SlideShare una empresa de Scribd logo
1 de 56
Descargar para leer sin conexión
The Future of
Cyber Risks
Internet of Things
Cyber Governance
&
Lucknow (India),February 22nd, 2015
Dinesh O Bareja
db@dineshbareja.com
This is a Web Distribution Version
• This presentation has been optimized for distribution via the web as a PDF which means that animation panes have been
deleted and expanded. This will allow full content on animated slides to be visible and readable
• The intent is to make sure that the animations do not appear with unreadable clutter
• The images that have been used are sourced freely from the Internet using multiple search resources. Our logic is that if your
creations are searchable then they are usable for representation AND we never use any such images in ANY of our commercial
works
• All our works that are put up as ‘distribution’ versions are published under Creative Commons license and are non-commercial –
these are available for download from common document sites on the internet or from our website
• If some images are deleted (due to watermarked copyright notices or stringent usage policies) the slide will only show a
hyperlink to it. You can follow the link to see the image.
• This is done if I have received an objection or a take-down notice from the copyright owner
• I/We make every effort to include a link or name to the copyright owner of the image(s) that have been used in this presentation
and please accept our sincere apologies in case any image has not been individually acknowledged
• Copyright notices or watermarks are not removed from images or text which are not purchased, however, we may say that
practically all text is our own creation
• Inspite of all the above and other declarations, if you have objections to the use (as owner of any of the IP used in this
presentation / paper) you may please send an email to us and we shall remove the same right away (please do remember to
include your communication coordinates and the URL where you spotted this infringement
You should presume
that someday, we will be
able to make machines that
can reason, think and do
things better than we can.
-Sergei Brin, co-founder Google (07-2014)
’
‘
AGENDA
GOVERNANCE .. QUICK LOOK AT ISSUES
CHALLENGES AND OPTIONS
RISKS OF THE FUTURE… AS THEY TAKE BIRTH
TODAY - INTERNET OF THINGS
ABriefIntroduction
Dinesh O Bareja
CISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR
• Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd
• COO – Open Security Alliance
• Co-Founder – Indian Honeynet Project
• Member IGRC – Bombay Stock Exchange
• Ex Cyber Surveillance Advisor – CDRC (Jharkhand Police – Special Branch)
Enterprise & Government Policy Development;
Cyber Security Strategy, Design, Architecture;
Current State Security Assessment, Audit &
Optimization; Governance, Risk Management;
ABOUT ME
It is time the infosec community got up
to highlight weakness in governance
and THE thinking OF our government’s
on cyber security AT THE national AND
STATE LEVEL
And REALIZE THE
The increasing inability to control
(cyber) related incidents with the
looming threats of cyber war /
terrorism / espionage / crime
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
…What is it (dictionary)
•government; exercise of authority control
•Governance (noun) - the persons (or
committees or departments etc.) who
make up a body for the purpose of
administering something;
GOVERNANCE
A body for the purpose
of administering
something;
SO Let Us Take A Look
At what We Have To
Govern…..
http://www.considerati.com
With Great
opportunity
come great
risks
And
this is what
we are
trying
to govern and
control
http://www.publicpolicy.telefonica.com/blogs/blog/2015/01/02/internet-governance-debate-what-are-our-beliefs/
We are trying
to manage a
system that is
represented
like a
building
that is
permanently
under
construction
This is the fundamental truth
about management
You cannot
control
what you
cannot
measure
CONTROL
You cannot
manage
what you
cannot
control
MANAGE
Current State
of
- Cyber Security,
- CYBER Governance,
- CYBER-ANYTHING
•Multiple organizations: LEA, Government,
Defence, Large Enterprises, NGOs etc. exist
and
•Everyone does their “own thing”
•All are ‘de facto’ experts
CurrentCYBERSTATE
•Everyone wants to protect his/herteir
thought, (ass)ets, technology
• And believes that his/her/their system is
handmade by God!
•SO…. Chaos and confusion reigns supreme
CurrentCYBERSTATE
•Multiple organizations: LEA, Government,
Defence, Large Enterprises, NGOs etc.
•Everyone does their “own thing”
•Protect my thought, (ass)ets, technology
•All are ‘de facto’ experts
•Everyone’s system in handmade by God!
•SO…. Chaos and confusion reigns supreme
CurrentCYBERSTATE
Way Ahead (my own thoughts)
•Cyber Security must be entrusted (at national
level) to one authority and organization
•Designate the President / PMO as C-in-C as this is
a frontier, a battleground
•Cybercrime, Terrorism, War, Attacks, Espionage,
Reputation, Information Exchange, Development
of Offensive Capabilities et al cannot be decided
upon by a NCSC
•I had done a presentation on
Governance a few years earlier and it
was as relevant as it was then as it is
now…
•Normally I do not use my old slides but I
find this is still an area which needs the
same old stuff…
•As per my agenda today I had said that we would
take a look at OPTIONS … Option in the middle of
all this confusion etc ….
•This is my own conceptual framework to bring
direction and order at a national / state level
•It may not be the silver bullet, but like I say if there
is good silver in the bullet at least we have started
the journey to kill the problem
• The concept presented may not be the silver
bullet,
• but
• like I say - if there is good silver in the bullet at
least we have started the journey to kill the
problem
Second Line of Command (Operational and Strategic)
Commander in Chief
PM / President
NSA NCSC
Defence Chief
of Staff
Head of
Intelligence
MHACERT
LEA, Industry
Rep & Bodies
Cyber Security Organizations and Organizations with Cyber Command Centers
State Cyber
Security Centers
Sectoral CERTs
NTRO(cyber)
NCIIPC
IB, RAW, NIA,
DIA
Defense CERTs,
DIA, DRDO etc
Academia
Participants
CyberCrime
Police Stations
CCTNS,
NATGRID
Information &
Data Library
Online
Battalions
General areas
n.e.s.
Continuing
Education &
Training
Control and Operational Areas (national and state level)
Capacity
Building
Capability
Building
Citizen
Outreach
Sectoral
Departments
Critical
Infrastructure
Education
and Training
International
Relations
Policy &
Regulations
Offensive and
Defensive
Knowledge
Repository
Domestic
Relationships
Risk
Advisories
Intelligence
Gathering
Research and
Development
Public Private
Partnership
Public
Relations
Security
Clearance
Think Tank Testing Group
Talent
Identification
Responsible
Disclosure
Field Organizations and Teams
CERT Incident
Response
Awareness,
Education,
Training
Developers
Embedded
Cyber
Patrollers
Reporting and
Measurement
Skill
Development
Audit, Risk,
Technology
Conceptualgovernance
framework
http://www.slideshare.net/DiploFoundation/presentation-at-the-arab-igf-consultations-in-dubai-5th-march-2013
This is where we are – Square 1
Shock & Awe! Questions,
Questions and Questions !
This was said by…
-Albert Einstein
This really does not
happen in real life!
I have yet to see a
hacker who is genteel,
good mannered and
follows such etiquette
<LOL>
Moving on… the 2nd part of my talk
•We’ve seen how orderly or disorderly we are (big
deal, we are like that only and it is not just us but
the whole world)
•Lets move on to something more exciting – our
future, tomorrow, kal / kaal …
•
• The Internet of Things
BADThe Internet of Things
is also the Internet of
Bad Things!
The universe
soon in your
hand!
The world is coming to rest in your palm
What’s the
Internet
of Things
From any time,
any place
connectivity for
anyone,
we will now have
connectivity for
anything!
GartnerHypeCyclefor
Emerging
Technologies-2014
A few technologies which are making news are marked and the IoT is poised on the top ready to make the journey ahead
(…) it takes many decades from the excitement of
inception for these technologies to fully work. In the case
of the automobile, the technology took 40 years to go from
merely “working” to eventually becoming fully part of our
lives. It took 80 years, from 1880 to 1960 for the
technology to become comfortable. The final phase of a
technology is for it to disappear. As John Seely Brown
puts it: “Technology has not fully arrived until it
disappears—until it is so much a part of us that we don’t
see it.” (Brian Arthur, “Myths and Realities of the High-
Tech Economy”)
WE ARE
Pandasecurit
y.com
WE WANT
LIFE
HOMES
LIFESTYLE
http://www.toptechnews.com/article/index.php?story_id=11100BDJN996
Toto's new Intelligence Toilet II
monitors weight, blood sugar
levels, and other vital signs,
transferring data to your computer
for analysis via WiFi.
ADAPTIVE
CRUISE
CONTROL:
ADJUSTS AND
DRIVES WITHIN
THE LANES
CARS SMART
PARKING
GRIDS&METERS
http://emfsafetynetwork.org/wp-
content/uploads/2011/03/DSC_0097.jpg
Smart meters will work with real-time energy displays
showing energy use around the home. Photograph:
Energy Retailers Association/PA
DRONES
exciting new developments
SMART
•Light bulbs that change depending on your
mood
•Refrigerators that talk with your smartphone
•Efficiency across industries
•Cost savings in healthcare
IoT
exciting new
developments
Nanoparticles in drug delivery
Nano robots in bloodstream (can cure cancer
Wearables (Google glass)
Aur Bhi Acche
din
For
* For more good days”
SMART
IoTIoT technologies and services generated
global revenues of $4.8 trillion in 2012
To reach
$8.9 trillion by 2020
growing at a compound annual rate (CAGR) of 7.9%.
SMART
IoT50 billion connected devices by 2020
Each person will have more than 6
devices
IoT device will more than double
(4.9 billion this year)
Human dependency
on all devices will
grow and grow… 
RISKS
television
RISKSThe smart TV recognizes voice commands so it is in listening mode
and also listens to any conversation in the room while trying to figure
out a command.. Is this shared at the back end ??
Look at the future differently
• Neither software nor email security will be enough
• To protect (IoT) against future attacks from
cybercriminals
• Develop strategies in preparation "for the onslaught of
Internet enabled devices“
• Prepare for the fast approaching army of networked
devices
http://fortifyprotect.com/HP_IoT_Research_Study.pdf
Any connected consumer
electronic appliance may
become a zombie for a
botnet. Imagine the power of
a DDoS using all the TV sets
of one brand.
Ransomware may shoot up.
What if a ransomware hits
the same TV sets or consumer
appliance
Will the brand pay the
ransom? Will you pay to get
back your connected fridge?"
RISKS
RISKS
• Security flaw that could allow unlocking doors
of up to 2.2 million Minis, BMWs, and Rolls-
Royce models
• They all are equipped with BMW’s
ConnectedDrive software which uses on-board
SIM cards
• Potentially hackers gain access to the onboard
vehicle computer systems that manage
everything from engines and brakes to even
the air conditioning
Our
national
RISKS are
unique
The real india .. In the
villages. Soon to be zapped by
technology benefits and
technology crime!
And we will become
lazier by the day !
http://www.intel.com/communities/pix/other/Newsroom_UK_InternetOfThings_1024x1448.jpg
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
ABOUT
ME
CONTACT
INFORMATION
E dinesh@opensecurityalliance.org
@bizsprite
L: linkedin.com/in/dineshbareja
+91.9769890505
dineshobareja
dineshobareja
infosecgallery.blgspot.com
securambling.blogspot.com
Information Security professional
works hard to be abreast of
technology, risks, threats,
opportunities and looks forward
to the excitement of the future..
This document has been created by IndiaWatch., Open Security Alliance., Dinesh O Bareja
Released in the public domain under Creative Commons License (Attribution- Noncommercial 2.5 India)
http://creativecommons.org/licenses/by-nc-sa/2.5/in/
The information and practices listed in this document are provided as is and for guidance purposes only and should not be
construed to be a standard (unless mentioned otherwise). Readers are urged to make informed decisions before adopting the
information given in this document.
The author(s) may not be held responsible, or liable, in any event and for any issues arising out of the use of the information and / or
guidelines included in this document. Further, we do not give any warranty on accuracy, completeness, functionality, usefulness or
other assurances as to the content in the document. We disclaim all responsibility for any losses, damage caused or attributed, directly
or indirectly, from reliance on and the use of such information.
Readers are welcome to provide feedback to the authors using the contact information provided in this document. This document
has been prepared for general public distribution so all animations have been converted to static images.
Graphics and images are usually obtained from the internet and royalty free sources and are usually acknowledged by us. Errors may
be expected in this practice and this is not intentional.-we resect creative rights and request owner(s) to inform us of any inadvertent
omission. Any trademarks or companies may be displayed or mentioned with the purpose of establishing a point or for better
understanding and we do not claim any exclusivity or relationship with their respective owers.
License and Copyright
Acknowledgements & Disclaimer
Various resources on the internet have been referred to contribute to the information presented. Images have been acknowledged (above) where possible. Any company names,
brand names, trade marks are mentioned only to facilitate understanding of the message being communicated - no claim is made to establish any sort of relation (exclusive or
otherwise) by the author(s), unless otherwise mentioned. Apologies for any infraction, as this would be wholly unintentional, and objections may please be communicated to us
for remediation of the erroneous action(s).

Más contenido relacionado

La actualidad más candente

The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark, CISSP, CISA
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexShivamSharma909
 
Cyber crime final report
Cyber crime final report Cyber crime final report
Cyber crime final report Shishupal Nagar
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk   intrusion prevention are we joking - henshaw july 2010 aBright talk   intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyICT Watch
 
CYBERCRIMES AND DUE DILIGENCE
CYBERCRIMES AND DUE DILIGENCECYBERCRIMES AND DUE DILIGENCE
CYBERCRIMES AND DUE DILIGENCEanthony4web
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodcharvill
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Nawanan Theera-Ampornpunt
 

La actualidad más candente (20)

Cyber security
Cyber securityCyber security
Cyber security
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime:  Radically Rethinking the Global ThreatCybercrime:  Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers Miserable
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity index
 
Cyber crime final report
Cyber crime final report Cyber crime final report
Cyber crime final report
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk   intrusion prevention are we joking - henshaw july 2010 aBright talk   intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety Mechanism
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to Know
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
CYBERCRIMES AND DUE DILIGENCE
CYBERCRIMES AND DUE DILIGENCECYBERCRIMES AND DUE DILIGENCE
CYBERCRIMES AND DUE DILIGENCE
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
 
Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)
 

Destacado

Community Disaster Incident Response
Community Disaster  Incident ResponseCommunity Disaster  Incident Response
Community Disaster Incident ResponseDinesh O Bareja
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked InDinesh O Bareja
 
Indian Thoughts in Information Security
Indian Thoughts in Information SecurityIndian Thoughts in Information Security
Indian Thoughts in Information SecurityDinesh O Bareja
 
Information Security It's All About Compliance
Information Security   It's All About ComplianceInformation Security   It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITDinesh O Bareja
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 
Common Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSCommon Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSDinesh O Bareja
 

Destacado (11)

Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
 
Community Disaster Incident Response
Community Disaster  Incident ResponseCommunity Disaster  Incident Response
Community Disaster Incident Response
 
Mind Your Manners On Linked In
Mind Your Manners On Linked InMind Your Manners On Linked In
Mind Your Manners On Linked In
 
Indian Thoughts in Information Security
Indian Thoughts in Information SecurityIndian Thoughts in Information Security
Indian Thoughts in Information Security
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Information Security It's All About Compliance
Information Security   It's All About ComplianceInformation Security   It's All About Compliance
Information Security It's All About Compliance
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document
 
Business - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of ITBusiness - IT Alignment Increases Value Of IT
Business - IT Alignment Increases Value Of IT
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Common Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CSCommon Sense 101 - so much to learn about CS
Common Sense 101 - so much to learn about CS
 

Similar a Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India

FinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptxFinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptxssuser046cf5
 
Conf2013 bchristensen thebig_t
Conf2013 bchristensen thebig_tConf2013 bchristensen thebig_t
Conf2013 bchristensen thebig_tBeau Christensen
 
The Internet of People: A Call to Arms
The Internet of People: A Call to ArmsThe Internet of People: A Call to Arms
The Internet of People: A Call to Armsavi-bar-zeev
 
Demonetization, IoT and related thoughts!
Demonetization, IoT and related thoughts!Demonetization, IoT and related thoughts!
Demonetization, IoT and related thoughts!Agile Testing Alliance
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...Agile Testing Alliance
 
Dinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteDinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteSandraPaiva
 
Building a Security culture at Skyscanner 2016
Building a Security culture at Skyscanner 2016Building a Security culture at Skyscanner 2016
Building a Security culture at Skyscanner 2016Stu Hirst
 
WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...
WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...
WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...Bas van der Lans
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Peerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetPeerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetAbhinav Mishra
 
CSI Content: Who Killed ECM?
CSI Content: Who Killed ECM?CSI Content: Who Killed ECM?
CSI Content: Who Killed ECM?John Newton
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t  gartner iam summit uk 2015 - netiq - travis greeneA smarter, more secure io t  gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greenebmcmenemy
 
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015bmcmenemy
 
Trustable Technology Mark: Public Launch
Trustable Technology Mark: Public LaunchTrustable Technology Mark: Public Launch
Trustable Technology Mark: Public LaunchPeter Bihr
 
Netflix SIRT - Culture and Tech -Trainman
Netflix SIRT - Culture and Tech -TrainmanNetflix SIRT - Culture and Tech -Trainman
Netflix SIRT - Culture and Tech -TrainmanAlex Maestretti
 
The Future for Smart Technology Architects
The Future for Smart Technology ArchitectsThe Future for Smart Technology Architects
The Future for Smart Technology ArchitectsPaul Preiss
 

Similar a Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India (20)

Iot ppt
Iot pptIot ppt
Iot ppt
 
FinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptxFinalPPT-StJoseph (3).pptx
FinalPPT-StJoseph (3).pptx
 
Conf2013 bchristensen thebig_t
Conf2013 bchristensen thebig_tConf2013 bchristensen thebig_t
Conf2013 bchristensen thebig_t
 
The Internet of People: A Call to Arms
The Internet of People: A Call to ArmsThe Internet of People: A Call to Arms
The Internet of People: A Call to Arms
 
Demonetization, IoT and related thoughts!
Demonetization, IoT and related thoughts!Demonetization, IoT and related thoughts!
Demonetization, IoT and related thoughts!
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
 
Dinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference KeynoteDinis Cruz IBWAS'10 Conference Keynote
Dinis Cruz IBWAS'10 Conference Keynote
 
Building a Security culture at Skyscanner 2016
Building a Security culture at Skyscanner 2016Building a Security culture at Skyscanner 2016
Building a Security culture at Skyscanner 2016
 
WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...
WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...
WordCamp Europe 2019: From WordPress to Blockchain, 100% Open Source Future. ...
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
Peerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetPeerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter Meet
 
Chicago20110608e 110609115733 Phpapp01
Chicago20110608e 110609115733 Phpapp01Chicago20110608e 110609115733 Phpapp01
Chicago20110608e 110609115733 Phpapp01
 
CSI Content: Who Killed ECM?
CSI Content: Who Killed ECM?CSI Content: Who Killed ECM?
CSI Content: Who Killed ECM?
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
 
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t  gartner iam summit uk 2015 - netiq - travis greeneA smarter, more secure io t  gartner iam summit uk 2015 - netiq - travis greene
A smarter, more secure io t gartner iam summit uk 2015 - netiq - travis greene
 
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
A Smarter, more Secure Internet of Things from NetIQ at Gartner IAM Summit 2015
 
My Fears Essay
My Fears EssayMy Fears Essay
My Fears Essay
 
Trustable Technology Mark: Public Launch
Trustable Technology Mark: Public LaunchTrustable Technology Mark: Public Launch
Trustable Technology Mark: Public Launch
 
Netflix SIRT - Culture and Tech -Trainman
Netflix SIRT - Culture and Tech -TrainmanNetflix SIRT - Culture and Tech -Trainman
Netflix SIRT - Culture and Tech -Trainman
 
The Future for Smart Technology Architects
The Future for Smart Technology ArchitectsThe Future for Smart Technology Architects
The Future for Smart Technology Architects
 

Más de Dinesh O Bareja

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Finance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITFinance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITDinesh O Bareja
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Dinesh O Bareja
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013Dinesh O Bareja
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in IndiaDinesh O Bareja
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 

Más de Dinesh O Bareja (8)

WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
 
Cybersecurity 2.0
Cybersecurity 2.0Cybersecurity 2.0
Cybersecurity 2.0
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Finance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with ITFinance and Accounting professionals to bridge the gap with IT
Finance and Accounting professionals to bridge the gap with IT
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in India
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 

Último

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 

Último (20)

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 

Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India

  • 1. The Future of Cyber Risks Internet of Things Cyber Governance & Lucknow (India),February 22nd, 2015 Dinesh O Bareja db@dineshbareja.com
  • 2. This is a Web Distribution Version • This presentation has been optimized for distribution via the web as a PDF which means that animation panes have been deleted and expanded. This will allow full content on animated slides to be visible and readable • The intent is to make sure that the animations do not appear with unreadable clutter • The images that have been used are sourced freely from the Internet using multiple search resources. Our logic is that if your creations are searchable then they are usable for representation AND we never use any such images in ANY of our commercial works • All our works that are put up as ‘distribution’ versions are published under Creative Commons license and are non-commercial – these are available for download from common document sites on the internet or from our website • If some images are deleted (due to watermarked copyright notices or stringent usage policies) the slide will only show a hyperlink to it. You can follow the link to see the image. • This is done if I have received an objection or a take-down notice from the copyright owner • I/We make every effort to include a link or name to the copyright owner of the image(s) that have been used in this presentation and please accept our sincere apologies in case any image has not been individually acknowledged • Copyright notices or watermarks are not removed from images or text which are not purchased, however, we may say that practically all text is our own creation • Inspite of all the above and other declarations, if you have objections to the use (as owner of any of the IP used in this presentation / paper) you may please send an email to us and we shall remove the same right away (please do remember to include your communication coordinates and the URL where you spotted this infringement
  • 3. You should presume that someday, we will be able to make machines that can reason, think and do things better than we can. -Sergei Brin, co-founder Google (07-2014) ’ ‘
  • 4. AGENDA GOVERNANCE .. QUICK LOOK AT ISSUES CHALLENGES AND OPTIONS RISKS OF THE FUTURE… AS THEY TAKE BIRTH TODAY - INTERNET OF THINGS
  • 5. ABriefIntroduction Dinesh O Bareja CISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR • Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd • COO – Open Security Alliance • Co-Founder – Indian Honeynet Project • Member IGRC – Bombay Stock Exchange • Ex Cyber Surveillance Advisor – CDRC (Jharkhand Police – Special Branch) Enterprise & Government Policy Development; Cyber Security Strategy, Design, Architecture; Current State Security Assessment, Audit & Optimization; Governance, Risk Management; ABOUT ME
  • 6. It is time the infosec community got up to highlight weakness in governance and THE thinking OF our government’s on cyber security AT THE national AND STATE LEVEL And REALIZE THE The increasing inability to control (cyber) related incidents with the looming threats of cyber war / terrorism / espionage / crime
  • 8. …What is it (dictionary) •government; exercise of authority control •Governance (noun) - the persons (or committees or departments etc.) who make up a body for the purpose of administering something; GOVERNANCE
  • 9. A body for the purpose of administering something; SO Let Us Take A Look At what We Have To Govern…..
  • 11. With Great opportunity come great risks And this is what we are trying to govern and control
  • 12. http://www.publicpolicy.telefonica.com/blogs/blog/2015/01/02/internet-governance-debate-what-are-our-beliefs/ We are trying to manage a system that is represented like a building that is permanently under construction
  • 13. This is the fundamental truth about management You cannot control what you cannot measure CONTROL You cannot manage what you cannot control MANAGE
  • 14. Current State of - Cyber Security, - CYBER Governance, - CYBER-ANYTHING
  • 15. •Multiple organizations: LEA, Government, Defence, Large Enterprises, NGOs etc. exist and •Everyone does their “own thing” •All are ‘de facto’ experts CurrentCYBERSTATE
  • 16. •Everyone wants to protect his/herteir thought, (ass)ets, technology • And believes that his/her/their system is handmade by God! •SO…. Chaos and confusion reigns supreme CurrentCYBERSTATE
  • 17. •Multiple organizations: LEA, Government, Defence, Large Enterprises, NGOs etc. •Everyone does their “own thing” •Protect my thought, (ass)ets, technology •All are ‘de facto’ experts •Everyone’s system in handmade by God! •SO…. Chaos and confusion reigns supreme CurrentCYBERSTATE
  • 18. Way Ahead (my own thoughts) •Cyber Security must be entrusted (at national level) to one authority and organization •Designate the President / PMO as C-in-C as this is a frontier, a battleground •Cybercrime, Terrorism, War, Attacks, Espionage, Reputation, Information Exchange, Development of Offensive Capabilities et al cannot be decided upon by a NCSC
  • 19. •I had done a presentation on Governance a few years earlier and it was as relevant as it was then as it is now… •Normally I do not use my old slides but I find this is still an area which needs the same old stuff…
  • 20. •As per my agenda today I had said that we would take a look at OPTIONS … Option in the middle of all this confusion etc …. •This is my own conceptual framework to bring direction and order at a national / state level •It may not be the silver bullet, but like I say if there is good silver in the bullet at least we have started the journey to kill the problem
  • 21. • The concept presented may not be the silver bullet, • but • like I say - if there is good silver in the bullet at least we have started the journey to kill the problem
  • 22. Second Line of Command (Operational and Strategic) Commander in Chief PM / President NSA NCSC Defence Chief of Staff Head of Intelligence MHACERT LEA, Industry Rep & Bodies Cyber Security Organizations and Organizations with Cyber Command Centers State Cyber Security Centers Sectoral CERTs NTRO(cyber) NCIIPC IB, RAW, NIA, DIA Defense CERTs, DIA, DRDO etc Academia Participants CyberCrime Police Stations CCTNS, NATGRID Information & Data Library Online Battalions General areas n.e.s. Continuing Education & Training Control and Operational Areas (national and state level) Capacity Building Capability Building Citizen Outreach Sectoral Departments Critical Infrastructure Education and Training International Relations Policy & Regulations Offensive and Defensive Knowledge Repository Domestic Relationships Risk Advisories Intelligence Gathering Research and Development Public Private Partnership Public Relations Security Clearance Think Tank Testing Group Talent Identification Responsible Disclosure Field Organizations and Teams CERT Incident Response Awareness, Education, Training Developers Embedded Cyber Patrollers Reporting and Measurement Skill Development Audit, Risk, Technology Conceptualgovernance framework
  • 24. This was said by… -Albert Einstein
  • 25. This really does not happen in real life! I have yet to see a hacker who is genteel, good mannered and follows such etiquette <LOL>
  • 26. Moving on… the 2nd part of my talk •We’ve seen how orderly or disorderly we are (big deal, we are like that only and it is not just us but the whole world) •Lets move on to something more exciting – our future, tomorrow, kal / kaal … • • The Internet of Things
  • 27. BADThe Internet of Things is also the Internet of Bad Things!
  • 28. The universe soon in your hand! The world is coming to rest in your palm
  • 29. What’s the Internet of Things From any time, any place connectivity for anyone, we will now have connectivity for anything!
  • 30. GartnerHypeCyclefor Emerging Technologies-2014 A few technologies which are making news are marked and the IoT is poised on the top ready to make the journey ahead
  • 31. (…) it takes many decades from the excitement of inception for these technologies to fully work. In the case of the automobile, the technology took 40 years to go from merely “working” to eventually becoming fully part of our lives. It took 80 years, from 1880 to 1960 for the technology to become comfortable. The final phase of a technology is for it to disappear. As John Seely Brown puts it: “Technology has not fully arrived until it disappears—until it is so much a part of us that we don’t see it.” (Brian Arthur, “Myths and Realities of the High- Tech Economy”)
  • 34. LIFE
  • 35. HOMES
  • 36. LIFESTYLE http://www.toptechnews.com/article/index.php?story_id=11100BDJN996 Toto's new Intelligence Toilet II monitors weight, blood sugar levels, and other vital signs, transferring data to your computer for analysis via WiFi.
  • 38. GRIDS&METERS http://emfsafetynetwork.org/wp- content/uploads/2011/03/DSC_0097.jpg Smart meters will work with real-time energy displays showing energy use around the home. Photograph: Energy Retailers Association/PA
  • 40. exciting new developments SMART •Light bulbs that change depending on your mood •Refrigerators that talk with your smartphone •Efficiency across industries •Cost savings in healthcare IoT
  • 41. exciting new developments Nanoparticles in drug delivery Nano robots in bloodstream (can cure cancer Wearables (Google glass)
  • 42. Aur Bhi Acche din For * For more good days”
  • 43. SMART IoTIoT technologies and services generated global revenues of $4.8 trillion in 2012 To reach $8.9 trillion by 2020 growing at a compound annual rate (CAGR) of 7.9%.
  • 44. SMART IoT50 billion connected devices by 2020 Each person will have more than 6 devices IoT device will more than double (4.9 billion this year)
  • 45. Human dependency on all devices will grow and grow… 
  • 46. RISKS
  • 47. television RISKSThe smart TV recognizes voice commands so it is in listening mode and also listens to any conversation in the room while trying to figure out a command.. Is this shared at the back end ??
  • 48. Look at the future differently • Neither software nor email security will be enough • To protect (IoT) against future attacks from cybercriminals • Develop strategies in preparation "for the onslaught of Internet enabled devices“ • Prepare for the fast approaching army of networked devices
  • 49. http://fortifyprotect.com/HP_IoT_Research_Study.pdf Any connected consumer electronic appliance may become a zombie for a botnet. Imagine the power of a DDoS using all the TV sets of one brand. Ransomware may shoot up. What if a ransomware hits the same TV sets or consumer appliance Will the brand pay the ransom? Will you pay to get back your connected fridge?" RISKS
  • 50. RISKS • Security flaw that could allow unlocking doors of up to 2.2 million Minis, BMWs, and Rolls- Royce models • They all are equipped with BMW’s ConnectedDrive software which uses on-board SIM cards • Potentially hackers gain access to the onboard vehicle computer systems that manage everything from engines and brakes to even the air conditioning
  • 51. Our national RISKS are unique The real india .. In the villages. Soon to be zapped by technology benefits and technology crime!
  • 52. And we will become lazier by the day !
  • 55. ABOUT ME CONTACT INFORMATION E dinesh@opensecurityalliance.org @bizsprite L: linkedin.com/in/dineshbareja +91.9769890505 dineshobareja dineshobareja infosecgallery.blgspot.com securambling.blogspot.com Information Security professional works hard to be abreast of technology, risks, threats, opportunities and looks forward to the excitement of the future..
  • 56. This document has been created by IndiaWatch., Open Security Alliance., Dinesh O Bareja Released in the public domain under Creative Commons License (Attribution- Noncommercial 2.5 India) http://creativecommons.org/licenses/by-nc-sa/2.5/in/ The information and practices listed in this document are provided as is and for guidance purposes only and should not be construed to be a standard (unless mentioned otherwise). Readers are urged to make informed decisions before adopting the information given in this document. The author(s) may not be held responsible, or liable, in any event and for any issues arising out of the use of the information and / or guidelines included in this document. Further, we do not give any warranty on accuracy, completeness, functionality, usefulness or other assurances as to the content in the document. We disclaim all responsibility for any losses, damage caused or attributed, directly or indirectly, from reliance on and the use of such information. Readers are welcome to provide feedback to the authors using the contact information provided in this document. This document has been prepared for general public distribution so all animations have been converted to static images. Graphics and images are usually obtained from the internet and royalty free sources and are usually acknowledged by us. Errors may be expected in this practice and this is not intentional.-we resect creative rights and request owner(s) to inform us of any inadvertent omission. Any trademarks or companies may be displayed or mentioned with the purpose of establishing a point or for better understanding and we do not claim any exclusivity or relationship with their respective owers. License and Copyright Acknowledgements & Disclaimer Various resources on the internet have been referred to contribute to the information presented. Images have been acknowledged (above) where possible. Any company names, brand names, trade marks are mentioned only to facilitate understanding of the message being communicated - no claim is made to establish any sort of relation (exclusive or otherwise) by the author(s), unless otherwise mentioned. Apologies for any infraction, as this would be wholly unintentional, and objections may please be communicated to us for remediation of the erroneous action(s).