IoT security - 2020-11-17

@ Luxinnovation

PRESENTATION OUTLINE

New technologies, old risks, IoT (in-)security

Outlook to a smart (and secure?) future

Take sensors, micro-controllers...
put them into "normal" objects (umbrellas, dolls, fridges...)
and connect them to the Internet!

Photo by POLISEA

Major Risks

  • account hijack
  • data/privacy abuse
  • interception/surveillance
  • rogue/“zombie” devices
  • supply chain/SDLC compromise
  • massive botnets (e.g. DDoS)
  • physical attacks
  • human casualty

smart medical devices

Photo by Arenamontanus

Recommendations (user)

  • strong password security
  • software/firmware updates
  • network segmentation and filtering
  • physical security
  • check contracts, terms and conditions
  • ! if you don't need it don't use it !

Recommendations (provider)

  • security by design
  • sound data collection/mgmt
  • supply chain integrity
  • check third party software
  • comprehensive testing
  • security by default
  • sound patch policy and process
  • comprehensive documentation
  • leverage on standards and good practice

National awareness campaign

Luxembourg 2020-2021

Thank you for your attention

Pascal Steichen
happy to share experiences and best practice of our campaign