The Security Challenge: Most of the devices in the Internet of Things will be used in two broad areas:
1. Critical Infrastructure - power production/generation/distribution, manufacturing, transportation, etc.
2. Personal "infrastructure" - personal medical devices, automobiles, home entertainment and device control, retail
Critical infrastructure represents an attractive target for national and industrial espionage, denial of service and other disruptive attacks. Internet connected things that touch very sensitive personal information are high priority targets for cyber criminals, identity theft and fraud. In both of these areas, new technology requiring new approaches to security will be added to legacy systems employing legacy security processes and technology. While the same Critical Security Controls will be needed in the Internet of Things, the way security is architected, delivered and monitored will need to change.
The Call to Action: The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and applications, more scalable approaches to continuous monitoring and threat mitigation and new ways of detecting and blocking active threats are evolving and can be tremendously effective. SANS is looking to bring together community talent and ideas to develop new solutions, demonstrate security technology that already works and to provide a force multiplier to making the Internet of Things be more secure than the first phases of Internet evolution.
2500 Mason Street, 94133