing this? What's the payoff, if we all get involved, we'll have safer Internet of Things and ultimately a safer internet for everyone, so, depending on your level of exposure to our campaign so far, you may have some questions already, may even ask what is IOT and what are these risks?

A

How does the trust framework address them and how can I help and we'll go into each of these in more detail? So before we get going here, let's just rewind a bit and make sure we all understand the basics. What is IOT? It stands for Internet of Things and, while most people think of it as the smart things in their homes or their fitness trackers, it really has three major components: there are the devices themselves.

A

There are back-end services where data is stored and your accounts are controlled and then they're, usually mobile, apps or platforms that can help visualize. What's going on and control the devices. So really an Internet of Things system is made up of all three of these components. Why is it so popular these days? You hear about it just about everywhere. You go well there, a variety of reasons. Some are for convenience. I can see.

A

What's going into my house when I'm, not there, I can turn things on and off remotely and I may what get better insight into? What's going on in my house, for instance, energy efficiency? So what are some examples? I'm sure you've heard of many of these smart speakers are very hot. These days with the Amazon echo and Google home products, smart thermostats, like the nest thermostat that can automatically learn your habits and help you be more energy, efficient, fitness, trackers, smart locks, garage door openers.

A

Now we have smart appliances just about anything you can think of, as can now be attached to the Internet, so you might be wondering is IOT an opportunity or a threat. A lot of people I talk to you think it's both it's growing like crazy because of the benefits it has. It's predicted that 35 billion devices will exist out there by 2022, and yet many of them have security and privacy weaknesses that can be easily hacked. So let's do a level set here with some basic definitions at a very basic level.

A

Privacy is about what data is collected, who has access to it and what they're doing with it? But it goes beyond the data itself. If someone want to gain access to the system and monitor you and violate your privacy in some other way, security has a data element to it as well.

A

Is your data being protected throughout the entire system so that people cannot gain unauthorized access to it, but it also has to do with unauthorized control of your system where they might use it to gain access to something else on your home network or even use it to attack other systems on the internet. So the real problem comes in when we try to answer these sobering questions, what can a KERS really do? Can they spy on me? Can my devices be used to attack the Internet I'll? Give you a little bit of perspective.

A

The risks for consumers would range from something annoying like they can mess with your TV channels or the volume of your music too creepy, where they're spying on you either audio or video, and you may not know about it to some kind of digital theft where they get access to your private information in your home to actual physical harm they break in through your smart locks. They can cause your appliances to power cycle and start a fire or maybe turn off your smoke. Alarms.

A

We've even see this go to the point where connected toys were banned. In Germany last holiday season are taken off the shelves earlier this year in the u.s., because the Bluetooth connections were not secured and anyone could monitor what was going on with the child or even speak to the child through the toy and lure them to the door.

A

There's a wide range of risks that are very serious, there's also the risk that IOT devices can actually be used to attack the Internet itself, like we saw in late 2016 with the Mirai botnet, unsecured security cameras were used to bring down part of the infrastructure of the Internet, so we want to prevent all this. Can this be solved? That's what the trust framework is all about, so in addressing these issues, it's pretty obvious that we need to look at the security and privacy characteristics of products, but maybe what's not so obvious.

A

Are these two other issues? When is the lifecycle of these products? A lot of them have long lives. Think of appliances in your home, a garage door opener. They may have a useful life of 10 or 20 years you're in a home with many connected devices. You sell that home. How do you transfer all those accounts and control of all those devices to the new homeowner? These are all things that needed to be taken into account in the IOT world that aren't in the traditional IT world of security and privacy.

A

The other is looking at the entire system comprehensively. We looked at that diagram earlier. It had a device, but it also had back-end services in the cloud and apps that control the entire system. We need to make sure that all of those have good security and privacy characteristics as well, not just the devices.

A

So I've already mentioned this trust framework a few times again, just a level set. What is a framework generic definition set of guiding principles that form a structure or a plan, and that's exactly what we've done: we've created a framework that has 40 guiding principles and, if they're implemented properly, they address these risks. We've talked about and we have taken into account the entire range of security, privacy and life cycle, as I talked about earlier, and we are looking at the entire system.

A

The goal here is to have a set of guidelines that can reduce risk as much as possible in these products as they're released to market. You might be thinking what are some examples of these principles. Well, I'll just pick a few that, if they were applied, would significantly reduce risk out there number one avoid hard-coded passwords, believe it or not. Many products shipped with hard-coded passwords that can't be changed. Bad guys learn what they are, and suddenly those devices are vulnerable either to the users of those devices or being used to attack the internet itself.

A

Many of the devices shipped today don't allow for software updates. How can you do security patches if you can't update the software and finally, a lot of products are pulled together from different pieces and parts thrown together and rushed out to market, and they have major vulnerabilities in their software stacks. We want to make sure that none of the products shipped with known, significant vulnerabilities and that they can be updated if they're found later on. These are just a few examples of the many principles in the framework.

A

So, who are we trying to reach with this framework? There's a wide variety of audiences- and you can see them here point here- is that we all share the risks in this, and everyone needs to play their part: the manufacturers, the people who resell and distribute those products, policymakers, consumer testing organizations that can have great influence over consumer buying habits and knowledge, and then consumers and enterprises themselves. If everyone steps up becomes more aware of the security and privacy risks demands that it be more available in the market, we all win.

A

We end up with a safer IOT and a safer internet. So what are we asking each target audience to do for manufacturers? We are asking that they design and deliver products that comply with the trust framework and commit to this publicly. This will help raise awareness for the issue and create momentum for improved security and privacy. Resellers can use the framework as a filter to decide what products to carry so they can ask their vendors.

A

Do you do these things representative, the framework and we'd like to see a public commitment there as well, where consumer organizations are asking that they go beyond traditional price and functionality, reviews and incorporate security and privacy as criteria for IOT products? This will raise awareness of these issues and help consumers make informed decisions about these products and, finally, for policy makers. They can use the framework principles as guidelines to understand what proper levels of security and privacy are for IOT offerings and help shape policy in that area.

A

Well, we've covered IOT and the risks associated with it. We've covered the trust framework and how it addresses those risks. So now we want to talk about next steps and you may have some questions. What should I do now? Do you have some resources to help me out and who should I contact if I have questions? So, let's get you started as a trust framework ambassador at your next meeting or conference, raise awareness of IOT its risks and how the trust framework addresses them. You can do this in all of your areas of influence.

A

We have two main areas for you: that host resources for more information on IOT. The first is internet society, org, slash IOT, where we have a number of papers and other resources, and it will be continually updated over time. We also have more details about the trust framework at the link shown here.

A

You should also know that this is a first in a series of videos for our community, so we have others that go further into what the trust framework is, and then we have one specifically for each of the main audiences reaching out to manufacturers and resellers reaching out to policy makers or reaching out to consumer organizations. So if you have an interest in any of those areas or want to learn more, you can reference those videos.

A

Finally, if you have any questions or feedback for us about this information, please contact us via email at iot info at org. Thank you for your time and attention. This ends the training on the introduction to IOT and the trust framework. We look forward to hearing from you about the great interactions you've had in becoming an ambassador for the trust framework.