VOITTAVA KYBERSTRATEGIA Jarno Limnéll
Transcription
VOITTAVA KYBERSTRATEGIA Jarno Limnéll
What the Rise of Industrial Internet Means for Cyber Security? Jarno Limnéll Professor, Cyber Security Aalto University @JarnoLim Technology is developing faster than security: Industrial Internet of Threats? Intellectual challenge to minds and machines SECURITY ENVIRONMENT – PHYSICAL AND DIGITAL – IS MORE UNCERTAIN, DYNAMIC AND MORE DEMANDING THAN EVER The Challenge – one example 1 trillion Sensors, devices Apps 50B 1B 2010 2020 2035 There are usually two wrong premises in cyber security. Cybersecurity is enabler – protecting all the good things that cyber insecurity can prevent us doing. But yes – lack of security can be a “show stopper” to Industrial Internet. Industrial Internet will rise or fall because of security. Security cannot be an after thought Too strong technological-orientated approach to cyber security GUIDANCE Cybersecurity is primarily a strategic issue Biggest security challenge in IIoT: Holistic approach Succeeding in the IIoT era will depend on defining and deploying not only the right cybersecurity technologies, but also the right policies and operations. And people. Tietotekniikka, tietoturva, tietosuoja, tietoliikenneverkko, tietoteollisuus, verkkorikollinen, digitalisointi, haittaohjelma, verkkoterrorismi... 1980 1990 2000 KYBER Strategy 2010 2013 “Cyber” appeared 2010 Institutionalised 2013-2014 Concepts are unstable Kyberturvallisuuden kokonaisuus Functional security Continuity Management – Anticipation – Perception Securing information Confidentiality – Integrity – Availability Privacy Cyber security = Security of the digital domain. Megatrend: Digital and physical security more integrated 13 Framework of Security, connecting Physical and Cyber Domains Appears Cyber DDoS-attack Physical attacks in data centers or telecom cables Implementation Cyber Implementation Physical Prevention or changing the functionalities in control systems Kinetic cyber Appears Physical Eliminating skilled people Key elements of the Industrial Internet Intelligent Machines and Sensors Advanced Analytics People at work The concept is simple: making industrial machines smarter, through the adoption of sensors, software and big data analytics. Why Industrial Internet requires new thinking about cyber security? Mainly because of the huge level of data sharing involved – to address access to and deployment of this shared data. Who are the bad guys – and their motivation? Security in Industrial Internet is multi-layered strategy encompassing people, processes, devices, sensors, machines, systems and networks. Complicated manifold – many subcontractors. All from the same hatch (integration): Automation, analytics, education, cybersecurity… To whom you can trust? Building the defense inside and outside of the walls. Even if you have… Realized that you are a target Done everything by the book Had acknowledged that raising awareness of all IT system users around cyber security is essential. The cyber security team feel confident that all systems are protected… Smart players in the field are moving from a traditional framework of defense to an approach of resilience. The importance of educating people. . McAfee Confidential Thank you! jarno.limnell@aalto.fi twitter: @JarnoLim