C4 Managing Cybersecurity and Privacy Risks in IoT
Date & Time
Monday, June 22, 2020, 2:45 PM - 3:35 PM

The Internet of Things (IoT) is rapidly extending on a global scale via applications that reach throughout industry and society, often directly impacting systems and architectures relied upon by the public every day. The cyber risk profile of IoT is therefore vast, complex, and diverse, presenting a broad range of potential consequences from general disruptions, system misuse, and public safety concerns. Organizations deploying IoT technologies are confronted with the substantial task of ensuring the confidentiality, integrity, and availability of systems and information across entities with considerable variance in size and scale. Evolutions in technical computing architectures, including various types of networks, servers, and clients, coalesce in systems that provide critical services to businesses, governments, communities, and individuals. Enterprise and societal reliance on IoT-based systems creates a strong requirement for trustworthy, robust, and resilient deployments. The deployment of large numbers of devices in IoT architectures results in a substantial attack surface for technical adversaries, with each technical component presenting opportunities for attackers while often containing minimal configuration and monitoring options for system owners. The environment of high demand, high risk, and often minimal security features presents substantial cybersecurity risk management challenges.

This session will illustrate approaches to understanding, assessing, and managing the cybersecurity risks associated with IoT deployments by adapting established cyber risk management principles and standards to the IoT context. Additionally, we will cover unique characteristics and elements that can make IoT environments uniquely vexing. Widescale deployments of IoT architectures are continuing at a rapid pace, underscoring the need for swift adaptation of cyber risk management approaches to this emerging area.

  • Technical and configuration characteristics of IoT technologies that can result in system vulnerabilities
  • Considerations in architecture design for integrated IoT systems and networks
  • Technical complexities in managing updates and modifications in IoT architectures
  • Unique risks presented by third party service providers in IoT systems
  • Operational management considerations including continuous monitoring, problem management, and incident response

Technical Level: Medium

Session Type
Main Conference Session