[REC] Security For IoT And OT – An Industrial Perspective – Oliver Pfaff (Siemens) at Future-IoT 3rd edition: “IoT meets Security” (2020-10-07)
IoT (Internet-of-Things) as well as OT (Operational Technology) provide distributed cyber-physical systems: they are characterized by network components (sensors/actuators) that interact with real world resources.
Protecting the communications between system components in IoT/OT is fundamental for cybersecurity. Historically, OT relied on physical protection utilizing network segregation/isolation. This approach provides blocking points for new use cases in Digitalization and I4.0. To overcome them, OT protocol stacks e.g. PROFINET need to be enhanced to support information security based on cryptographic techniques. This is different in IoT: the IoT protocol stacks e.g. CoAP-over-UDP emerge in an ecosystem that supports security using cryptographic means since decades. But security for the IP stack and IP-based applications e.g. TLS and OAuth for securing Web applications was designed for the needs of IT (Information Technology). Ideas such as “just use TLS or DTLS” might be false friends in IoT/OT security. This presentation determines whether and to which extent well-known IT-security solutions match IoT/OT needs and identifies the state-of-the-art in security-enabling IoT/OT protocol stacks.
There also is no ‘out-of-nothing’ security: preparatory steps are needed to use cryptography in distributed systems. One example is the supply of initial credentials/keys to system components. IoT/OT has specific challenges with respect to setting-up information security:
- There are components (e.g. field devices) that do not provide side-channel options for provisioning information to them – such means are often used in IT to setup security.
- Users expect a uniform way of security setup when an IoT/OT component uses multiple stacks in parallel – setting-up for security is a cross-cutting concern, silo solutions must be avoided. This presentation sketches blueprints for a uniform handling of preparatory steps for security and considers IoT/OT security initiatives with respect to their potential to avoid or overcome security silos.
This talk was held by Oliver Pfaff (Siemens) at the 3rd edition of the Future IoT PhD school series 2020 under the motto “IoT meets Security”. Future-IoT 2020 introduces to the fascinating world of the Industrial Internet of Things (IoT) and its security challenges.
IoT meets Security recordings:
Monday, Oct 5, 2020 – The Who is Who of IoT Security
- 13h00 Grand Opening, Marc-Oliver Pahl and Nicolas Montavont (IMT/ TUM)
- 13h15 IoT meets Security, Marc-Oliver Pahl (Chaire Cyber CNI) and Lars Wüstrich (TUM)
- 14h15 Business Value through IoT and AI, Niels Thomsen (Atos)
- 15h30 Enhanced Company Resilience through Cybersecurity, Emmanuel Bricard (elm.leblanc)
- 16h30 End-to-End security for IoT constrained devices, Paul Emmanuel Brun (Airbus)
- 18h30 Virtual Strasbourg City Tour, Nicolas Montavont
Tuesday, Oct 6, 2020 – Innovation, transitions, reliability, and experimentation
- 9h00 Culture of Innovation and working backwards process, Asinetta Serban (Amazon Web Services)
- 11h00 Challenges on the way to 4.0, Olivier Presne, Francois Planchot, Cornelia Lux (ArianeGroup)
- 14h00 From best-effort to high-reliability for the Industrial Internet of Things, Fabrice Theoleyre (CNRS)
- 15h00 Presentation IoT Lab, Guillaume Schreiner (Université de Strasbourg)
- 18h30 The Internet – the backbone of our society: Recorded interview with Turing Award winner Vint Cerf and Panel Discussion
Wednesday, Oct 7, 2020 – IoT, OT, you, and the ethics
- 14h00 Security for IoT and OT – An Industrial Perspective, Oliver Pfaff (Siemens)
- 18h30 Discussion on Ethical Decision Making, with recorded talk from Martin Hellmann (Turing Award winner and half of the Diffie-Hellmann key exchange; recorded talk from the Being-Human with Algorithms Symposium 2018 as a world premiere)
- 19h30 Closing Event