Weitere Kapitel dieses Buchs durch Wischen aufrufen
IoT has dramatically enlarged the playing field with devices and data. While this brings many benefits, it also creates significant exposure to security and privacy vulnerabilities. IoT amplifies the access points for data and control, which in turn amplifies the intrusion points [1–3]. While we continue to build defenses in devices and networks, we also have to deal with a huge population of legacy devices, applications, and networks where inbuilt protection was limited [4, 5]. The threats are becoming more persistent and the impact more profound, sometimes debilitating to businesses. The threats are equally high for consumer IoT businesses as well as industrial IoT businesses. History is riddled with many examples of security breaches with significant impact. The discovery of Stuxnet  in 2010, a small 500 kb worm that infected the software for 14 Iranian nuclear power plants brought a lot of focus to this subject. However, there are examples from before. The Slammer worm disabled the Davis-Besse nuclear power plant in 2003. We continue to hear stories about credit card and another personal information breach all the time. A 2014 SANS survey reported 7% more respondents indicate a breach of their environments .
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
Dave Shackleford, “A SANS survey”, October 2014.
Erika McCallister, Tim Grance and Karen Scarfone, National Institute of Standards and Technology (NIST), “SP 800-122 - Guide to Protecting the Confidentiality of Personally Identifiable Information (PII),” December 1990 – present.
International Society for Automation, “SA/IEC 62443 - Standards to Secure Your Industrial Control System.”
ISASecure, IEC 62443 Conformance Certification, http://www.isasecure.org/en-US/, 2017.
Mark Clayton, “Stuxnet malware is ‘weapon’ out to destroy... Iran's Bushehr nuclear plant?,” 21 September 2010.
Information Security Forum, Standard of Good Practice, “Security management system's usability key to easy adoption,” sourcesecurity.com, Retrieved 22 August 2013.
Mike Magee, John Lettice and Ross Alderson, “The Register,” 1994.
National Institute of Standards and Technology (NIST), “Framework for Improving Critical Infrastructure Cybersecurity,” https://www.nist.gov/sites/default/files/documents/cyberframe work/cybersecurity-framework-021214.pdf, Version 1.0, 12 February 2014.
The Stanford Consortium and US National Security Agency, “Research on Information Security and Policy,” 1998.
UK Government’s Department of Trade and Industry, BS 7799, “Information Security Management Systems - Specification with guidance for use,” part 2, 1999.
The International Organization for Standardization and The International Electrotechnical Commission, “ISO/IEC 27001:2013 - Information technology - Security techniques - Information security management systems – Requirements,” September 2013.
The International Organization for standardization, “ISO 15408–3.1:2008 - Information technology — Security techniques — Evaluation criteria for IT security - Part 3: Security assurance components,” 2008.
North American Electrical Reliability Corporation, “CIP 002–009”
Craig Gentry, “Fully homomorphic encryption using ideal lattices,” 2009.
European Telecommunication Standards Institute, “TC CYBER,” 2014.
National Institute of Standards and Technology (NIST), “Advanced Encryption Standard (AES),” 2001.
Ron Rivest, Adi Shamir, and Leonard Adleman, “RSA encryption algorithm,” 1977.
Partial homomorphic encryption, https://en.wikipedia.org/wiki/Homomorphic_encryption# Partially_homomorphic_cryptosystems.
John Leyden, “PC virus celebrates 20th birthday,” 19 January 2006. Avoine, Gildas; Pascal Junod; Philippe Oechslin, “Computer system security: basic concepts and solved exercises. EFPL Press. p. 20. ISBN 978-1-4200-4620-5,” 2007.
Nathaniel Popper, “Decoding the Enigma of Satoshi Nakamoto and the Birth of Bitcoin,” 15 May 2015.
IBM X-Force Ethical Hacking team, http://www-03.ibm.com/security/xforce/
- Dealing with Security, Privacy, Access Control, and Compliance
Sudhi R. Sinha
- Chapter 10
Neuer Inhalt/© ITandMEDIA