FIPS Validation and Mission-Critical IoT Ecosystems (E13a)
Internet of Things (IoT) ecosystems have become increasingly prevalent, fundamentally changing the way we live, work and play. Billions of IoT devices already exist, with hundreds more coming online each second. Many of those devices are destined for the consumer market; however, an ever-growing population are finding their way into the seventeen (17) Department of Homeland Security (DHS) designated critical infrastructure ecosystems. The rich data streams emanating from these IoT devices are driving the next generation of digital business and operational ecosystems. The promised value gained from increased efficiencies, better productivity, and enhanced performance are driven by the use of digital twins, enhanced analytics, combined with supplemental data from third party sources. The most sophisticated systems go well beyond simple analytics and monitoring and employ advanced AI techniques to understand, simulate, and predict outcomes based on data. These predicted outcomes are used to operate, monitor, and control critical infrastructure that can affect every citizen (water, electricity, communications, dams, defense systems, food and agriculture, and more). As an example, the UK is driving the development of a “National Digital Twin†with the idea it will be able to make better IoT-fueled decisions.
What could go wrong? With over 25 billion IoT endpoints feeding data into billions of digital twins that interact and exchange data it would be naive to believe all the data will be perfect (sensor malfunctions, system bias, etc.). However, what if some rich data streams from IoT devices are intentionally manipulated, modified, cloned or even deleted? The results could be disastrous. The potential attack surface and unfathomable consequences are beyond worrisome.
This presentation takes a deeper look into the use and risks of IoT ecosystems in DHS critical infrastructure ecosystems, digital twins and the data that drives them, and how FIPS validation helps reduce risk. We also take a brief look into the state of procurement for IoT in these vertical ecosystems.