In 2017 I delivered the design for an IoT Security Heartbeat iPad Application demonstrating how existing IBM products in the IoT and Security portfolios are providing better insights and responses to security threats.
IoT Security Heartbeat Scenario
The IoT Security Heartbeat demo is designed around a business case scenario
ACME Inc is a company producing multiple product lines of IoT white goods devices to two kinds of customer.
- Unmanaged: Sell product for B2C with limited support. Firmware upgrades provided
- Managed: Sell products B2B. Monitored, managed and upgradeable over the network. Compliance level SLA.
The CISO, or CSO, is directly responsible for risk, compliance, securing and protecting the assets of the business—including employees, data, IT infrastructure and information, plants and customers B2C and B2B managed and unmanaged IoT devices
Operational Dashboard and Security KPIs
CISO views the Operational Dashboard to confirm the IoT security state
- High-level domains description:
- Overall Enterprise Security
- Connected Plant
- Customer Endpoints
- Business Alerts
- Risk Forecast
Examples of Overall Enterprise Security KPIs
- Endpoints Security Score – Fixed and Mobile devices
- Application Endpoints Security Score
- External Service Security Score
- Identity Management
- Network Connectivity
- Geographies Alert Level
- Governance Maturity Score
The Geographies Alert Level is Low based on current state of threats from IBM X Force Exchange
Scene 1 – Production plant IoT security issue
There has been a fire that caused damage to the manufacturing facility at Globex Inc. The fire centered around an exit door. Upon further investigation, it was clear that the source of the fire was an electric motor used to automate the security shutters on the door. Fortunately, nobody was harmed and the fire was contained, but the consequences could have been grave.
There are serious safety concerns in relation to risk to human life, as well as the potential negative impact to the reputation of, Globex Inc;, the manufacturing facility and the reputation of the brand for Oscorp Inc, the OEM company, supplying the faulty electric motor.
The Intelligence domain and Current News KPI becomes Amber indicating a warning on security risks with Supplier Risks Alarm on Oscorp Inc
Scene 2 – FW Version Update Status
The Intelligence domain and Suppliers Software Updates KPI becomes Amber indicating a warning that some of our devices needs to be updated (FW).
- Devices need to be updated because we have a new firmware available from the OEM
- Our current understanding of the FW update content upgrade => NOT CRITICAL
- Upgrade postpone until next standard planned maintenance
Scene 3 – High level of Attacks/Threats on our Oscorp devices
The Connected Plant domain and Incident Management / Attempts KPI exceeds its threshold and becomes Red (Alert) because we are facing massive attack tentative on Oscorp Inc devices.
The debugging code left in the device opened up a security hole allowing the possibility of remote commands to be sent to the device outside of safe operating ranges. The IP addresses had been detected in relation to unauthorized access to other critical computing resources. In some instances devices were ‘cloned’ and malicious connections were attempted from those cloned devices to skew IoT data readings.
Scene 4 – Business Impact Alert on Production
The Business Impact domain and Incident in Production Floor becomes amber because of current attacks on Oscorp. Devices may have a huge impact on our production planning.
Scene 5 Watson Alert / Prescription / Recommended Actions
Watson raises an alert with Production at Risk, Compromised security and High level Physical Safety issue.
Prescription: Upgrade as soon as possible Oscorp Inc. devices with last Firmware update
- Show how to enforce near real-time Firmware Upgrade
- Show how to “isolate” those devices
- Show how to plan countermeasures
- Start a business process/workflow
Options are provided for resolving the risk with a Security optimised route, or a Cost Optimised route.
ACME is choosing the Cost Optimisation route and schedules device FW updates based on a need scheduled update cycle. It minimises the impact win business and any demands for production downtime. By choosing this route, relevant people in the ACME organization are notified of the conditions and plan.
Scene 6 – Intelligence and Sentiments Analysis on Social Media
The Operational Dashboard provides intelligence and insights into customer satisfaction related to product security. ACME provides B2C smart products to end consumers and managed products under SLAs for B2B clients.
The Intelligence domain and News Awareness becomes amber because clients satisfaction is dropping and Sentiment Analysis in Social Media is indicating product, security or vulnerability issues. These early indicators may not yet show in corporate support channels.
Scene 7 – Business Alerts
The Business Alerts and Variation in Client Support Requests becomes amber because because the increase in client support requests on product malfunctions. This is impacting the ACME operational cost but also indicating a risk to client operations.
Scene 8 – Customer Endpoints
The Customer Endpoints and Policy Compliance Score becomes amber because the Enterprise Assets KPI is dropping. Drilling into the data source of Device Security Policies in the Watson IoT Platform we see that a significant number of devices are failing to authenticate. This suggests that there is an issue.
Scene 8 Watson Alert / Prescription / Recommended Actions
Watson issues an Alert on the condition.
To the left, notifications on Compliance, Customer, and Social Media KPIs.
To the right, prescriptions from Watson on the root cause and suggestions on further actions
This concludes the IoT Security Heartbeat demo.