IoT Lec4 PDF
Document Details
Uploaded by Deleted User
St. Joseph's College
Dr Nuwan Kuruwitaarachchi
Tags
Summary
This presentation details the Internet of Everything (IoE), focusing on the convergence of operational technology (OT) and information technology (IT). It covers topics like M2M, M2P, and P2P connections, and the importance of security within IoE implementations.
Full Transcript
INTERNET OF EVERYTHING (IOE) Transitioning to the IoE Dr Nuwan Kuruwitaarachchi [email protected] IT and OT Connecting the unconnected requires a convergence between an organization’s operational technology (OT) and the information technology (IT)...
INTERNET OF EVERYTHING (IOE) Transitioning to the IoE Dr Nuwan Kuruwitaarachchi [email protected] IT and OT Connecting the unconnected requires a convergence between an organization’s operational technology (OT) and the information technology (IT) systems those organizations have in place. Operational Technology ¨ Organization’s industrial control and automation infrastructure. ¨ This includes the hardware (such as sensors and end devices) and the software that is used to control and monitor the manufacturing equipment and processes. ¨ Most communication in OT is accomplished between machines. Information Technology IT systems refer to the network infrastructure, telecommunications, and software applications that are used to process information and allow the exchange of that information between humans. Converging organization’s OT and IT ¨ Simplify the Infrastructure (Simple) ¤ Seamlessly converge IT and OT infrastructure to reduce operational costs and increase process efficiencies. ¨ Create Intelligence and Agility (Smart) ¤ Use analytics from technologies like application-centric, so applications can run at peak performance and gain information from the infrastructure for new services. ¨ Deliver End-to-End Security (Secure) ¤ The converged infrastructure defends against attacks and responds to threats intelligently and dynamically. M2M Connections ¨ Products with built-in M2M communication capabilities are often marketed as being “smart products.” ¨ Currently, M2M does not have a standardized connected device platform. ¨ These devices communicate using proprietary protocols that are device- or task-specific, and are unable to communicate across other platforms. M2P connections ¨ M2P connections mean that people can send information to technical systems and receive information from these systems. ¨ M2P, M2M and P2P connections are transactional, which means the flow of information moves in both directions, from machines to people and from people to machines P2P Connections ¨ P2P connections are characterized by collaborative solutions that leverage new and existing network infrastructure, devices, and applications. ¨ P2P applications provide services for managing meeting room reservations and resources ¨ P2P applications also support online collaboration through web and video conferencing M2M, M2P, P2P Interaction ¨ provides organizations and individuals with actionable insights and seamless automation. ¨ As IT and OT converge, all aspects of the supply chain are connected ¨ Companies gain immediate visibility into every aspect of the product cycle, from initial consumer interest to post-purchase feedback: ¤ Consumer interest informed by checkout process, carts and shelves, post-purchase feedback ¤ Inventory informed by loading docks, stock shelves, and warehouses ¤ Logistics informed by trucks and trains ¤ Production informed by factory floors and machines Preparing for transition to the IoE ¨ Understanding existing business processes ¨ Understanding existing IT and OT networks ¨ Business goals and opportunities ¨ Determine Technical requirements Understanding existing business processes ¨ Business managers must identify: ¤ Who their suppliers and customers are ¤ What customer needs are ¤ What the schedule and process steps are for creating and delivering an offering Understanding existing IT and OT networks ¨ Business managers must understand: ¤ How the IT network users interact with the network resources and services and gather information about all internal and external access to the existing network infrastructure. ¤ Identifying the existing network and infrastructure components, and capabilities, including support for traffic requirements, data storage, and security needs. ¤ how current networks of OT systems operate. n how the M2M connections currently take place, the information that is generated from these connections n how this information is integrated into the current business processes. ¤ They must also identify any connectivity requirements, such as the use of proprietary protocols. Business goals and opportunities ¨ Profitability - Determine cost and return on investment of implementing the IoE project as a result of efficiencies and improvements. ¨ Business growth and market share - Identify growth opportunities and competitive advantages due to the IoE implementation as a result of new insights. ¨ Customer satisfaction - Determine the impact to customer experience and loyalty as a result of improved responsiveness to customer needs. Determine technical requirements Potential Constraints The IoE architectural approach ¨ Three functional layers: ¤ Application layer ¤ Platform Layer ¤ Infrastructure layer ¨ This architectural approach reflects the service models of the Cloud Computing model, taking advantage of Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Application layer ¨ This layer provides automated, dynamic, application-centric responses to changing traffic and usage demands. ¨ The application layer includes the intelligence needed to improve user experiences. ¨ It allows for the integration of traditional IT apps, and the use of collaboration applications and industry-specific applications Platform layer ¨ This refers to solutions that provide orchestration, management, and policy adjustments based on changing demands, to accelerate service delivery. ¨ It allows applications and users to receive the resources they need, when they need them, without manual or complicated IT tasks and configuration changes. ¨ The platform layer creates business agility by implementing new services and new analytical applications that can handle Big Data needs. Infrastructure layer ¨ This layer integrates power, security, core networks, access architectures, and storage with physical and virtual resources ¨ It includes the right mix of hardware and software across enterprise, Cloud, and service provider networks ¨ It converges all connections, both OT and IT, into IP and accounts for Cloud computing and mobile connectivity. Adjusting technologies ¨ Standard infrastructure ¨ Responsive Software ¨ Holistic Security Standard infrastructure ¨ This refers to establishing and implementing standardized protocols and coordinating services in an end-to-end IP environment. ¨ This helps reduce, or eliminate, the costs associated with legacy systems. ¨ It also creates seamless integration across autonomous departments, which allows for increased collaboration, rapid delivery of information, and end-to-end management and security. Responsive Software ¨ This requires, through technologies like application- centric approach, enabling the infrastructure to automatically and rapidly detect, and adapt to, traffic demands and flows. ¨ This allows the infrastructure to react to changing conditions and potential issues, without compromising security or availability. ¨ A large part of an application-centric approach is establishing what information is virtualized, what moves into the Cloud, and what stays within the Fog. Holistic Security ¨ This refers to securing a network infrastructure from end-to-end. ¨ It includes enabling technologies that can monitor network operations and automatically detect and mitigate threats. ¨ It simultaneously ensures confidentiality, integrity, and availability of any information that is transmitted across the network. IoE examples ¨ IoE in retail and manufacturing ¤ Costumer experience ¤ Innovation ¤ Employee productivity ¤ Asset utilization ¤ Supply chain IoE examples (cont.) ¨ IoE in the Public Sector ¤ Increase revenue ¤ Reduced costs ¤ Employee productivity ¤ Citizen experience ¤ defense IoE examples (cont.) ¨ IoE for Service providers ¤ Enterprise optimization ¤ Services differentiation ¤ Growth opportunities Proprietary Ecosystems ¨ OT networks and systems are often implemented using proprietary protocols that may be insecure. ¨ These protocols do not interoperate well with the protocols of an IP network, which are typically more secure. interoperability Technological Growth ¨ There are three primary principles, referred to as laws that organizations and experts can use to help them plan for technological needs: ¤ Moore’s Law ¤ Metcalfe’s Law ¤ Reed’s Law Moore’s Law ¨ This law was proposed by Gordon E. Moore, co- founder of Intel, in 1965. It states that the number of transistors on integrated circuits tend to double every two years, which increases processing capacity. Moore’s Law (cont.) Metcalfe’s Law ¨ This law is attributed to Robert Metcalfe. ¨ It states that the value of a given network is proportional to the square of the number of users connected to it. ¨ Metcalfe's Law relates to the number of unique connections in a network of (n) nodes, mathematically expressed as n(n−1)/2. The value described by this law is therefore proportional to n^2. Metcalfe’s Law(cont.) Reed’s Law ¨ This law was proposed by David Reed. It states that the value of the network grows exponentially if you add up all the potential two-person groups, three- person groups, etcetera, that members could form. This is represented as 2^n and is best seen with social media networks. Reed’s Law (cont.) Security ¨ The larger and more integrated the IoE solution, the more decentralized the network becomes. ¨ This allows for a greater number of access points into the network, which introduces a greater number of vulnerabilities. ¨ A significant number of the devices communicating across the IoE will be transmitting data from insecure locations, but those transmissions must be secure. Adoptable and real-time security ¨ Prepare to handle security as you grow by deploying adaptable and real-time security. As business evolves, adjust security levels to minimize risk. Secure and dynamic connections ¨ Ensure that the right level of security is in place for all connections all the time. ¨ Advanced security measures and protocols help achieve regulatory and privacy compliance. ¨ All valuable assets including intellectual property, data, employees, and buildings are protected. Protecting customer & brand trust ¨ Reduce the impact and cost of security breaches with a seamless security strategy. ¨ Security breaches erode customer confidence and brand integrity. ¨ The security strategy must detect, confirm, mitigate, and remediate threats across the entire organization. Pervasive ¨ Within the IoE, security must be pervasive. The approach to security must be: ¤ Consistent, automated, and extend to secured boundaries across organizations ¤ Dynamic, to better recognize security threats through real- time predictive analytics ¤ Intelligent, providing visibility across all connections, and elements of the infrastructure ¤ Scalable, to meet the needs of a growing organization ¤ Agile, able to react in real-time ¤ Comprehensive, end-to-end solution Security Architecture ¨ Securing IoE networks cannot be about securing just the individual devices. Rather, it is about implementing an end-to-end security solution ¤ Access Control ¤ Context-aware policies ¤ Context-aware Inspection and enforcement ¤ Network and global intelligence Access control ¨ Access control provides policy-based access for any user or device seeking access to the distributed network. ¨ Users are authenticated and authorized. ¨ End devices are also analyzed to determine if they meet the security policy. ¨ Non-authenticating devices, such as printers, video cameras, sensors, and controllers are also automatically identified and inventoried. Context-award policies ¨ Context-aware policies use a simplified descriptive business language to define security policies based on the full context of the situation: who is sending, what information, when, where and how. ¨ These security policies closely align with business policies and are simpler to administer across an organization. ¨ They help businesses provide more effective security and meet compliance objectives with greater operational efficiency and control. Context-award inspection and enforcement ¨ Context-aware inspection and security enforcement use network and global intelligence to make enforcement decisions across the network. ¨ Flexible deployment options, such as integrated security services, standalone appliances, or Cloud- based security services bring protections closer to the user. Network and global intelligence ¨ Network and global intelligence uses the correlation of global data to ensure that the network is aware of environments that have a reputation for malicious activity. ¨ It provides deep insights into network activity and threats for fast and accurate protection, and policy enforcement. Cisco Security Architecture Security Devices ¨ Firewalls - A firewall creates a barrier between two networks. The firewall analyzes network traffic to determine if that traffic should be allowed to travel between the two networks based upon a set of rules that have been programmed into it. ¨ Intrusion Prevention Systems (IPS) - The IPS monitors the activities on a network and determines if it is malicious. An IPS will attempt to prevent the attack by dropping traffic from the offending device or resetting a connection. Wireless Security ¨ The difficulties in keeping a wired network secure are amplified with a wireless network. ¨ A wireless network is open to anyone within range of an access point and the appropriate credentials to associate to it. ¨ Wireless security is often implemented at the access point, or the point where the wireless connection enters into the network. ¨ Basic wireless security includes: ¤ Setting strong authentication protocols with strong passwords ¤ Configuring administrative security ¤ Enabling encryption ¤ Changing all default settings ¤ Keeping firmware up-to-date Wireless Security (Cont) ¨ However, even with these configuration settings, with a wireless-capable device and knowledge of hacking techniques, an attacker can gain access to an organization’s or an individual’s network. ¨ Additionally, many new wireless-enabled devices that connect to the IoE do not support wireless security functionality. ¨ For this reason, traffic from smart wireless and mobile devices, and traffic from sensors and embedded objects, must pass through the security devices and context-aware applications of the network. Security and people ¨ Some people have malicious intent, while others make mistakes or follow unsecure practices, putting equipment and data at risk ¨ To protect assets, rules and regulations must be put in place to define how users should act, what actions are right or wrong, what they are allowed to do, and how they access systems and data. Security Policy ¨ A security policy defines all of the rules, regulations, and procedures that must be followed to keep an organization, its people, and systems secure. ¨ A security policy can be divided into many different areas to address specific types of risk. ¨ The most important part of a security policy is user education. ¨ The people governed by the security policy must not just be aware of this policy; they must understand and follow it to ensure the safety of people, data, and things. Personal data and IoE ¨ Organizations can collect all sorts of personal data; however, there is a legal and ethical struggle between access and privacy. ¨ Blocks of data are enhanced with metadata that includes information about where the data was created, who created it, and where it is going. In this way, data becomes property that can be exchanged. ¨ This change will allow personal information to be audited to enforce policies and laws when issues arise. Categories of personal data ¨ Volunteered data ¤ Volunteered data is created and explicitly shared by individuals, such as social network profiles. ¨ Observed data ¤ Observed data is captured by recording the actions of individuals, such as location data when using cell phones. ¨ Inferred data ¤ Inferred data, such as a credit score, is based on analysis of volunteered or observed data. Any Questions?