The Internet of Things (IoT) is rapidly extending on a global scale via applications that reach throughout industry and society, often directly impacting systems and architectures relied upon by the public every day. The cyber risk profile of IoT is therefore vast, complex, and diverse, presenting a broad range of potential consequences from general disruptions, system misuse, and public safety concerns. Organizations deploying IoT technologies are confronted with the substantial task of ensuring the confidentiality, integrity, and availability of systems and information across entities with considerable variance in size and scale. Evolutions in technical computing architectures, including various types of networks, servers, and clients, coalesce in systems that provide critical services to businesses, governments, communities, and individuals. Enterprise and societal reliance on IoT-based systems creates a strong requirement for trustworthy, robust, and resilient deployments. The deployment of large numbers of devices in IoT architectures results in a substantial attack surface for technical adversaries, with each technical component presenting opportunities for attackers while often containing minimal configuration and monitoring options for system owners. The environment of high demand, high risk, and often minimal security features presents substantial cybersecurity risk management challenges.
This session will illustrate approaches to understanding, assessing, and managing the cybersecurity risks associated with IoT deployments by adapting established cyber risk management principles and standards to the IoT context. Additionally, we will cover unique characteristics and elements that can make IoT environments uniquely vexing. Widescale deployments of IoT architectures are continuing at a rapid pace, underscoring the need for swift adaptation of cyber risk management approaches to this emerging area.
Technical Level: Medium