Book Image

Practical Internet of Things Security

By : Drew Van Duren, Brian Russell
Book Image

Practical Internet of Things Security

By: Drew Van Duren, Brian Russell

Overview of this book

With the advent of Internet of Things (IoT), businesses will be faced with defending against new types of threats. The business ecosystem now includes cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces, a desire to share information with many stakeholders and a need to take action quickly based on large quantities of collected data. . It therefore becomes critical to ensure that cyber security threats are contained to a minimum when implementing new IoT services and solutions. . The interconnectivity of people, devices, and companies raises stakes to a new level as computing and action become even more mobile, everything becomes connected to the cloud, and infrastructure is strained to securely manage the billions of devices that will connect us all to the IoT. This book shows you how to implement cyber-security solutions, IoT design best practices and risk mitigation methodologies to address device and infrastructure threats to IoT solutions. This book will take readers on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architect and deploy a secure IoT in your Enterprise. The book will showcase how the IoT is implemented in early-adopting industries and describe how lessons can be learned and shared across diverse industries to support a secure IoT.

Related Content you might be interested in

Current Title:

Small book image
Practical Internet of Things Security
Drew Van Duren | Brian Russell
Jun, 2016 | 336 pages
No titles found
Table of Contents (17 chapters)
Practical Internet of Things Security
Practical Internet of Things Security
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
A Brave New World
A Brave New World
Defining the IoT
Why cross-industry collaboration is vital
IoT uses today
The IoT in the enterprise
The IoT of the future and the need to secure
Summary
2
Vulnerabilities, Attacks, and Countermeasures
Vulnerabilities, Attacks, and Countermeasures
Primer on threats, vulnerability, and risks (TVR)
Primer on attacks and countermeasures
Today's IoT attacks
Lessons learned and systematic approaches
Summary
3
Security Engineering for IoT Development
Security Engineering for IoT Development
Building security in to design and development
Secure design
Summary
4
The IoT Security Lifecycle
The IoT Security Lifecycle
The secure IoT system implementation lifecycle
Summary
5
Cryptographic Fundamentals for IoT Security Engineering
Cryptographic Fundamentals for IoT Security Engineering
Cryptography and its role in securing the IoT
Cryptographic module principles
Cryptographic key management fundamentals
Examining cryptographic controls for IoT protocols
Future directions of the IoT and cryptography
Summary
6
Identity and Access Management Solutions for the IoT
Identity and Access Management Solutions for the IoT
An introduction to identity and access management for the IoT
The identity lifecycle
Authentication credentials
IoT IAM infrastructure
Authorization and access control
Summary
7
Mitigating IoT Privacy Concerns
Mitigating IoT Privacy Concerns
Privacy challenges introduced by the IoT
Guide to performing an IoT PIA
PbD principles
Privacy engineering recommendations
Summary
8
Setting Up a Compliance Monitoring Program for the IoT
Setting Up a Compliance Monitoring Program for the IoT
IoT compliance
A complex compliance environment
Summary
9
Cloud Security for the IoT
Cloud Security for the IoT
Cloud services and the IoT
Exploring cloud service provider IoT offerings
Cloud IoT security controls
Tailoring an enterprise IoT cloud security architecture
New directions in cloud-enabled IOT computing
Summary
10
IoT Incident Response
IoT Incident Response
Threats both to safety and security
Planning and executing an IoT incident response
Summary
Index
Index

About the Authors

Brian Russell is a chief engineer focused on cyber security solutions for Leidos (https://www.leidos.com/). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers, with a focus on securing Internet of Things (IoT). Brian leads efforts that include security engineering for Unmanned Aircraft Systems (UAS) and connected vehicles and development security systems, including high assurance cryptographic key management systems. He has 16 years of information security experience. He serves as chair of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group, and as a member of the Federal Communications Commission (FCC) Technological Advisory Council (TAC) Cybersecurity Working Group. Brian also volunteers in support of the Center for Internet Security (CIS) 20 Critical Security Controls Editorial Panel and the Securing Smart Cities (SSC) Initiative (http://securingsmartcities.org/).

Join the Cloud Security Alliance (CSA) IoT WG @ https://cloudsecurityalliance.org/group/internet-of-things/#_join.

You can contact Brian at https://www.linkedin.com/in/brian-russell-65a4991.

I would like to thank my wife, Charmae, and children, Trinity and Ethan. Their encouragement and love during my time collaboration on this project has been invaluable. I would also like to thank all the great volunteers and staff of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group, who have worked with me over the past few years to better understand and recommend solutions for IoT security. Lastly, I would like to thank my parents, without whom I would not have the drive to complete this book.

Drew Van Duren currently works at Leidos as a senior cryptographic and cybersecurity engineer, highlighting 15 years of support to commercial, US Department of Defense, and US Department of Transportation (USDOT) customers in their efforts to secure vital transportation and national security systems. Originally an aerospace engineer, his experience evolved into cyber-physical (transportation system) risk management, secure cryptographic communications engineering, and secure network protocol design for high assurance DoD systems. Drew has provided extensive security expertise to the Federal Aviation Administration's Unmanned Aircraft Systems (UAS) integration office and supported RTCA standards body in the development of cryptographic protections for unmanned aircraft flying in the US National Airspace System. He has additionally supported USDOT Federal Highway Administration (FHWA) and the automotive industry in threat modeling and security analysis of connected vehicle communications design, security systems, surface transportation systems, and cryptographic credentialing operations via the connected vehicle security credential management system (SCMS). Prior to his work in the transportation industry, Drew was a technical director, managing two of the largest (FIPS 140-2) cryptographic testing laboratories and frequently provided cryptographic key management and protocol expertise to various national security programs. He is a licensed pilot and flies drone systems commercially, and is also a co-founder of Responsible Robotics, LLC, which is dedicated to safe and responsible flight operations for unmanned aircraft.

You can reach Drew at https://www.linkedin.com/in/drew-van-duren-33a7b54.

I would first like to thank my wife, Robin, and children, Jakob and Lindsey, for their immense love, humor, and patience that shone brightly as I collaborated on this book. They were always keen to provide the diversions when I needed them the most. I would also like to thank my parents for their unceasing love, discipline, and encouragement to pursue diverse interests—model making, engineering, aviation, and music—in my formative years. More than anything, playing the cello has enriched and centered me amid life's demands. Lastly, my gratitude goes to my departed grandparents, especially my maternal grandfather, Arthur Glenn Foster, whose unquenchable scientific and engineering inquisitiveness provided just the footsteps I needed in my young life.

Previous Section
Next Chapter