What's the deal with IoT?

yes hey guys welcome to beat that but it came off please welcome the VP of this check very Cooper please die in the room most likely it looks like it how's everybody [ __ ] what about that offer good I love here to throw down before we even get started there's one takeaway you gotta get right now see these right here this is going to get you some free booze and some free pizza and jewelry tokens get the up down tonight in the after party okay rock'n'roll can see that excellent I'm very Cooper I'll take you through the introduction and they're probably started really throwing down here a little bit on and talking about b-sides

let's say a little bit about the absence if if text munity has had a real leadership and thought leadership this is fantastic dude I mean I've been attacked and IG and IT security now for about 30 years and this this is great to see it hit back and kick it again so awesome you kudos everyone who threw down and made that happen so you may ask yourself you know what else greener there's a marketing guy doing talking about IOT what I've got three years can this old geezer know about the Internet of Things well you know luckily for us you know I have some experience in the training realm anybody in particular training course for me assistance maybe

back in the day firewall yeah okay in that case Alec shake ass and strike one of the best you know I get through it alcohol but I'm an educated heart and what I want to do today if you throw down a little bit from the education perspective I like to look at things from their origin where they come from where they had and then I also like beings and smartass stuff just like any good tech person does right so that's what we're going to look at today one working fish Texas Tech is a secure digital transformational organization out Martin C not Gary fish started with this net security and fire bond and now this is the kind of next iteration we're

focused on cloud and [ __ ] like that okay cool so all that obligatory is out of the way you know I will have to admit as well I'm a little intimidated with the ninja level but I see in the room today as well so you know what I do fall back to its understanding I have a couple of teenagers at home and if I can handle that [ __ ] and you know I think I can handle what we got going on here the dead rat all right all right I'm also old and my thoughts probably leave me really quickly so I'm going to actually use this to keep me on track here see this so don't hate right so

what's this deal with IOT right what does they come from where's that where's that goofy ass title come from maybe uh I got you looks something like that right Jerry Seinfeld well you know the title of this talk is you know what's to deal with IOT that's it's pretty obvious that I'm you know not really good at making static titles and all that in a full disclosure you know bi-fuel loyalty in all the sports won't be based on analogies between tours Costanza and you know Kramer and Elaine we're not really going to go there so we're not going to go down the Jerry Seinfeld trap what I really personally think about IOT and potential long-term ramifications

loyalty is this the turnitin right if you think about where i OG click up potentially it could get dark but this is just my version capital or person or morality could get you if it's not poorly managed if it's not really thought through with security and clarity and if good philosophies aren't in place it could turn down the audacity right I mean there's a lot of little devices out there that I love and when you start speaking about these individual devices and these individual organizations let's take a little peek at the landscape I mean there are literally tons of organization to build these gadgets or the communication channels or frameworks to make them work you know I love technology I love

gadgets and Smart Watch smart phones smart home which hopefully I have smart kids I don't know I'm going to see how that turns out I make them two for free right now so that is looking pretty good but a little bit potential the technology has there's literally hundreds of companies that are building IOT devices and when I think of it again is the potential you know what will this you know perfect future look like rather pursue perfect future you know they it looks something a little like this The Jetsons right I mean we've got we've got George we've got Jane Judy and Hellboy and you know the perfect IOT outcome is that everything works seamlessly

together without security flaws we're not being attacked by it it's not attacking itself even the character that I'd like to always keep an eye on in this particular if is this one right here I mean look at those eyes and I mean I don't know you guys I think I've seen those somewhere before like you know maybe like see maybe here all right so this is a bunch of crap and get started here but you know I never trust robots just look into the eye and until you got it there you can see right there it's not like the red eye thing will tell you all you need to do it looks like we lost this neck so that's all

right so a little more just a few stats to kind of get a level set here is that when you talk about you know only about 10% of new devices the connected to the corporate network are going to be advanced with traditionally the way we do it today that's that's interesting to to know from the perspective of what we undo a lot right it overs also you know there's this shitload of devices out there and there's only going to be more 20 plus billion some organizations like I said 46 to 80 billion different devices will be connected by 84 by 2020 so you know as well you know these devices are really going to need automation and

they're going to need to be automated to be affected so automation and self orchestration are really concepts that we like that I like for convenience for these devices are going to have to have the ability to connect together and learn together so AI machine learning all that excel vegetable ization of machines that's going to happen at some time it's going to be interesting to watch how that actually goes down I always us into the history teacher right I would like to look for things and you know I don't cheat was born as an idea as far back as 82 right I was I was graduating high school I know you know my Commodore 64 I'm a survivor I

didn't forget but I was bouncing and so all the way back there it is when it really started the first Coke machine at Carnegie Mellon University was internet-connected to make sure that the code was at the right temperature it stayed good for its users so you know as we progressed in 94 rather oddity describe the concept and the I Triple E spectrum is moving small packets of information and stuff around to large sets of nodes and integrating how to make everything so interconnectedness was really the key of all this you know Microsoft got involved in courses they always do between 93 and 96 wouldn t have work and Novell jumped in with nest but really this cowboy that's on the

screen here this is if you don't know this is Kevin Astin she's the co-founder of mi t--'s Auto ID Center and he's really predator with pointing the phrase the Internet of Things so we you know we could thank him for some of paying we're going to deal in the future his concept really revolves around RFID and that these devices would communicate via radio frequencies of course you know you really couldn't see forward or left four at a time but understood this you know IP networking is really where you know the foundation of all networking is going to be in the RFID things kind of bad didn't really work as the Internet of Things progressed there was some

momentum here and device manufacturers and businesses they can stop it if you know we're going to make money off of this where does it always people - we're going to make some cash right and of course what's the first thing that gets thrown out the window and we're going to make much security right okay so they're not really building these these devices with security in mind it didn't take long though for businesses these manufacturers say forget about this RFID crap that's not going to work they need to be IP connected so you know the first refrigerator that we have here is our LG Internet it'll do secured with land ports it did take long as well through

the hips own community in 2008 to jump on board and start to collaborate and build some industry partners that were you know concerned about how this was all going to connect together you know big businesses not just entrepreneurs and researchers they were growing interest in implementing IOT and production environments and that has not stopped as we know to this day it is only propelled faster and faster so one of the things that we focus on it the organization network out now is a cloud right in cloud technology hybrid cloud public cloud private cloud multi-cloud fog you know whatever the name you get it right we're focused on technology that works in the cloud and propels the

cloud forward you know we bandy about this term of digital transformation all the time right and we've got all over the web side of the toughing I work for I all marketing guy I can't even get people to remove it from the website good digital transformation is important and really if you think about the Internet of Things it is the nexus of digital transformation it's the very core of transforming you know now that networking capabilities are expanding and we've got large-scale data analytics tools you've got cloud out there you're seeing frameworks like the whole scene alliances all join framework which makes it easy to create and connect these devices device networks and connect them together and it also makes it easier for

these devices to discover each other right like my little friend earlier you know Skynet you know getting connected and everybody seeing each other working together that's where this is actually going to head so you know developers can write applications for interoperability transport layers kind of really out the window without manufacture in some cases not even internet access to make this work so you know in my opinion means we focus on clout and study in this point of this as well the cloud is going to become more like uranium to the IOT reactor is IOT begins to move forward maybe maybe like ramen too you know back or maybe it is actually a more to the

points what the Python is to ring crimes that's what the cloud is going to be for IOT development so every report here all these devices are connected no servers cheaper Manor Manor thermostats to communicate with the outside world on their own all of these devices you know the days of simply just plugging in your refrigerator to find out if you you know can have the stuff for Chicken Cacciatore or one to make strips 34 degrees those days are really over right so like Logan things that have been created you know the technology the IOT also is it is it's magma Nations and you know there's always bad actors there's always folks out there that want to take a good

thing if you know drop up the proverbial turd in the punchbowl if you will and you know make it difficult you know does uh you know equally recognized with this image here this is one of the hundred children problems right things that were actually created for one purpose actually can't be utilized for something else and we're really at that crucial moment in my opinion in the evolution of IOT you've got smart cities smart TVs that's awesome now there's untold legions of connected devices around the world working together as we will we weld up I mean do I need to have a firewall do I really think of my home network the same as I did when I was through a my little

router without a wireless I've got an entire network if you notice the local loop going to protect protect me at all you know don't dump count don't happen so what we got so what we want to talk about next or what I was jump into here is really not the Internet of Things but the end security right I really that's where we're at you know for Juniper forecast is there's going to be a forty six billion of these little monkeys connected together and which is about a two hundred percent increase from where we're at right now at CBS Greg Auto was talking and he's like you know well the ten hundred orders are out here looking at all these chicken gizmos

how they fit together wearables and all of that and there's fifty thousand people running around here but there was only about fifty people who even concern with security when it came to Iowa t at all that's just as it's a shame Ryan yes to crying shame both care i G use the same problem here as really begins to you know get some momentum you know supers rightfully so are not going to trust either she connected devices until they go that the security issues around them part of resolve but we know that end users even though you say hands at school they're going to plug in and it's going to happen we discover Raj up support the way that

things are so because if it's it earlier to you know home automation you know do you use a smart thermostats all the other tracks that we plug into our houses is really going to be interesting to see where that goes Wow looks happy slide transitions when it must be alarming kinds right so so when I achieve manufacturers begin to build these devices obviously they did this with a minimalist approach when it came to security you know we do something like that if you don't have security isn't in the creation process on your facility or anything else you know the stuff goes bad it just goes bad and you know how be a group are you familiar or

not most of the people in this room I'm sure you're probably familiar with the Dan attack right the data tag that took place where a DNS provider was essentially just matched and you know kind of just the core elements of the attack itself or you know maliciously targeted TCP and UDP traffic over fifty three naturally and utilizing the Moriah botnet as the primary attack source the attack generated these you know compound recursive DNS retries it just pounded this this organization in submission right and if there were over at the end of this whenever they kind of deconstructed attack there were over a hundred thousand devices many of them CCTV cameras premature raters that actually were involved and this attack so read

where you cannot think of these IOT devices as kind of harmful school kids because you've put them all together and you've got yourself maybe Skynet well maybe not maybe close to Skynet right something that is can be pretty nasty you know the results of this or Twitter Netflix Airbnb Amazon credit you know all these people were nailed by this attack really know kind of I think a wake-up call in front cement shattering occurrence this type of bullying metric attack where you're having these DDoS attacks that are just mainly these organizations using a new factor like IOT people didn't really think about it they don't think about you know I love your mind you know 4k TV that I loved what

sports on all that I don't think about that kicking my ass something you know I don't really I don't look at it like that I know again I love that TV you know the wife says I love that TV too much obviously that's you know pretty much the case right but I love these devices the way that they're getting connected I love that as well you know but all these devices can be enlisted in this DDoS army like Black Friday which is now the folks told that especially it then about this particular attack and wipe they show they should you know the Internet of Things is going to play you know this huge role and targeted attacks

in 2017 job right it already is capitalizing on these other growing acceptance of devices I mean you know I've got this little you know one IQ watts it's really kind of just a knockoff of them you know the iPhone or the I lost too it's kind of crappy reverse to that does everything for them you cannot cheat right so I get this device from this device and connect to the corporate network this is advanced device connects to every network if I well that I know and if you find the one its own as well so you know whenever someone says you know in 2017 you know it may be then that someone attacking to say dot yeah

obviously as an ontology is going to be moving forward another attack in June of last year you know security affordance that they discovered a botnet made up of 2500 CC v CT TV devices cheers all together to have an organization as well you know we've been warned about these things and what other was interesting about this particular attack as well has been the scale so it had to actually was sourced from 105 different countries you know so it wasn't just four or five or six or eight or ten bad actors this was everyone you know and that's what we're looking at when we're talking about the Internet of games and trying to secure this as we go

on right you know many IOT devices that we as we know or what they're installed and then what do you do walk away right oh yeah install it boots working group I can connect one of my half we look yeah the kids nothing this homework kick-ass right I see that yeah I got it what do I do is you fire and forget you install it and leave it and that's really where we're at right now you know the firmware is not necessarily updated when these things are built they're built many times with you know default passwords of course but not only that but in case you can change if there's actually devices especially home home devices around CCTV types that you

can change and that's really you know majority of these security attacks did originate in China and the good old US of A so if you want to look at the platform it comes to us right so here's the little tsunami fixture that I neglected to the turn letter all right I'm going to education god right I've been seen as many times you're probably getting sick of hearing that already but in education the springing rules okay if that matters there's more Givens right in grammar you know you've got proper syntax and your mom saying don't say ain't all that right well what do we take this kind of similar approach what about eye on cheek you know where our dial i OG best

practices right where are they we're on the up right there really nowhere right in many cases but you know some organizations like see them custom electronic design and installation Association and the CTA you know they're working on this and that's that's good to see right you're going to start trying to build some guidelines of course no one can agree on anything just yet you know and of course there's there's coverage across the pond have a different take on this but this is a must you know homeland security getting involved in Department of Commerce have outlined their own set of guidelines to IOT whatever I think that I get nervous right I would love to see manufacturers

and us come up with these guidelines principles and really the philosophy behind IOT and get the ship right right you know the bad news is though they you know Homeland Security and Department of Congress got involved and they look at guidelines we're going to do guidelines for IOT so what they did they look at and said yeah I'm going to only address availability access standards and technologies online they didn't even address security pal they look at so you know these types of volumetric attacks utilizing IOT devices is not going away what really is needed I think you all would agree the people in this room is not mindset change the minds have changed about IOT we're going

to write whatever I think about you know I go back to my little education I've got to have a methodology to do something so I'm going to share something with you really quick that may or may not be helpful to you as far as a methodology to try to come fast or if these get your arms around IOT whether you're managing it whether you're building a business on it you know it all starts with the strategic approach that you take right you back up the vision policies procedures guidelines that's why I love them Chris's talk downstairs because that's really what else starts get your strategy right it's your proof right understand how are you going to attack this find a way to

go out and do good discover you don't know what you don't know until you do that you know this will get a weight on board and authenticate we could partner with these devices or the people that are banging a man if you will know and then when we focus your strategy on ongoing firmware updates and maintenance and connectivity to these devices and then of course you know policy based encryption that's just a must you got to have that at the core of course governance is step two and once you've got the skeleton framework your strategy in place do you to do this thorough risk analysis it could be a part of your strategy but really when you're looking

at risk as Chris I think so rightfully pointed out earlier they dislike locating for 2,860 things 84% of good so I'm kicking ass right you know what I mean that's not the case you know obviously not the case if governments you know any compliance regulatory standards all that needs to be nailed down and and thought through as well that's yeah okay cooperate with love there you go next is architecture you know a lot of folks would say okay when it's iog do you really need to focus on this you know it seems like it would just be intuitive then the architecture needs to be well planned you know but now that we have networks and we have somewhere to

find everything your network is not going to look like in five years skeletally than it does right now you got Software Defined Networking Software Defined when software is like forgetting everything right and it's either it on prime of it if the trend continues and cloud adoption Cheeks going the way it's going then you know we're going to pay attention to this on architecture front as well you know the components of a good architecture part if you have actuators and sensors and things that may be involved in the manufacturing while well you know you need to make sure that these are architected correctly and segmented correctly make sure that your internet gateway of course is set up correctly and then if

there's edge IT processing that happens you need to make sure that the NIT processing is is being done efficiently and being done correctly and then finally when this thing is converted to the data center if it does of the cloud for continual processing because the right controls in place as well it has the security stack again it's moved to cloud there's a whole crap ton of additional things to pay attention to one of the things that my brother it there CIOs CISOs I think you always talk to me about it's validation okay so you install the solution I'm going to test this solution do I really go and try to test one solution or I just banking

words I trust my god I trust my gals are out there they put this thing in submission right it's just it's going to work well you know on a validation front you know I'm just we're level trust anybody right this way it is former military I don't trust them I might need to kill them it's not point time right but when I look at these providers babe lost babe off the provider one against another do a POC with your choices to make sure those are right and if you know when you're validating IMT infrastructure focus on controls it automation and bigger and definitely firmware it should be really the Nexus of everything to do you're going to move over to how you

implement this stuff it needs to be able to insecurely we already know that but you know things to think about in the implementation run is use the right platforms check the connectivity and protocols and if your business was your business model what does it look like how are you utilizing IOT are you provider or your building devices are you manufacturing what's that a good line and then also you know look at the applications that are you know in use to pull this off the ones in control and collect and analyze data you need to make sure those are tightly hit and working together and finally operations this is with you know your your fully geared up and you know one of the

interesting statistics and I ran across it kind of changes is that for IOT two-thirds of all IMT projects are not managed by IT as a flag two-thirds of all I don't see projects or not dance products and reported the health management right again the cosplay security nothing nothing more pisses me off than that right so on the operations front you know you want to investigate the benefits of AI okay this is going to expect I mean some points not if you want to see what does artificial intelligence bring us from an orchestration automation perspective other operational consideration when the you know access controls efficiency what does it drive efficiency in fact my utilization of IOT and of course you

know benchmarking and a good way to detect malfunctions right so and I wrap this bad boy up you know here's a utopia I mean you know you're in your home automation bubble everything is working together seamlessly you know what could go wrong right well we already talked about the lack of universal standards is a struggle and it's a slow process to get moving but hopefully doubtfully maybe you know go get it together a movie some solid standards behind this manufacturers of iog devices and systems the guys dr. game on dead guy didn't [ __ ] I mean it's got to happen let's go to that and I think people you know this world get in

contact if it's the technology provider this room can definitely influence that if you're looking at the growth in the scale of I'll gie need to attend written book our source if I can eyes if I can disconnect IOT devices from power source and they maintain their own power source you know that is really going to propel what is what is possible with IOT is love technology for doing that out there but I don't think that's too far off for security of privacy these are huge issues on the IOT front of who's collecting information of what's going on there and the luckily consumers are still where now they may not be well informed and they're not our security

vendors for the most part Mike you ladies and gentlemen are but you know they're wary and that's good as well so we will drive our manufacturing brethren to get to get their crap together so you know IOT as we talked about as well dude this could be weaponized that's why root beer is the weaponization of this technology and it's already been done and we're that's going to lead because we got some smart folks that are there on that side of the house you know we already talked about best practices you know that basically that makes a good offense so biology you know is really just getting k2 being started it's been conceptualized and that we actually

it's actually happening and this is what the time is to get this right the strategy the governance the architecture the implementation the operations all this stuff needs to be corrected a high og you know we could do that you know what I mean and if we do you know we'll all be resting in this better parole it looks like this right here right it's going to be beautiful but I kind of think or not or not all right you got thank you very much what do you get there two-step they go what's the one take one re party if you up down at 6:30 tonight right on