future-iot.org

We shape the future of the Internet of Things

[REC] Security For IoT And OT – An Industrial Perspective – Oliver Pfaff (Siemens) at Future-IoT 3rd edition: “IoT meets Security” (2020-10-07)

IoT (Internet-of-Things) as well as OT (Operational Technology) provide distributed cyber-physical systems: they are characterized by network components (sensors/actuators) that interact with real world resources.

Protecting the communications between system components in IoT/OT is fundamental for cybersecurity. Historically, OT relied on physical protection utilizing network segregation/isolation. This approach provides blocking points for new use cases in Digitalization and I4.0. To overcome them, OT protocol stacks e.g. PROFINET need to be enhanced to support information security based on cryptographic techniques. This is different in IoT: the IoT protocol stacks e.g. CoAP-over-UDP emerge in an ecosystem that supports security using cryptographic means since decades. But security for the IP stack and IP-based applications e.g. TLS and OAuth for securing Web applications was designed for the needs of IT (Information Technology). Ideas such as “just use TLS or DTLS” might be false friends in IoT/OT security. This presentation determines whether and to which extent well-known IT-security solutions match IoT/OT needs and identifies the state-of-the-art in security-enabling IoT/OT protocol stacks.

There also is no ‘out-of-nothing’ security: preparatory steps are needed to use cryptography in distributed systems. One example is the supply of initial credentials/keys to system components. IoT/OT has specific challenges with respect to setting-up information security:

  • There are components (e.g. field devices) that do not provide side-channel options for provisioning information to them – such means are often used in IT to setup security.
  • Users expect a uniform way of security setup when an IoT/OT component uses multiple stacks in parallel – setting-up for security is a cross-cutting concern, silo solutions must be avoided. This presentation sketches blueprints for a uniform handling of preparatory steps for security and considers IoT/OT security initiatives with respect to their potential to avoid or overcome security silos.

This talk was held by Oliver Pfaff (Siemens) at the 3rd edition of the Future IoT PhD school series 2020 under the motto “IoT meets Security”. Future-IoT 2020 introduces to the fascinating world of the Industrial Internet of Things (IoT) and its security challenges.

Future-IoT 2020:
IoT meets Security recordings:

* YouTube Playlist

* Trailer

Monday, Oct 5, 2020 – The Who is Who of IoT Security

Tuesday, Oct 6, 2020 – Innovation, transitions, reliability, and experimentation

Wednesday, Oct 7, 2020 – IoT, OT, you, and the ethics

Olivia Pahl

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WP2Social Auto Publish Powered By : XYZScripts.com