IoT Security Heartbeat Design

by

“Ninety-four percent of CxOs believe it is probable their companies will experience a significant cybersecurity incident in the next two years.”
“An effective tactic to combat cybercrime is transparency and collaboration, sharing incident information internally and externally. Improve awareness and drive a more risk-aware culture across the entire organization.”
“The trust on comfort on cybersecurity strategy of their enterprise is well established is widely different.
76% of The trust on comfort on cybersecurity strategy of their enterprise is well established is widely different. 76% of the CIO’s agree – 51% of CEO’s agree .”

In 2017 I delivered the design for an IoT Security Heartbeat iPad Application demonstrating how existing IBM products in the IoT and Security portfolios are providing better insights and responses to security threats.

IoT Security Heartbeat Scenario

The IoT Security Heartbeat demo is designed around a business case scenario

Business Context

ACME Inc is a company producing multiple product lines of IoT white goods devices to two kinds of customer.

  • Unmanaged: Sell product for B2C with limited support. Firmware upgrades provided
  • Managed: Sell products B2B. Monitored, managed and upgradeable over the network. Compliance level SLA.

Personas

The CISO, or CSO, is directly responsible for risk, compliance, securing and protecting the assets of the business—including employees, data, IT infrastructure and information, plants and customers B2C and B2B managed and unmanaged IoT devices

Operational Dashboard and Security KPIs

CISO views the Operational Dashboard to confirm the IoT security state

  • High-level domains description:
  • Overall Enterprise Security
  • Connected Plant
  • Customer Endpoints
  • Business Alerts
  • Intelligence
  • Risk Forecast

IotSecurityHeartbeat01

Examples of Overall Enterprise Security KPIs

  • Endpoints Security Score – Fixed and Mobile devices
  • Application Endpoints Security Score
  • External Service Security Score
  • Identity Management
  • Network Connectivity
  • Geographies Alert Level
  • Governance Maturity Score

The Geographies Alert Level is Low based on current state of threats from IBM X Force Exchange 

Geographies Alert Level

IBM X Force Exchange

Scene 1 – Production plant IoT security issue

There has been a fire that caused damage to the manufacturing facility at Globex Inc. The fire centered around an exit door. Upon further investigation, it was clear that the source of the fire was an electric motor used to automate the security shutters on the door. Fortunately, nobody was harmed and the fire was contained, but the consequences could have been grave.

There are serious safety concerns in relation to risk to human life, as well as the potential negative impact to the reputation of, Globex Inc;, the manufacturing facility and the reputation of the brand for Oscorp Inc, the OEM company, supplying the faulty electric motor.

The Intelligence domain and Current News KPI becomes Amber indicating a warning on security risks with Supplier Risks Alarm on Oscorp Inc 

Intelligence and News Awareness

Supplier Risks Alarm on Oscorp Inc

Scene 2 – FW Version Update Status

The Intelligence domain  and Suppliers Software Updates KPI becomes Amber indicating a warning that some of our devices needs to be updated (FW).

  • Devices need to be updated because we have a new firmware available from the OEM
  • Our current understanding of the FW update content upgrade => NOT CRITICAL
  • Upgrade postpone until next standard planned maintenance

Intelligence and Pending Suppliers Software Updates

Scene 3 – High level of Attacks/Threats on our Oscorp devices

The Connected Plant domain and Incident Management / Attempts KPI exceeds its threshold and becomes Red (Alert) because we are facing massive attack tentative on Oscorp Inc devices.

The debugging code left in the device opened up a security hole allowing the possibility of remote commands to be sent to the device outside of safe operating ranges.  The IP addresses had been detected in relation to unauthorized access to other critical computing resources. In some instances devices were ‘cloned’ and malicious connections were attempted from those cloned devices to skew IoT data readings.
 
Connected Plants and Alerts in Last 24 Hours

Scene 4 – Business Impact Alert on Production

The Business Impact domain and Incident in Production Floor becomes amber because of current attacks on Oscorp. Devices may have a huge impact on our production planning.
 
Notifications

Risk Forecast and Probability of Production Floor Disruption

Scene 5 Watson Alert / Prescription / Recommended Actions

Watson raises an alert with Production at Risk, Compromised security and High level Physical Safety issue.

Watson Alert

Prescription: Upgrade as soon as possible Oscorp Inc. devices with last Firmware update

  • Show how to enforce near real-time Firmware Upgrade
  • Show how to “isolate” those devices
  • Show how to plan countermeasures
  • Start a business process/workflow

Options are provided for resolving the risk with a Security optimised route, or a Cost Optimised route.

ACME is choosing the Cost Optimisation route and schedules device FW updates based on a need scheduled update cycle. It minimises the impact win business and any demands for production downtime. By choosing this route, relevant people in the ACME organization are notified of the conditions and plan.

Watson Prescription

Scene 6 – Intelligence and Sentiments Analysis on Social Media

The Operational Dashboard provides intelligence and insights into customer satisfaction related to product security. ACME provides B2C smart products to end consumers and managed products under SLAs for B2B clients.

The Intelligence domain and News Awareness becomes amber because clients satisfaction is dropping and Sentiment Analysis in Social Media is indicating product, security or vulnerability issues. These early indicators may not yet show in corporate support channels.

Intelligence

Intelligence and Sentiments Analysis on Social Media

Scene 7 – Business Alerts

The Business Alerts and Variation in Client Support Requests becomes amber because because the increase in client support requests on product malfunctions. This is impacting the ACME operational cost but also indicating a risk to client operations.

Business Alerts and Variation in Client Support Requests

Scene 8 – Customer Endpoints
The Customer Endpoints and Policy Compliance Score becomes amber because the Enterprise Assets KPI is dropping. Drilling into the data source of Device Security Policies in the Watson IoT Platform we see that a significant number of devices are failing to authenticate. This suggests that there is an issue.

Customer Endpoints and Policy Compliance Score

Watson IoT Platform Risk and Security Policies

Watson IoT Platform Risk and Security Policies

Scene 8 Watson Alert / Prescription / Recommended Actions

Watson issues an Alert on the condition.

Watson Alert

To the left, notifications on Compliance, Customer, and Social Media KPIs.
To the right, prescriptions from Watson on the root cause and suggestions on further actions

Watson Notifications and Prescriptions

This concludes the IoT Security Heartbeat demo.

PageLines