Protecting Your Organization from Cyber-Physical Attacks

SIA Education@ISC West Course

IoT poses huge security and privacy challenges to individuals and businesses. Technical measures, deployed at the endpoint, in the network, and on connected devices are necessary — but not sufficient to secure these extensions.

Attackers exploit code defects, architectural lapses, environmental shortcomings, and human behavior. Therefore, our response must cover many dimensions. Code quality remains problematic. Architectural review must cross disciplines as silos invite gaps in understanding. Designers must assess context and regulatory assumptions. Awareness and training address half of the human behavior problem. Poor user design drives people to impede progress and delay work, trading off security against productivity. This runs against human nature and supports attackers.

Utilizing wide-ranging examples from smart buildings, smart ports, and smart cars to connected home and office devices, we will examine attack modes and effective layered protection. The session will then outline four methods for governing behavior – a mix of social pressure, financial sanctions, laws, and architecture and reveal the secret to using a mix of these methods when developing an effective IoT security strategy. Attendees will hear best practices they can use to implement the right mix of policy, architecture, regulation, and technology to keep their organizations secure.