Mission-Critical IoT Security—a 20/20 Perspective (E22b)
There is an ever-growing population of IoT devices finding their way into the Department of Homeland Security’s (DHS) designated critical infrastructure ecosystems. The rich data from these devices drive next-generation digital business systems and operational ecosystems. The most sophisticated systems go well beyond simple analytics and monitoring and employ advanced AI techniques to understand, simulate, and predict outcomes based on data. These predicted outcomes are used to operate, monitor, and control critical infrastructure that can affect every citizen (water, electricity, communications, dams, defense systems, food and agriculture, and more). 25 billion IoT endpoints are feeding data into scores of digital twins that interact and exchange data – the potential attack surface and unfathomable consequences are beyond worrisome. This presentation takes a look into what roles Common Criteria and FIPS validation play in helping secure these Mission-Critical IoT Ecosystems against purposeful attacks, that in some cases, are lead by nation-states. We also look at additional security measures that significantly deter would-be attackers of these IoT devices. While not a direct follow-up to last year, this presentation is in response to active discussions after the presentation and follow-up email and phone conversations concerning embedded device/IoT security and Mission Critical ecosystems.